Ken... if you will reply to this new thread listing again the files you want me to dwnld., I'll run and post the logs.
Thx. Curt
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Help... My Dell Computer is Infected! [Solved]
Started by
Bally
, Aug 08 2014 12:50 PM
-
This topic is locked
57 replies to this topic
Register to Remove
#2
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 08 August 2014 - 02:47 PM
Go ahead Curt
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#3
Bally
-
- Authentic Member
-
- 56 posts
Authentic Member
Posted 08 August 2014 - 04:07 PM
Ken... Here are the logs from the two programs you asked I dwnld. from the other thread (closed), i.e., aswMBR & FRST + Addition;
aswMBR
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-08 23:09:48
-----------------------------
23:09:48.687 OS Version: Windows 5.1.2600 Service Pack 3
23:09:48.687 Number of processors: 1 586 0x401
23:09:48.718 ComputerName: MJABROAD UserName: MARY
23:09:53.640 Initialize success
23:09:54.125 VM: initialized successfully
23:09:54.296 VM: Intel CPU virtualization not supported
23:46:40.906 AVAST engine defs: 14080801
23:47:46.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:47:46.640 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
23:47:46.859 Disk 0 MBR read successfully
23:47:46.859 Disk 0 MBR scan
23:47:48.968 Disk 0 Windows XP default MBR code
23:47:49.000 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:47:52.140 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73171 MB offset 80325
23:47:52.203 Disk 0 default boot code
23:47:53.296 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 149934645
23:47:53.656 Disk 0 scanning sectors +156232125
23:47:54.406 Disk 0 scanning C:\WINDOWS\system32\drivers
23:50:54.531 File: C:\WINDOWS\system32\drivers\volsnap.sys **INFECTED** Win32:Alureon-PS
23:50:58.765 Scan finished successfully
23:51:26.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MARY.MJABROAD\Desktop\MBR.dat"
23:51:26.609 The log file has been saved successfully to "C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.txt"
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:8-08-2014
Ran by MARY (administrator) on MJABROAD on 08-08-2014 23:53:57
Running from C:\Documents and Settings\MARY.MJABROAD\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\loggingserver.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-746137067-2146843231-725345543-500\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-746137067-2146843231-725345543-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-746137067-2146843231-725345543-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-03-08] (Google Inc.)
IFEO\dlbcserv.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\fixitcenter.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\photoshop album starter edition.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Internet Explorer.lnk
ShortcutTarget: Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\dlbcserv.lnk
ShortcutTarget: dlbcserv.lnk -> C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\dlbcserv.lnk
ShortcutTarget: dlbcserv.lnk -> C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6AFDFF64-BDD0-4394-B7BF-0EE3822E91F6}&mid=950fddbc12eb47d2bd48d15a668f715c-07ebd5bbc5ce97c161dcff7c16f8330584c5af18&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-08 17:40:07&v=18.1.8.643&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.8.643\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.8.643\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowso...nSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.micr...ActiveX/odc.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by107fd.bay10...es/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.8\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.8\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-31]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-24]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06]
CHR Extension: (YouTube) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-06]
CHR Extension: (Google Search) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-06]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-06]
CHR Extension: (Google Wallet) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-06]
CHR Extension: (Gmail) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-24] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.8; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe [1813528 2014-08-08] (AVG Secure Search)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-08] (AVG Technologies)
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-22] (Adaptec, Inc.) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
R2 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U1 WS2IFSL;
S3 ZSMC301b; System32\Drivers\usbVM31b.sys [X]
U3 aswMBR; \??\C:\DOCUME~1\MARY~1.MJA\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\MARY~1.MJA\LOCALS~1\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-08 23:53 - 2014-08-08 23:54 - 00035038 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.txt
2014-08-08 23:53 - 2014-08-08 23:54 - 00000000 ____D () C:\FRST
2014-08-08 23:51 - 2014-08-08 23:51 - 00001582 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.txt
2014-08-08 23:51 - 2014-08-08 23:51 - 00000512 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\MBR.dat
2014-08-08 23:17 - 2014-08-08 23:19 - 01084928 _____ (Farbar) C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.exe
2014-08-08 23:07 - 2014-08-08 23:08 - 05185536 _____ (AVAST Software) C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.exe
2014-08-08 20:51 - 2014-08-08 20:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Desktop\MALWARE TOOLS
2014-08-08 18:49 - 2014-08-08 18:49 - 00625664 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\dds.scr
2014-08-08 18:48 - 2014-08-08 18:48 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\MARY.MJABROAD\Desktop\HiJackThis.exe
2014-08-08 18:46 - 2014-08-08 18:47 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\MARY.MJABROAD\Desktop\OTL.exe
2014-08-08 17:41 - 2014-08-08 21:40 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG Secure Search
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG Secure Search
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:39 - 2014-08-08 17:37 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-08-08 17:38 - 2014-08-08 17:40 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 14:35 - 2014-08-08 14:45 - 00001370 _____ () C:\WINDOWS\setupapi.log
2014-08-08 14:11 - 2014-08-08 14:11 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AVG
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG
2014-08-06 07:01 - 2014-08-06 07:01 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\MFAData
2014-08-06 06:59 - 2014-08-06 07:00 - 04424240 _____ (AVG Technologies) C:\Documents and Settings\MARY.MJABROAD\Desktop\avg_isct_stb_all_2014_4116_cm5.exe
2014-08-06 06:51 - 2014-08-06 06:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google
2014-08-06 06:02 - 2014-08-06 06:02 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\TuneUp Software
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG
2014-08-06 05:20 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Accessories
2014-08-06 05:20 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\Adobe
2014-08-06 05:16 - 2014-08-06 05:16 - 00000000 __SHD () C:\Documents and Settings\MARY.MJABROAD\PrivacIE
2014-08-06 05:15 - 2014-08-06 05:15 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG2014
2014-08-06 05:14 - 2014-08-06 14:13 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Avg2014
2014-08-06 05:14 - 2014-08-06 05:14 - 00000803 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 05:14 - 2014-08-06 05:14 - 00000738 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Outlook Express.lnk
2014-08-06 05:13 - 2014-08-08 23:55 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Temp
2014-08-06 05:13 - 2014-08-08 12:55 - 00000178 ___SH () C:\Documents and Settings\MARY.MJABROAD\ntuser.ini
2014-08-06 05:13 - 2014-08-08 12:55 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD
2014-08-06 05:13 - 2014-08-06 05:14 - 00000788 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 05:13 - 2013-10-10 21:25 - 00000000 __SHD () C:\Documents and Settings\MARY.MJABROAD\IETldCache
2014-08-06 05:13 - 2013-03-09 00:51 - 00001599 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Remote Assistance.lnk
2014-08-06 02:46 - 2014-08-06 02:46 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Macromedia
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\AVG
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 __SHD () C:\Documents and Settings\Mary's Computer\PrivacIE
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Adobe
2014-08-06 01:31 - 2014-08-06 01:31 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\TuneUp Software
2014-08-06 01:23 - 2014-08-06 01:23 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\MFAData
2014-08-06 01:19 - 2014-08-06 01:19 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Google
2014-08-06 01:18 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Temp
2014-08-06 01:18 - 2014-08-06 05:13 - 00000178 ___SH () C:\Documents and Settings\Mary's Computer\ntuser.ini
2014-08-06 01:18 - 2014-08-06 05:13 - 00000000 ____D () C:\Documents and Settings\Mary's Computer
2014-08-06 01:18 - 2014-08-06 01:58 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Avg2014
2014-08-06 01:18 - 2014-08-06 01:18 - 00000803 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000788 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000738 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Outlook Express.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Accessories
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG2014
2014-08-06 01:18 - 2013-10-10 21:25 - 00000000 __SHD () C:\Documents and Settings\Mary's Computer\IETldCache
2014-08-06 01:18 - 2013-03-09 00:51 - 00001599 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Remote Assistance.lnk
2014-08-05 22:59 - 2014-08-08 12:56 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 1-Click Maintenance.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001739 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:58 - 2014-07-14 12:26 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG
2014-08-05 22:52 - 2014-08-05 22:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-08-05 22:28 - 2014-08-05 23:33 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 22:28 - 2014-08-05 23:33 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 22:24 - 2014-08-05 22:59 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:24 - 2014-08-05 22:59 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:10 - 2014-08-05 22:10 - 00810198 _____ () C:\Documents and Settings\Administrator\Desktop\AVGInstLog.cab
2014-08-05 22:05 - 2014-08-06 07:13 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-05 22:05 - 2014-08-06 07:13 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-05 22:05 - 2014-08-05 22:05 - 00000702 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2014.lnk
2014-08-05 22:05 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-08-05 22:03 - 2014-08-05 22:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:03 - 2014-08-05 22:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:03 - 2014-08-05 22:03 - 00000000 ___HD () C:\$AVG
2014-08-05 22:01 - 2014-08-05 22:54 - 00000000 ____D () C:\Program Files\AVG
2014-08-05 21:39 - 2014-08-05 22:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-08-05 21:39 - 2014-08-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2014-07-27 13:26 - 2014-07-27 13:26 - 00000000 ____D () C:\WINDOWS\LastGood(3)
2014-07-27 01:41 - 2014-07-27 01:45 - 00002048 _____ () C:\Documents and Settings\Administrator\My Documents\Backup.bkf
2014-07-19 16:07 - 2014-07-19 16:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-18 22:21 - 2014-07-18 22:21 - 00276848 _____ () C:\Documents and Settings\Administrator\Desktop\download.htm
2014-07-16 23:53 - 2014-07-16 23:51 - 00287423 _____ () C:\Documents and Settings\Administrator\Desktop\grandpa and his boys.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-08 23:55 - 2014-08-06 05:13 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Temp
2014-08-08 23:54 - 2014-08-08 23:53 - 00035038 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.txt
2014-08-08 23:54 - 2014-08-08 23:53 - 00000000 ____D () C:\FRST
2014-08-08 23:51 - 2014-08-08 23:51 - 00001582 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.txt
2014-08-08 23:51 - 2014-08-08 23:51 - 00000512 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\MBR.dat
2014-08-08 23:51 - 2009-08-12 16:39 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D0F0C55-E4E8-48A5-8365-85495DCEA754}.job
2014-08-08 23:34 - 2013-03-08 19:24 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500UA.job
2014-08-08 23:19 - 2014-08-08 23:17 - 01084928 _____ (Farbar) C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.exe
2014-08-08 23:08 - 2014-08-08 23:07 - 05185536 _____ (AVAST Software) C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.exe
2014-08-08 22:56 - 2012-04-07 17:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-08 21:58 - 2011-03-26 14:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
2014-08-08 21:58 - 2011-03-26 14:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
2014-08-08 21:40 - 2014-08-08 17:41 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG Secure Search
2014-08-08 21:22 - 2013-08-14 07:55 - 04865159 _____ () C:\WINDOWS\KB2859537.log
2014-08-08 21:22 - 2013-03-11 03:00 - 07114519 _____ () C:\WINDOWS\KB2676562.log
2014-08-08 21:22 - 2005-10-04 23:38 - 01806666 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-08 20:51 - 2014-08-08 20:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Desktop\MALWARE TOOLS
2014-08-08 20:46 - 2013-03-10 21:46 - 00000580 ____H () C:\WINDOWS\Tasks\DataUpload.job
2014-08-08 18:49 - 2014-08-08 18:49 - 00625664 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\dds.scr
2014-08-08 18:48 - 2014-08-08 18:48 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\MARY.MJABROAD\Desktop\HiJackThis.exe
2014-08-08 18:47 - 2014-08-08 18:46 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\MARY.MJABROAD\Desktop\OTL.exe
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG Secure Search
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:40 - 2014-08-08 17:38 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 17:37 - 2014-08-08 17:39 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-08-08 17:34 - 2013-03-08 19:24 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500Core.job
2014-08-08 15:00 - 2014-03-27 18:23 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 14:45 - 2014-08-08 14:35 - 00001370 _____ () C:\WINDOWS\setupapi.log
2014-08-08 14:45 - 2013-03-11 04:10 - 00000343 _____ () C:\WINDOWS\setuperr.log
2014-08-08 14:45 - 2005-10-04 23:35 - 00000000 ____D () C:\Program Files\Messenger
2014-08-08 14:45 - 2005-10-04 16:28 - 02749445 ____C () C:\WINDOWS\FaxSetup.log
2014-08-08 14:45 - 2005-10-04 16:28 - 01343443 ____C () C:\WINDOWS\ocgen.log
2014-08-08 14:45 - 2005-10-04 16:28 - 01266495 ____C () C:\WINDOWS\tsoc.log
2014-08-08 14:45 - 2005-10-04 16:28 - 01119060 ____C () C:\WINDOWS\iis6.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00932972 _____ () C:\WINDOWS\comsetup.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00570300 ____C () C:\WINDOWS\ntdtcsetup.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00190790 ____C () C:\WINDOWS\MedCtrOC.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00152813 ____C () C:\WINDOWS\ocmsn.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00138290 ____C () C:\WINDOWS\tabletoc.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00138288 ____C () C:\WINDOWS\msgsocm.log
2014-08-08 14:45 - 2005-10-04 16:28 - 00004635 _____ () C:\WINDOWS\imsins.log
2014-08-08 14:45 - 2005-10-04 16:26 - 00178287 _____ () C:\WINDOWS\setupact.log
2014-08-08 14:44 - 2005-10-04 16:28 - 00861210 ____C () C:\WINDOWS\msmqinst.log
2014-08-08 14:44 - 2005-10-04 16:28 - 00482218 ____C () C:\WINDOWS\netfxocm.log
2014-08-08 14:11 - 2014-08-08 14:11 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AVG
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG
2014-08-08 14:05 - 2014-03-27 18:23 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-08 14:05 - 2013-03-10 21:46 - 00000616 ____H () C:\WINDOWS\Tasks\ConfigExec.job
2014-08-08 14:05 - 2005-10-04 23:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 14:05 - 2005-10-04 16:30 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-08-08 14:05 - 2005-10-04 16:30 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2014-08-08 12:56 - 2014-08-05 22:59 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-08-08 12:56 - 2005-10-04 23:57 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-08 12:55 - 2014-08-06 05:13 - 00000178 ___SH () C:\Documents and Settings\MARY.MJABROAD\ntuser.ini
2014-08-08 12:55 - 2014-08-06 05:13 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD
2014-08-08 12:38 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-06 14:13 - 2014-08-06 05:14 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Avg2014
2014-08-06 07:13 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-06 07:13 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-06 07:12 - 2005-10-04 16:27 - 01027237 _____ () C:\WINDOWS\setupapi.log.0.old
2014-08-06 07:01 - 2014-08-06 07:01 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\MFAData
2014-08-06 07:00 - 2014-08-06 06:59 - 04424240 _____ (AVG Technologies) C:\Documents and Settings\MARY.MJABROAD\Desktop\avg_isct_stb_all_2014_4116_cm5.exe
2014-08-06 06:51 - 2014-08-06 06:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google
2014-08-06 06:02 - 2014-08-06 06:02 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\TuneUp Software
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG
2014-08-06 05:20 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Accessories
2014-08-06 05:20 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\Adobe
2014-08-06 05:20 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Temp
2014-08-06 05:16 - 2014-08-06 05:16 - 00000000 __SHD () C:\Documents and Settings\MARY.MJABROAD\PrivacIE
2014-08-06 05:15 - 2014-08-06 05:15 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG2014
2014-08-06 05:14 - 2014-08-06 05:14 - 00000803 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 05:14 - 2014-08-06 05:14 - 00000738 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Outlook Express.lnk
2014-08-06 05:14 - 2014-08-06 05:13 - 00000788 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 05:14 - 2005-10-04 23:35 - 00029918 ____C () C:\WINDOWS\wmsetup.log
2014-08-06 05:13 - 2014-08-06 01:18 - 00000178 ___SH () C:\Documents and Settings\Mary's Computer\ntuser.ini
2014-08-06 05:13 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer
2014-08-06 05:02 - 2010-08-29 14:01 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-06 03:04 - 2005-10-04 23:57 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2014-08-06 03:03 - 2005-09-27 16:05 - 00000000 ____D () C:\Documents and Settings\Mary Butler\Skrivbord
2014-08-06 02:46 - 2014-08-06 02:46 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Macromedia
2014-08-06 01:58 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Avg2014
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\AVG
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 __SHD () C:\Documents and Settings\Mary's Computer\PrivacIE
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Adobe
2014-08-06 01:31 - 2014-08-06 01:31 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\TuneUp Software
2014-08-06 01:23 - 2014-08-06 01:23 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\MFAData
2014-08-06 01:19 - 2014-08-06 01:19 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Google
2014-08-06 01:18 - 2014-08-06 01:18 - 00000803 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000788 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000738 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Outlook Express.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Accessories
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG2014
2014-08-06 01:04 - 2011-07-25 14:16 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-08-05 23:49 - 2005-10-04 23:58 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-05 23:49 - 2005-10-04 23:58 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-05 23:48 - 2005-10-04 23:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-05 23:33 - 2014-08-05 22:28 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:33 - 2014-08-05 22:28 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Second Life
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Second Life
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\American Airlines TravelDesk
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\American Airlines TravelDesk
2014-08-05 22:59 - 2014-08-05 22:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:59 - 2014-08-05 22:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 1-Click Maintenance.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001739 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG
2014-08-05 22:54 - 2014-08-05 22:01 - 00000000 ____D () C:\Program Files\AVG
2014-08-05 22:52 - 2014-08-05 22:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-08-05 22:12 - 2014-08-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-08-05 22:10 - 2014-08-05 22:10 - 00810198 _____ () C:\Documents and Settings\Administrator\Desktop\AVGInstLog.cab
2014-08-05 22:07 - 2014-08-05 22:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:07 - 2014-08-05 22:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:05 - 2014-08-05 22:05 - 00000702 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2014.lnk
2014-08-05 22:05 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-08-05 22:03 - 2014-08-05 22:03 - 00000000 ___HD () C:\$AVG
2014-08-05 21:39 - 2014-08-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2014-08-04 17:49 - 2010-06-01 17:40 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\888poker
2014-07-28 19:48 - 2012-05-08 21:43 - 00000000 ____D () C:\Documents and Settings\mary
2014-07-28 19:48 - 2005-10-04 23:57 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-07-28 19:48 - 2005-10-04 23:57 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-07-28 19:47 - 2004-09-16 10:53 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-27 13:26 - 2014-07-27 13:26 - 00000000 ____D () C:\WINDOWS\LastGood(3)
2014-07-27 13:25 - 2004-09-16 10:44 - 00000000 ____D () C:\WINDOWS\repair
2014-07-27 01:45 - 2014-07-27 01:41 - 00002048 _____ () C:\Documents and Settings\Administrator\My Documents\Backup.bkf
2014-07-24 22:18 - 2013-09-05 18:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 22:16 - 2013-09-05 18:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
2014-07-24 22:16 - 2013-09-05 18:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
2014-07-22 17:47 - 2013-04-20 16:57 - 00000000 ____D () C:\Program Files\PacificPoker
2014-07-19 16:08 - 2014-07-19 16:07 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-19 16:07 - 2011-05-14 16:41 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 16:07 - 2005-10-04 15:58 - 534855680 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-18 22:21 - 2014-07-18 22:21 - 00276848 _____ () C:\Documents and Settings\Administrator\Desktop\download.htm
2014-07-16 23:51 - 2014-07-16 23:53 - 00287423 _____ () C:\Documents and Settings\Administrator\Desktop\grandpa and his boys.htm
2014-07-16 22:59 - 2013-03-08 19:37 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-07-14 12:26 - 2014-08-05 22:58 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-07-10 00:41 - 2013-08-14 20:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 00:37 - 2005-10-05 01:55 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 14:59 - 2012-04-07 17:02 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 14:59 - 2012-04-07 17:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\mpam-876bb297.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
FRST Addition
Additional scan result of Farbar Recovery Scan Tool (x86) Version:8-08-2014
Ran by MARY at 2014-08-08 23:56:09
Running from C:\Documents and Settings\MARY.MJABROAD\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
888poker (HKLM\...\888poker) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.8.643 - AVG Technologies)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version: - )
Dell Photo Printer 720 Logger (HKLM\...\Dell Photo Printer 720 Logger) (Version: 1.0 - Dell)
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14 (Version: 1.1.1067.14 - Microsoft) Hidden
DSL-300 Family Configuration Utility (HKLM\...\DSL-300 Family Configuration Utility) (Version: - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Little Registry Cleaner (HKLM\...\Little Registry Cleaner) (Version: - Little Apps)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MemTurbo 4 (HKLM\...\{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version: - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
SAMSUNG CDMA Modem Driver Set (HKLM\...\SAMSUNG CDMA Modem) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.0.1.60510 - Samsung Electronics Co., Ltd.)
Samsung PC Studio (Version: 3.0.0.60510 - Samsung Electronics Co., Ltd.) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB972636) (HKLM\...\KB972636-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vodafone 804SS USB driver Software (HKLM\...\Vodafone 804SS USB driver) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - )
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
20-07-2014 22:59:07 Software Distribution Service 3.0
21-07-2014 00:12:04 Software Distribution Service 3.0
21-07-2014 08:05:33 Software Distribution Service 3.0
21-07-2014 13:06:23 Software Distribution Service 3.0
21-07-2014 15:16:05 Software Distribution Service 3.0
21-07-2014 15:21:55 Restore Operation
21-07-2014 20:36:36 Software Distribution Service 3.0
21-07-2014 23:18:08 Software Distribution Service 3.0
22-07-2014 08:41:17 Software Distribution Service 3.0
22-07-2014 12:48:13 Software Distribution Service 3.0
22-07-2014 13:45:14 Software Distribution Service 3.0
22-07-2014 16:09:29 Software Distribution Service 3.0
22-07-2014 20:43:28 Software Distribution Service 3.0
23-07-2014 06:58:57 Software Distribution Service 3.0
23-07-2014 13:34:16 Software Distribution Service 3.0
23-07-2014 15:13:17 Software Distribution Service 3.0
23-07-2014 21:04:31 Software Distribution Service 3.0
24-07-2014 07:29:39 Software Distribution Service 3.0
24-07-2014 14:35:17 Software Distribution Service 3.0
24-07-2014 14:41:04 Restore Operation
24-07-2014 20:13:58 Software Distribution Service 3.0
24-07-2014 21:52:44 Software Distribution Service 3.0
25-07-2014 05:13:43 Software Distribution Service 3.0
25-07-2014 11:52:17 Software Distribution Service 3.0
25-07-2014 12:14:44 Software Distribution Service 3.0
25-07-2014 13:11:15 Restore Operation
25-07-2014 13:14:43 Restore Operation
25-07-2014 13:33:32 Software Distribution Service 3.0
25-07-2014 21:33:01 Software Distribution Service 3.0
25-07-2014 22:57:36 Software Distribution Service 3.0
26-07-2014 05:54:55 Software Distribution Service 3.0
26-07-2014 06:58:32 Restore Operation
26-07-2014 07:01:36 Restore Operation
26-07-2014 20:40:04 Software Distribution Service 3.0
26-07-2014 22:32:07 Restore Operation
26-07-2014 22:45:12 Restore Operation
26-07-2014 23:49:14 Restore Operation
26-07-2014 23:58:36 Software Distribution Service 3.0
27-07-2014 11:10:46 Restore Operation
27-07-2014 11:23:16 Restore Operation
27-07-2014 11:28:19 Restore Operation
27-07-2014 12:09:23 Software Distribution Service 3.0
27-07-2014 13:57:08 Software Distribution Service 3.0
27-07-2014 20:20:26 Software Distribution Service 3.0
28-07-2014 02:12:36 Software Distribution Service 3.0
28-07-2014 06:54:05 Software Distribution Service 3.0
28-07-2014 15:29:48 Restore Operation
28-07-2014 15:35:42 Software Distribution Service 3.0
28-07-2014 16:38:07 Software Distribution Service 3.0
28-07-2014 17:13:31 Restore Operation
28-07-2014 17:23:31 Restore Operation
28-07-2014 17:24:03 Restore Operation
28-07-2014 17:46:19 Restore Operation
28-07-2014 18:01:36 Software Distribution Service 3.0
28-07-2014 18:24:37 Software Distribution Service 3.0
28-07-2014 20:34:15 Software Distribution Service 3.0
29-07-2014 05:49:41 Software Distribution Service 3.0
29-07-2014 07:21:21 Software Distribution Service 3.0
29-07-2014 12:37:47 Software Distribution Service 3.0
29-07-2014 19:05:03 Software Distribution Service 3.0
29-07-2014 19:15:34 Restore Operation
29-07-2014 19:21:23 Restore Operation
29-07-2014 19:26:38 Restore Operation
29-07-2014 20:44:55 Software Distribution Service 3.0
30-07-2014 03:30:22 Software Distribution Service 3.0
30-07-2014 07:30:16 Software Distribution Service 3.0
30-07-2014 20:21:36 Software Distribution Service 3.0
31-07-2014 00:25:28 Software Distribution Service 3.0
31-07-2014 02:41:25 Software Distribution Service 3.0
31-07-2014 20:05:05 Software Distribution Service 3.0
01-08-2014 05:36:45 Software Distribution Service 3.0
01-08-2014 05:59:43 Software Distribution Service 3.0
01-08-2014 07:19:32 Software Distribution Service 3.0
01-08-2014 14:18:49 Software Distribution Service 3.0
01-08-2014 19:55:05 Software Distribution Service 3.0
01-08-2014 23:25:36 Software Distribution Service 3.0
02-08-2014 01:01:54 Software Distribution Service 3.0
02-08-2014 01:15:53 Software Distribution Service 3.0
02-08-2014 03:53:01 Software Distribution Service 3.0
02-08-2014 08:06:11 Software Distribution Service 3.0
02-08-2014 08:14:38 Software Distribution Service 3.0
02-08-2014 16:37:06 Software Distribution Service 3.0
02-08-2014 16:42:15 Restore Operation
02-08-2014 19:44:39 Software Distribution Service 3.0
03-08-2014 01:05:28 Software Distribution Service 3.0
03-08-2014 01:31:10 Software Distribution Service 3.0
03-08-2014 07:52:12 Software Distribution Service 3.0
03-08-2014 11:25:31 Software Distribution Service 3.0
03-08-2014 12:50:33 Software Distribution Service 3.0
03-08-2014 14:10:38 Software Distribution Service 3.0
03-08-2014 16:47:29 Restore Operation
03-08-2014 16:48:43 Software Distribution Service 3.0
03-08-2014 20:28:41 Software Distribution Service 3.0
03-08-2014 22:09:06 Software Distribution Service 3.0
04-08-2014 01:00:30 Software Distribution Service 3.0
04-08-2014 01:43:43 Software Distribution Service 3.0
04-08-2014 02:35:06 Software Distribution Service 3.0
04-08-2014 07:45:15 Software Distribution Service 3.0
04-08-2014 16:05:18 Software Distribution Service 3.0
05-08-2014 19:16:19 Software Distribution Service 3.0
05-08-2014 20:01:50 Installed AVG 2014
05-08-2014 20:02:40 Installed AVG 2014
05-08-2014 20:53:41 Installed AVG PC TuneUp 2014
06-08-2014 01:05:43 Software Distribution Service 3.0
06-08-2014 03:23:15 Restore Operation
06-08-2014 03:54:33 Restore Operation
06-08-2014 03:59:14 Restore Operation
06-08-2014 05:32:45 Software Distribution Service 3.0
06-08-2014 12:42:21 Software Distribution Service 3.0
08-08-2014 12:23:12 System Checkpoint
08-08-2014 19:04:26 Software Distribution Service 3.0
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 14:00 - 2013-03-30 04:25 - 00446218 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\DataUpload.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D0F0C55-E4E8-48A5-8365-85495DCEA754}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2003-07-29 16:27 - 2003-07-29 16:27 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBCPP5C.dll
2014-08-08 17:38 - 2014-08-08 17:37 - 01645592 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2014-07-14 12:26 - 2014-07-14 12:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
2014-08-08 17:38 - 2014-08-08 17:36 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\loggingserver.exe
2014-08-08 17:38 - 2014-08-08 17:37 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\log4cplusU.dll
2014-08-08 17:38 - 2014-08-08 17:37 - 02571288 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2004-08-04 14:00 - 2008-04-14 02:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 14:00 - 2008-04-14 02:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-07-16 22:59 - 2014-07-15 11:24 - 08537928 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 22:59 - 2014-07-15 11:24 - 00353096 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 22:59 - 2014-07-15 11:24 - 01732936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-06 07:21 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-06 07:21 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/08/2014 02:46:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application PerformanceOptimizer.exe, version 14.0.1001.519, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/08/2014 02:05:09 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
Error: (08/08/2014 02:05:08 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
Error: (08/08/2014 00:42:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (252) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/08/2014 00:38:09 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
Error: (08/08/2014 00:38:07 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
Error: (08/06/2014 02:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/06/2014 11:33:28 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
Error: (08/06/2014 11:33:27 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
Error: (08/06/2014 05:58:23 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
System errors:
=============
Error: (08/08/2014 09:05:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2859537).
Error: (08/08/2014 09:05:02 PM) (Source: NtServicePack) (EventID: 4373) (User: MJABROAD)
Description: Windows XP KB2859537 installation failed.
An internal error occurred.
Error: (08/08/2014 09:05:01 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2676562).
Error: (08/08/2014 09:04:55 PM) (Source: NtServicePack) (EventID: 4373) (User: MJABROAD)
Description: Windows XP KB2676562 installation failed.
An internal error occurred.
Error: (08/08/2014 08:46:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
Error: (08/08/2014 04:46:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
Error: (08/08/2014 02:05:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
Error: (08/08/2014 02:05:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
Error: (08/08/2014 00:51:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
Error: (08/08/2014 00:50:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
Microsoft Office Sessions:
=========================
Error: (08/08/2014 02:46:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PerformanceOptimizer.exe14.0.1001.519hungapp0.0.0.000000000
Error: (08/08/2014 02:05:09 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
Error: (08/08/2014 02:05:08 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
Error: (08/08/2014 00:42:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost252C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
Error: (08/08/2014 00:38:09 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
Error: (08/08/2014 00:38:07 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
Error: (08/06/2014 02:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (08/06/2014 11:33:28 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
Error: (08/06/2014 11:33:27 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
Error: (08/06/2014 05:58:23 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 509.98 MB
Available physical RAM: 159.46 MB
Total Pagefile: 1671.08 MB
Available Pagefile: 677.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:71.46 GB) (Free:44.18 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 11B10323)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
==================== End Of Log ============================
#4
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 08 August 2014 - 05:20 PM
Curt,
This computer is possibly infected with the TDSS Rootkit
http://en.wikipedia.org/wiki/Alureon
Please download TDSSKiller.zip
-
- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#5
Bally
-
- Authentic Member
-
- 56 posts
Authentic Member
Posted 08 August 2014 - 07:31 PM
Ken... tried to dwnld. by clicking on the TDSSKiller.zip file (above), but it wouldn't transfer over? ... so, I went to Kaspersky Labs direct and dwnld. and then ran the program. It appears to have quarantined 2-threat in Win.32, see log file (below);
TDSSKiller
02:59:33.0921 0x0e2c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
02:59:43.0750 0x0e2c ============================================================
02:59:43.0750 0x0e2c Current date / time: 2014/08/09 02:59:43.0750
02:59:43.0750 0x0e2c SystemInfo:
02:59:43.0750 0x0e2c
02:59:43.0750 0x0e2c OS Version: 5.1.2600 ServicePack: 3.0
02:59:43.0750 0x0e2c Product type: Workstation
02:59:43.0750 0x0e2c ComputerName: MJABROAD
02:59:43.0765 0x0e2c UserName: MARY
02:59:43.0765 0x0e2c Windows directory: C:\WINDOWS
02:59:43.0765 0x0e2c System windows directory: C:\WINDOWS
02:59:43.0765 0x0e2c Processor architecture: Intel x86
02:59:43.0765 0x0e2c Number of processors: 1
02:59:43.0765 0x0e2c Page size: 0x1000
02:59:43.0765 0x0e2c Boot type: Normal boot
02:59:43.0765 0x0e2c ============================================================
02:59:49.0578 0x0e2c KLMD registered as C:\WINDOWS\system32\drivers\79232164.sys
02:59:52.0187 0x0e2c System UUID: {6F5CA724-0E15-7ACF-1DA4-4A0EC9F23723}
02:59:56.0546 0x0e2c Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:59:56.0546 0x0e2c ============================================================
02:59:56.0546 0x0e2c \Device\Harddisk0\DR0:
02:59:56.0546 0x0e2c MBR partitions:
02:59:56.0546 0x0e2c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
02:59:56.0546 0x0e2c ============================================================
02:59:56.0578 0x0e2c C: <-> \Device\Harddisk0\DR0\Partition1
02:59:56.0593 0x0e2c ============================================================
02:59:56.0593 0x0e2c Initialize success
02:59:56.0593 0x0e2c ============================================================
03:00:01.0687 0x0854 ============================================================
03:00:01.0687 0x0854 Scan started
03:00:01.0687 0x0854 Mode: Manual;
03:00:01.0687 0x0854 ============================================================
03:00:01.0687 0x0854 KSN ping started
03:00:05.0765 0x0854 KSN ping finished: true
03:00:06.0906 0x0854 ================ Scan system memory ========================
03:00:06.0921 0x0854 System memory - ok
03:00:06.0921 0x0854 ================ Scan services =============================
03:00:07.0046 0x0854 Abiosdsk - ok
03:00:07.0046 0x0854 abp480n5 - ok
03:00:07.0093 0x0854 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:00:07.0109 0x0854 ACPI - ok
03:00:07.0437 0x0854 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:00:07.0437 0x0854 ACPIEC - ok
03:00:07.0515 0x0854 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:00:07.0531 0x0854 AdobeFlashPlayerUpdateSvc - ok
03:00:07.0546 0x0854 adpu160m - ok
03:00:07.0562 0x0854 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
03:00:07.0578 0x0854 aec - ok
03:00:07.0609 0x0854 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:00:07.0640 0x0854 AFD - ok
03:00:07.0640 0x0854 Aha154x - ok
03:00:07.0656 0x0854 aic78u2 - ok
03:00:07.0671 0x0854 aic78xx - ok
03:00:07.0687 0x0854 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:00:07.0703 0x0854 Alerter - ok
03:00:07.0718 0x0854 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
03:00:07.0718 0x0854 ALG - ok
03:00:07.0734 0x0854 AliIde - ok
03:00:07.0750 0x0854 amsint - ok
03:00:07.0781 0x0854 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:00:07.0781 0x0854 AppMgmt - ok
03:00:07.0796 0x0854 asc - ok
03:00:07.0812 0x0854 asc3350p - ok
03:00:07.0828 0x0854 asc3550 - ok
03:00:07.0921 0x0854 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:00:07.0984 0x0854 aspnet_state - ok
03:00:08.0015 0x0854 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:00:08.0031 0x0854 AsyncMac - ok
03:00:08.0062 0x0854 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:00:08.0062 0x0854 atapi - ok
03:00:08.0062 0x0854 Atdisk - ok
03:00:08.0093 0x0854 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:00:08.0093 0x0854 Atmarpc - ok
03:00:08.0125 0x0854 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:00:08.0140 0x0854 AudioSrv - ok
03:00:08.0171 0x0854 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:00:08.0171 0x0854 audstub - ok
03:00:08.0265 0x0854 [ 21C2F3000A7233E517D7AB62F97BF509, 07169A2512D616E4AE7FE0F6B66D2B84D526F6022985871CC29E9F53FDCFCB6D ] Avgdiskx C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
03:00:08.0281 0x0854 Avgdiskx - ok
03:00:08.0312 0x0854 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
03:00:08.0328 0x0854 Avgfwdx - ok
03:00:08.0328 0x0854 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
03:00:08.0343 0x0854 Avgfwfd - ok
03:00:08.0500 0x0854 [ 2563652FA7B34E36B868F9F5E192DB4B, 37A4849B4B6400E617FA72F5161ECB2EC0F25D3473694E15FAA73A26AB37C70A ] avgfws C:\Program Files\AVG\AVG2014\avgfws.exe
03:00:08.0578 0x0854 avgfws - ok
03:00:08.0734 0x0854 [ 35C4B10F6BE9D2A375F153895D046FC1, 8E798F1413609554197E352E6097E5AC20338BDD15189C629A9E22A10094B24F ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
03:00:08.0890 0x0854 AVGIDSAgent - ok
03:00:08.0953 0x0854 [ A9794BF4820E6C3225B24F990B5203EF, 13B38AFA28015F6C5CF37922D51949FB4A15A092607B2B4F15CAA484551AA824 ] AVGIDSDriverl C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys
03:00:08.0953 0x0854 AVGIDSDriverl - ok
03:00:09.0000 0x0854 [ C0701A3C53F0A0F5E4900F26365A10A1, 2755AF8C98F4855FD467F0174D6AE7AC3E7050D95008FE521918194593684D51 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
03:00:09.0000 0x0854 AVGIDSHX - ok
03:00:09.0062 0x0854 [ E7FEE532CEF01C97D7682E35D156244F, CF54B4B83E1A060FF52BDEAC4E20492ACFAABC87BC6BE784D6AB4CD64C965B92 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
03:00:09.0078 0x0854 AVGIDSShim - ok
03:00:09.0140 0x0854 [ FA868D5784DE755DD8A1B4B1A80574E4, 9300B4ACBDA96FA4FEE9265ED0E50F750C2B6F7BE854953B8FB73904679DBCA3 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
03:00:09.0156 0x0854 Avgldx86 - ok
03:00:09.0203 0x0854 [ 8D37558421330218C98722DF4AD85E83, 24C33B317BA605DFC9B9CE2868391A815870A61F58A172806533A16F29F92B0A ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
03:00:09.0250 0x0854 Avglogx - ok
03:00:09.0359 0x0854 [ 5C3A4A2F473E614C1BF807FE2ABE0D05, 71E786EA1DCBC6ECB915E887B19C86E041C8E4373DAB28548D344323FD9D6CD2 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
03:00:09.0375 0x0854 Avgmfx86 - ok
03:00:09.0406 0x0854 [ 86FCB8CE3E68C4777B98F7AF06FE8519, 6B7507DA927ECDBA8B2DAA87530DDAEAC5B0983D3CF11D1F6D00D36601FBC60C ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
03:00:09.0437 0x0854 Avgrkx86 - ok
03:00:09.0515 0x0854 [ ACFEE559442E1FCD48EC74C7D3452608, 536E36CD59BB1E0F5732D8BF57208A07C88A51D02FA016F844648CA0B44F0073 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
03:00:09.0531 0x0854 Avgtdix - ok
03:00:09.0562 0x0854 [ 9D9B2624C7E8365FC699561111A46A99, 2EC0DBDB99A94E59E6272167ACB5992236B31AACC0F817A6E6D64A26211B5B73 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
03:00:09.0562 0x0854 avgtp - ok
03:00:09.0593 0x0854 [ 809201993B2CD679194915D8F2AAB37A, 51407A13CC3B551F4E327FCE5A07956CF73C3E1985FDAA3ADDEEC2114DD3802E ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
03:00:09.0609 0x0854 avgwd - ok
03:00:09.0671 0x0854 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:00:09.0687 0x0854 Beep - ok
03:00:09.0750 0x0854 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
03:00:09.0812 0x0854 BITS - ok
03:00:09.0843 0x0854 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
03:00:09.0859 0x0854 Browser - ok
03:00:09.0890 0x0854 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:00:09.0890 0x0854 cbidf2k - ok
03:00:09.0921 0x0854 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:00:09.0921 0x0854 CCDECODE - ok
03:00:09.0937 0x0854 cd20xrnt - ok
03:00:09.0968 0x0854 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:00:09.0968 0x0854 Cdaudio - ok
03:00:10.0000 0x0854 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:00:10.0000 0x0854 Cdfs - ok
03:00:10.0031 0x0854 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:00:10.0046 0x0854 Cdrom - ok
03:00:10.0109 0x0854 [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
03:00:10.0140 0x0854 cercsr6 - ok
03:00:10.0156 0x0854 Changer - ok
03:00:10.0203 0x0854 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:00:10.0218 0x0854 CiSvc - ok
03:00:10.0250 0x0854 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:00:10.0265 0x0854 ClipSrv - ok
03:00:10.0609 0x0854 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:00:13.0125 0x0854 clr_optimization_v2.0.50727_32 - ok
03:00:13.0437 0x0854 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:00:13.0765 0x0854 clr_optimization_v4.0.30319_32 - ok
03:00:13.0765 0x0854 CmdIde - ok
03:00:13.0781 0x0854 COMSysApp - ok
03:00:13.0796 0x0854 Cpqarray - ok
03:00:13.0828 0x0854 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:00:13.0843 0x0854 CryptSvc - ok
03:00:13.0859 0x0854 dac2w2k - ok
03:00:13.0859 0x0854 dac960nt - ok
03:00:14.0031 0x0854 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:00:14.0187 0x0854 DcomLaunch - ok
03:00:14.0250 0x0854 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:00:14.0265 0x0854 Dhcp - ok
03:00:14.0312 0x0854 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:00:14.0312 0x0854 Disk - ok
03:00:14.0312 0x0854 dmadmin - ok
03:00:14.0484 0x0854 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:00:14.0531 0x0854 dmboot - ok
03:00:14.0593 0x0854 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
03:00:14.0625 0x0854 dmio - ok
03:00:14.0671 0x0854 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:00:14.0671 0x0854 dmload - ok
03:00:14.0718 0x0854 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
03:00:14.0734 0x0854 dmserver - ok
03:00:14.0765 0x0854 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:00:14.0765 0x0854 DMusic - ok
03:00:14.0828 0x0854 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:00:14.0859 0x0854 Dnscache - ok
03:00:14.0906 0x0854 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
03:00:14.0937 0x0854 Dot3svc - ok
03:00:14.0953 0x0854 dpti2o - ok
03:00:14.0968 0x0854 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:00:14.0968 0x0854 drmkaud - ok
03:00:15.0015 0x0854 [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
03:00:15.0031 0x0854 E100B - ok
03:00:15.0078 0x0854 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
03:00:15.0078 0x0854 EapHost - ok
03:00:15.0125 0x0854 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:00:15.0125 0x0854 ERSvc - ok
03:00:15.0203 0x0854 esgiguard - ok
03:00:15.0265 0x0854 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
03:00:15.0281 0x0854 Eventlog - ok
03:00:15.0359 0x0854 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
03:00:15.0406 0x0854 EventSystem - ok
03:00:15.0484 0x0854 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:00:15.0515 0x0854 Fastfat - ok
03:00:15.0562 0x0854 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:00:15.0578 0x0854 FastUserSwitchingCompatibility - ok
03:00:15.0703 0x0854 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:00:15.0718 0x0854 Fdc - ok
03:00:15.0765 0x0854 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:00:15.0781 0x0854 Fips - ok
03:00:15.0875 0x0854 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
03:00:15.0906 0x0854 Flpydisk - ok
03:00:16.0187 0x0854 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
03:00:16.0296 0x0854 FltMgr - ok
03:00:16.0625 0x0854 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:00:16.0906 0x0854 FontCache3.0.0.0 - ok
03:00:17.0031 0x0854 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:00:17.0062 0x0854 Fs_Rec - ok
03:00:17.0421 0x0854 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:00:17.0546 0x0854 Ftdisk - ok
03:00:17.0750 0x0854 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:00:17.0859 0x0854 Gpc - ok
03:00:20.0500 0x0854 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:00:20.0515 0x0854 helpsvc - ok
03:00:20.0531 0x0854 HidServ - ok
03:00:20.0796 0x0854 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:00:20.0828 0x0854 hidusb - ok
03:00:23.0156 0x0854 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
03:00:23.0250 0x0854 hkmsvc - ok
03:00:23.0296 0x0854 hpn - ok
03:00:23.0421 0x0854 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:00:23.0562 0x0854 HTTP - ok
03:00:23.0640 0x0854 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:00:23.0734 0x0854 HTTPFilter - ok
03:00:23.0734 0x0854 i2omgmt - ok
03:00:23.0750 0x0854 i2omp - ok
03:00:23.0812 0x0854 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:00:23.0875 0x0854 i8042prt - ok
03:00:24.0453 0x0854 [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
03:00:25.0125 0x0854 ialm - ok
03:00:25.0578 0x0854 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:00:26.0109 0x0854 idsvc - ok
03:00:26.0515 0x0854 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:00:26.0531 0x0854 Imapi - ok
03:00:26.0640 0x0854 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
03:00:26.0687 0x0854 ImapiService - ok
03:00:26.0734 0x0854 ini910u - ok
03:00:26.0812 0x0854 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
03:00:26.0828 0x0854 IntelIde - ok
03:00:27.0234 0x0854 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:00:27.0375 0x0854 intelppm - ok
03:00:27.0593 0x0854 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
03:00:27.0640 0x0854 Ip6Fw - ok
03:00:28.0546 0x0854 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:00:28.0593 0x0854 IpFilterDriver - ok
03:00:28.0718 0x0854 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:00:28.0734 0x0854 IpInIp - ok
03:00:29.0234 0x0854 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:00:29.0406 0x0854 IpNat - ok
03:00:29.0656 0x0854 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:00:32.0953 0x0854 IPSec - ok
03:00:33.0281 0x0854 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:00:33.0343 0x0854 IRENUM - ok
03:00:33.0703 0x0854 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:00:33.0984 0x0854 isapnp - ok
03:00:34.0312 0x0854 [ 0A5709543986843D37A92290B7838340, 8945A09816A1A1450202BA621C9DA1F9F922594CCE9DE0995FE863F78C584686 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
03:00:34.0546 0x0854 JavaQuickStarterService - ok
03:00:34.0593 0x0854 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:00:34.0656 0x0854 Kbdclass - ok
03:00:34.0703 0x0854 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:00:34.0718 0x0854 kbdhid - ok
03:00:34.0781 0x0854 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:00:34.0859 0x0854 kmixer - ok
03:00:34.0921 0x0854 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:00:34.0984 0x0854 KSecDD - ok
03:00:35.0046 0x0854 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:00:35.0078 0x0854 lanmanserver - ok
03:00:35.0234 0x0854 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:00:35.0375 0x0854 lanmanworkstation - ok
03:00:35.0390 0x0854 lbrtfdc - ok
03:00:35.0500 0x0854 [ E19C8550B4C6C67FABFFD998EACF440A, FDBD948BB901FC683268ED3540C783D26C592809CCE915A2858A0161407A56BE ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
03:00:35.0671 0x0854 LexBceS - ok
03:00:35.0718 0x0854 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:00:35.0734 0x0854 LmHosts - ok
03:00:35.0921 0x0854 [ DDF15A42E27E8EFE27B18FD403151A86, D6FAA6B1C70065DFCF53DF0509119233ADAE4B1C8B5ACAAEBC62A3D546EB7423 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
03:00:36.0125 0x0854 MatSvc - ok
03:00:36.0453 0x0854 [ C3ED67C05F3923F9A8FEBA7A996337E1, 0A092A22339A9BFFAAB4A8A7C795480C058C0360C743BDF5D5DE042825F464A7 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
03:00:36.0609 0x0854 McComponentHostService - ok
03:00:36.0765 0x0854 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:00:36.0828 0x0854 Messenger - ok
03:00:36.0921 0x0854 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:00:37.0000 0x0854 mnmdd - ok
03:00:37.0156 0x0854 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:00:37.0218 0x0854 mnmsrvc - ok
03:00:37.0406 0x0854 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:00:37.0453 0x0854 Modem - ok
03:00:37.0546 0x0854 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:00:37.0562 0x0854 Mouclass - ok
03:00:37.0671 0x0854 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:00:37.0703 0x0854 mouhid - ok
03:00:37.0843 0x0854 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:00:37.0859 0x0854 MountMgr - ok
03:00:37.0859 0x0854 mraid35x - ok
03:00:37.0937 0x0854 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:00:38.0015 0x0854 MRxDAV - ok
03:00:38.0375 0x0854 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:00:38.0718 0x0854 MRxSmb - ok
03:00:38.0781 0x0854 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:00:38.0812 0x0854 MSDTC - ok
03:00:38.0859 0x0854 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:00:38.0875 0x0854 Msfs - ok
03:00:38.0890 0x0854 MSIServer - ok
03:00:38.0921 0x0854 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:00:38.0937 0x0854 MSKSSRV - ok
03:00:39.0046 0x0854 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:00:39.0125 0x0854 MSPCLOCK - ok
03:00:39.0203 0x0854 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:00:39.0203 0x0854 MSPQM - ok
03:00:39.0312 0x0854 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:00:39.0328 0x0854 mssmbios - ok
03:00:39.0453 0x0854 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
03:00:39.0531 0x0854 MSTEE - ok
03:00:39.0593 0x0854 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:00:39.0687 0x0854 Mup - ok
03:00:39.0750 0x0854 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:00:39.0796 0x0854 NABTSFEC - ok
03:00:40.0093 0x0854 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
03:00:40.0296 0x0854 napagent - ok
03:00:40.0500 0x0854 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:00:40.0578 0x0854 NDIS - ok
03:00:40.0609 0x0854 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:00:40.0671 0x0854 NdisIP - ok
03:00:40.0859 0x0854 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:00:40.0968 0x0854 NdisTapi - ok
03:00:41.0031 0x0854 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:00:41.0031 0x0854 Ndisuio - ok
03:00:41.0156 0x0854 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:00:41.0281 0x0854 NdisWan - ok
03:00:41.0406 0x0854 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:00:41.0453 0x0854 NDProxy - ok
03:00:41.0625 0x0854 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:00:41.0687 0x0854 NetBIOS - ok
03:00:41.0859 0x0854 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:00:41.0984 0x0854 NetBT - ok
03:00:42.0078 0x0854 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
03:00:42.0125 0x0854 NetDDE - ok
03:00:42.0187 0x0854 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:00:42.0187 0x0854 NetDDEdsdm - ok
03:00:42.0312 0x0854 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:00:42.0343 0x0854 Netlogon - ok
03:00:42.0625 0x0854 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
03:00:42.0781 0x0854 Netman - ok
03:00:42.0843 0x0854 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:00:43.0296 0x0854 NetTcpPortSharing - ok
03:00:43.0390 0x0854 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
03:00:43.0531 0x0854 Nla - ok
03:00:43.0593 0x0854 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:00:43.0671 0x0854 Npfs - ok
03:00:44.0046 0x0854 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:00:44.0343 0x0854 Ntfs - ok
03:00:44.0390 0x0854 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:00:44.0406 0x0854 NtLmSsp - ok
03:00:44.0515 0x0854 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:00:44.0890 0x0854 NtmsSvc - ok
03:00:44.0953 0x0854 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
03:00:44.0984 0x0854 Null - ok
03:00:45.0046 0x0854 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:00:45.0093 0x0854 NwlnkFlt - ok
03:00:45.0156 0x0854 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:00:45.0234 0x0854 NwlnkFwd - ok
03:00:45.0750 0x0854 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:00:45.0875 0x0854 ose - ok
03:00:45.0937 0x0854 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
03:00:45.0968 0x0854 Parport - ok
03:00:46.0000 0x0854 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:00:46.0000 0x0854 PartMgr - ok
03:00:46.0046 0x0854 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:00:46.0062 0x0854 ParVdm - ok
03:00:46.0078 0x0854 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:00:46.0078 0x0854 PCI - ok
03:00:46.0109 0x0854 PCIDump - ok
03:00:46.0140 0x0854 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
03:00:46.0171 0x0854 PCIIde - ok
03:00:46.0203 0x0854 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:00:46.0234 0x0854 Pcmcia - ok
03:00:46.0250 0x0854 PDCOMP - ok
03:00:46.0265 0x0854 PDFRAME - ok
03:00:46.0265 0x0854 PDRELI - ok
03:00:46.0281 0x0854 PDRFRAME - ok
03:00:46.0296 0x0854 perc2 - ok
03:00:46.0312 0x0854 perc2hib - ok
03:00:46.0359 0x0854 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
03:00:46.0359 0x0854 PlugPlay - ok
03:00:46.0375 0x0854 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:00:46.0375 0x0854 PolicyAgent - ok
03:00:46.0421 0x0854 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:00:46.0515 0x0854 PptpMiniport - ok
03:00:46.0546 0x0854 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:00:46.0562 0x0854 ProtectedStorage - ok
03:00:46.0578 0x0854 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
03:00:46.0593 0x0854 PSched - ok
03:00:46.0593 0x0854 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:00:46.0625 0x0854 Ptilink - ok
03:00:46.0625 0x0854 ql1080 - ok
03:00:46.0640 0x0854 Ql10wnt - ok
03:00:46.0656 0x0854 ql12160 - ok
03:00:46.0671 0x0854 ql1240 - ok
03:00:46.0671 0x0854 ql1280 - ok
03:00:46.0687 0x0854 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:00:46.0703 0x0854 RasAcd - ok
03:00:46.0750 0x0854 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:00:46.0781 0x0854 RasAuto - ok
03:00:46.0796 0x0854 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:00:46.0828 0x0854 Rasl2tp - ok
03:00:46.0875 0x0854 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
03:00:46.0906 0x0854 RasMan - ok
03:00:46.0921 0x0854 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:00:46.0937 0x0854 RasPppoe - ok
03:00:46.0968 0x0854 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:00:46.0984 0x0854 Raspti - ok
03:00:47.0046 0x0854 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:00:47.0187 0x0854 Rdbss - ok
03:00:47.0218 0x0854 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:00:47.0234 0x0854 RDPCDD - ok
03:00:47.0281 0x0854 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:00:47.0375 0x0854 rdpdr - ok
03:00:47.0437 0x0854 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:00:47.0546 0x0854 RDPWD - ok
03:00:47.0593 0x0854 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:00:47.0625 0x0854 RDSessMgr - ok
03:00:47.0656 0x0854 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:00:47.0656 0x0854 redbook - ok
03:00:47.0718 0x0854 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:00:47.0718 0x0854 RemoteAccess - ok
03:00:47.0765 0x0854 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:00:47.0796 0x0854 RemoteRegistry - ok
03:00:47.0812 0x0854 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
03:00:47.0828 0x0854 RpcLocator - ok
03:00:47.0921 0x0854 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
03:00:47.0937 0x0854 RpcSs - ok
03:00:48.0187 0x0854 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:00:48.0281 0x0854 RSVP - ok
03:00:48.0312 0x0854 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
03:00:48.0312 0x0854 SamSs - ok
03:00:48.0343 0x0854 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:00:48.0390 0x0854 SCardSvr - ok
03:00:48.0578 0x0854 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:00:48.0703 0x0854 Schedule - ok
03:00:48.0859 0x0854 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:00:48.0875 0x0854 Secdrv - ok
03:00:48.0921 0x0854 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
03:00:48.0953 0x0854 seclogon - ok
03:00:49.0250 0x0854 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
03:00:49.0656 0x0854 senfilt - ok
03:00:49.0718 0x0854 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
03:00:49.0718 0x0854 SENS - ok
03:00:49.0796 0x0854 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
03:00:49.0843 0x0854 serenum - ok
03:00:49.0890 0x0854 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
03:00:49.0937 0x0854 Serial - ok
03:00:50.0000 0x0854 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:00:50.0015 0x0854 Sfloppy - ok
03:00:50.0062 0x0854 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
03:00:50.0218 0x0854 SharedAccess - ok
03:00:50.0296 0x0854 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:00:50.0312 0x0854 ShellHWDetection - ok
03:00:50.0312 0x0854 Simbad - ok
03:00:51.0187 0x0854 [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
03:00:52.0484 0x0854 Skype C2C Service - ok
03:00:52.0593 0x0854 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
03:00:52.0625 0x0854 SkypeUpdate - ok
03:00:52.0656 0x0854 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:00:52.0656 0x0854 SLIP - ok
03:00:52.0718 0x0854 [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
03:00:52.0765 0x0854 smwdm - ok
03:00:52.0781 0x0854 Sparrow - ok
03:00:52.0812 0x0854 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:00:52.0812 0x0854 splitter - ok
03:00:52.0843 0x0854 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:00:52.0859 0x0854 Spooler - ok
03:00:52.0890 0x0854 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:00:52.0937 0x0854 sr - ok
03:00:52.0968 0x0854 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
03:00:53.0031 0x0854 srservice - ok
03:00:53.0125 0x0854 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:00:53.0359 0x0854 Srv - ok
03:00:53.0437 0x0854 [ 2D4027C46B4C6E45875E3C4BA3F67492, 37BA6F1B6BD5E3D6C920171D2081C930E12E80DEF98EB29AA9FA785A4375CE20 ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
03:00:53.0453 0x0854 sscdbus - ok
03:00:53.0500 0x0854 [ F548F1EBA107BC19E91189E6A460BD0E, B9651726BB5631C72F9042D7BA852F343D003D3E025D4F5EAD26B7DBE965AA5B ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
03:00:53.0500 0x0854 sscdmdfl - ok
03:00:53.0531 0x0854 [ 71D348D53597379DFE1DE255D70AF13C, 930BAB3EE7661B4B1E6D8D79CAB908E9081742F620293CF50AC7F78F4889BEC7 ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
03:00:53.0578 0x0854 sscdmdm - ok
03:00:53.0609 0x0854 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:00:53.0625 0x0854 SSDPSRV - ok
03:00:53.0656 0x0854 [ BD15182E9D2D3FABC1D1313BADBD2415, DBCC1A355D555816000D9EB352FBDAECB09D2C276A609E127F7264CED1B0F98A ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys
03:00:53.0703 0x0854 ss_bus - ok
03:00:53.0734 0x0854 [ 67D1144F249A3C5E03EBD7A2304DEE11, 6B2A62D03F10EAE9ECE081DBCB613B149A899C1994CD0843B50B1AB2A99B502B ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
03:00:53.0781 0x0854 ss_mdfl - ok
03:00:53.0812 0x0854 [ 954B7CE2D54C703D6A8471D6B05A5E13, 14051B4B69ED057971BB9FA5A62A75208DBFB3B32161225503999709380BFB58 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
03:00:53.0812 0x0854 ss_mdm - ok
03:00:53.0921 0x0854 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:00:54.0171 0x0854 stisvc - ok
03:00:54.0250 0x0854 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:00:54.0281 0x0854 streamip - ok
03:00:54.0312 0x0854 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:00:54.0328 0x0854 swenum - ok
03:00:54.0359 0x0854 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:00:54.0375 0x0854 swmidi - ok
03:00:54.0375 0x0854 SwPrv - ok
03:00:54.0390 0x0854 symc810 - ok
03:00:54.0406 0x0854 symc8xx - ok
03:00:54.0421 0x0854 sym_hi - ok
03:00:54.0437 0x0854 sym_u3 - ok
03:00:54.0453 0x0854 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:00:54.0453 0x0854 sysaudio - ok
03:00:54.0484 0x0854 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:00:54.0500 0x0854 SysmonLog - ok
03:00:54.0578 0x0854 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:00:54.0609 0x0854 TapiSrv - ok
03:00:54.0656 0x0854 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:00:54.0765 0x0854 Tcpip - ok
03:00:54.0796 0x0854 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:00:54.0812 0x0854 TDPIPE - ok
03:00:54.0843 0x0854 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:00:54.0875 0x0854 TDTCP - ok
03:00:54.0906 0x0854 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:00:54.0937 0x0854 TermDD - ok
03:00:55.0015 0x0854 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
03:00:55.0078 0x0854 TermService - ok
03:00:55.0140 0x0854 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
03:00:55.0140 0x0854 Themes - ok
03:00:55.0203 0x0854 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:00:55.0296 0x0854 TlntSvr - ok
03:00:55.0312 0x0854 TosIde - ok
03:00:55.0343 0x0854 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:00:55.0359 0x0854 TrkWks - ok
03:00:56.0140 0x0854 [ F88A177FA51674CE8EAF43DA56DF5D36, D565C86BAAE8431D139C7FF79F9F365FE2361FCA302B9AB7E33169D08483F28B ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
03:00:57.0468 0x0854 TuneUp.UtilitiesSvc - ok
03:00:57.0625 0x0854 [ E5049C43601473B5A909058596111229, 96CFE481F767C66FA2877594384086C1BE8B2BADBF12DBF4CB72CF73898D0876 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
03:00:57.0765 0x0854 TuneUpUtilitiesDrv - ok
03:00:57.0906 0x0854 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:00:57.0968 0x0854 Udfs - ok
03:00:57.0984 0x0854 ultra - ok
03:00:58.0125 0x0854 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:00:58.0531 0x0854 Update - ok
03:00:58.0703 0x0854 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
03:00:58.0796 0x0854 upnphost - ok
03:00:58.0843 0x0854 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
03:00:58.0859 0x0854 UPS - ok
03:00:59.0000 0x0854 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:00:59.0015 0x0854 usbehci - ok
03:00:59.0062 0x0854 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:00:59.0125 0x0854 usbhub - ok
03:00:59.0203 0x0854 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:00:59.0234 0x0854 usbprint - ok
03:00:59.0265 0x0854 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:00:59.0281 0x0854 USBSTOR - ok
03:00:59.0390 0x0854 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:00:59.0421 0x0854 usbuhci - ok
03:00:59.0453 0x0854 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:00:59.0468 0x0854 VgaSave - ok
03:00:59.0484 0x0854 ViaIde - ok
03:00:59.0578 0x0854 [ 7C38F81F40D61D1607DDB62FE5817BB9, 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:00:59.0609 0x0854 Suspicious file ( Forged ): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7C38F81F40D61D1607DDB62FE5817BB9, sha256: 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8, fake md5: 4C8FCB5CC53AAB716D810740FE59D025, fake sha256: 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4
03:00:59.0609 0x0854 VolSnap - detected Rootkit.Win32.TDSS.tdl3 ( 0 )
03:01:04.0875 0x0854 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
03:01:04.0875 0x0854 Force sending object to P2P due to detect: VolSnap
03:01:07.0906 0x0854 Object send P2P result: true
03:01:28.0765 0x0854 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
03:01:32.0437 0x0854 VSS - ok
03:01:36.0109 0x0854 [ C7C1EB8307E8991B0F2868212ED630DE, DAA053B93931C904782BD0DDB57128CD76E7A0CA13E7045B63EF97D651E978BA ] vToolbarUpdater18.1.8 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe
03:01:38.0109 0x0854 vToolbarUpdater18.1.8 - ok
03:01:38.0421 0x0854 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
03:01:38.0562 0x0854 W32Time - ok
03:01:38.0812 0x0854 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:01:38.0906 0x0854 Wanarp - ok
03:01:38.0921 0x0854 WDICA - ok
03:01:38.0968 0x0854 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:01:39.0078 0x0854 wdmaud - ok
03:01:39.0140 0x0854 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
03:01:39.0250 0x0854 WebClient - ok
03:01:46.0750 0x0854 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:01:47.0437 0x0854 winmgmt - ok
03:01:47.0859 0x0854 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
03:01:48.0359 0x0854 WmdmPmSN - ok
03:01:49.0640 0x0854 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
03:01:53.0546 0x0854 Wmi - ok
03:01:53.0640 0x0854 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:01:54.0296 0x0854 WmiApSrv - ok
03:01:55.0437 0x0854 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
03:01:56.0312 0x0854 WMPNetworkSvc - ok
03:01:57.0468 0x0854 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:01:59.0406 0x0854 WPFFontCache_v0400 - ok
03:01:59.0531 0x0854 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
03:01:59.0593 0x0854 wscsvc - ok
03:01:59.0765 0x0854 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:01:59.0859 0x0854 WSTCODEC - ok
03:02:00.0062 0x0854 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
03:02:00.0125 0x0854 wuauserv - ok
03:02:00.0312 0x0854 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:02:00.0546 0x0854 WudfPf - ok
03:02:00.0671 0x0854 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:02:00.0734 0x0854 WudfRd - ok
03:02:01.0421 0x0854 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
03:02:02.0296 0x0854 WudfSvc - ok
03:02:02.0718 0x0854 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:02:03.0312 0x0854 WZCSVC - ok
03:02:03.0609 0x0854 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:02:03.0718 0x0854 xmlprov - ok
03:02:03.0734 0x0854 ZSMC301b - ok
03:02:03.0750 0x0854 ================ Scan global ===============================
03:02:03.0843 0x0854 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
03:02:04.0125 0x0854 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
03:02:04.0812 0x0854 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
03:02:04.0890 0x0854 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
03:02:04.0953 0x0854 [ Global ] - ok
03:02:04.0953 0x0854 ================ Scan MBR ==================================
03:02:04.0968 0x0854 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
03:02:09.0578 0x0854 \Device\Harddisk0\DR0 - ok
03:02:09.0578 0x0854 ================ Scan VBR ==================================
03:02:09.0593 0x0854 [ CDF8E5631F513961CA04CE80BD9B8F9B ] \Device\Harddisk0\DR0\Partition1
03:02:09.0671 0x0854 \Device\Harddisk0\DR0\Partition1 - ok
03:02:09.0671 0x0854 ================ Scan generic autorun ======================
03:02:09.0734 0x0854 [ 3F2C8DD08549BB3419CDA372F5999FFA, D2AF3C3BD950A027094034B40C6F81BE966A557F9BD403D3D10E3D0D31CF8A76 ] C:\WINDOWS\system32\igfxtray.exe
03:02:09.0812 0x0854 igfxtray - ok
03:02:10.0093 0x0854 [ 01018F75F3F18CE629FAC9689954A2AE, F10802A5DEE4527B34939A5FF77B6B3184F7A2FF2963DE6C872C85C25233C7CF ] C:\WINDOWS\system32\hkcmd.exe
03:02:10.0156 0x0854 igfxhkcmd - ok
03:02:10.0250 0x0854 [ 996ABAC2332DE28F3B6A179C6DA20205, D9E7D690400FA5816555A1030BB39CC9DC3C5EF195A44085B072BEF5EDA7A67A ] C:\WINDOWS\system32\igfxpers.exe
03:02:10.0328 0x0854 igfxpers - ok
03:02:11.0312 0x0854 [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
03:02:12.0765 0x0854 MSMSGS - ok
03:02:12.0765 0x0854 MsnMsgr - ok
03:02:14.0265 0x0854 [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
03:02:14.0312 0x0854 MSMSGS - ok
03:02:15.0203 0x0854 [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
03:02:17.0640 0x0854 SpybotSD TeaTimer - ok
03:02:17.0781 0x0854 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
03:02:17.0796 0x0854 ctfmon.exe - ok
03:02:28.0078 0x0854 [ 58920E6A409046BA06548D9D139CE0F0, 73FB33F5A76A3445C494482D520448EE02C0B1B7D3DD2E97BE3A9B15F89C5911 ] C:\Program Files\Skype\Phone\Skype.exe
03:02:44.0593 0x0854 Skype - ok
03:02:45.0281 0x0854 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
03:02:45.0562 0x0854 Google Update - ok
03:02:45.0562 0x0854 Waiting for KSN requests completion. In queue: 2
03:02:46.0562 0x0854 Waiting for KSN requests completion. In queue: 2
03:02:47.0562 0x0854 Waiting for KSN requests completion. In queue: 2
03:02:55.0656 0x0854 AV detected via SS1: PC Cleaner Pro, , disabled, updated
03:02:55.0656 0x0854 AV detected via SS1: AVG Internet Security 2014, 2014.0, enabled, updated
03:02:55.0828 0x0854 FW detected via SS1: AVG Internet Security 2014, 2014.0, enabled
03:02:58.0328 0x0854 ============================================================
03:02:58.0328 0x0854 Scan finished
03:02:58.0328 0x0854 ============================================================
03:02:59.0125 0x0624 Detected object count: 1
03:02:59.0125 0x0624 Actual detected object count: 1
03:03:34.0562 0x0624 C:\WINDOWS\system32\drivers\VolSnap.sys - copied to quarantine
03:04:36.0218 0x0624 Backup copy found through SCO, using it..
03:04:37.0921 0x0624 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured on reboot
03:04:37.0921 0x0624 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
03:04:43.0656 0x0624 KLMD registered as C:\WINDOWS\system32\drivers\46365306.sys
03:05:08.0656 0x0314 Deinitialize success
-END-
#6
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 09 August 2014 - 03:48 AM
Curt, TDSS is pretty awful, there may be more so lets run Combofix , hopefully this time you can post the log for me to see
I hope you have rebooted since running TDSSKiller
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#7
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 09 August 2014 - 10:09 AM
Curt, will be offline until late tonight or early tomorrow morning
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#8
Bally
-
- Authentic Member
-
- 56 posts
Authentic Member
Posted 10 August 2014 - 03:39 AM
Ken... hope you enjoyed your time off. OK, now dwnld. ComboFix, and ran it... but, it stopped (or, paused?) unable to go beyond the point of its "blue screen" stating... THIS TYPICALLY DOESN'T TAKE MORE THAN 10 MINUTES. HOWEVER, SCAN TIMES FOR BADLY INFECTED MACHINES MAY EASILY DOUBLE. Well, the stayed like that for hours NO progress. Finally, I decided to attempt to run the program in SAFE MODE WITH NETWORKING. Same results stuck in the same place cursor blinking no progress beyond this point even in safe mode?
Also, it appears the machine is short on virtual memory, apparently, not enough RAM, or its memory is being zapped by infection(s)?
#9
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 10 August 2014 - 06:15 AM
Morning Curt,
The TDSS rootkit is real nasty and there maybe some left causing problems, lets see if Malwarebytes will run, be sure to read the instructions so that it will quarantine all it finds
Download Malwarebytes' Anti-Malware to your desktop.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#10
Bally
-
- Authentic Member
-
- 56 posts
Authentic Member
Posted 10 August 2014 - 11:31 AM
Ken... gave-up after hours waiting for ComboFix to complete its tasks, to no avail. Dwnld. Malwarebytes Anti-Malware and installed and ran program as ypi instructed with one addition, i.e., checked the box under marked Rootkit Scan in Settings: Detection and Protection! Don't know if I should have done this, but did it because of your previous statement about Rootkits? After answering all the prelim questions and placement of the directory... I hit the install button and within a minute a small box opens titled: Setup (X) that read, as follows: Internal Error: Expression Error 'Runtime Error (at 27.151): RegSrv failed with exit code 0x5.' Click on the something at the bottom of the box (ok, close, something?) and the program began installing as normal.
It finishing running and clicked on copy to clipboard... nothing happened? ... then clicked on the button on the left, entered .txt and tried again, but the file did not show-up on the desktop, as it did when program was run on my HP computer? I think the log file is there somewhere, but can't seem to find it? I titled the file "Malwarebytes Anti-Malware Log.txt", but can't locate it? ... btw, the program had identified 21 threats when it had completed running. I have not gone any further, the program is open showing the threats and awaiting my being told by you how to proceed.
I did see a .txt file while doing a search titled lastfile.txt, but I can't locate that either. Mary's computer is really screwed-up besides being a Dell, which I and 99% of the world believe is junk. Oh well, still got a few days to resolve issues before she returns from the UK.
Will await your reply. . .
Regards, Curt
-END-
Register to Remove
#11
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 10 August 2014 - 11:43 AM
Open Malwarebytes and on the Dashboard go to History > Application Logs > Scan Logs and highlight the one you just ran, open it and then copy to clipboard and paste it in this thread, if that dont work then export it to your desktop and then you can open it and select all > copy > and paste
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#12
Bally
-
- Authentic Member
-
- 56 posts
Authentic Member
Posted 10 August 2014 - 12:46 PM
Ken... can't find the file... in the program "MbytesAnti-Mal"... History tab, when I highlight and VIEW, a general overview screen comes-up, and then when I attempt to Copy to Clipboard and/or Export... up jumps that dayam MS report box (Send of Don't Send); I always click DON'T SEND, as there is nobody home at MS incl. Gates, et al; and, XP is no longer supported. After clicking on DON'T the Mbytes Anti-Mal program closes.
The thread is shown at the bottom of the History tab... it shows its going to Malwarebytes Anti-Malware Log, however, there is NO log folder or file there! And I just notices that the screen that comes-up within the History tab after highlighting the scan desired to be viewed... is isn't showing anything, but = 0 behind each of the categories of the scan?
Will run the SCAN again and see what I get. . .
#13
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 10 August 2014 - 01:26 PM
Running the scan again may come up clean and tell me nothing but give it a shot
- Please download rkill (Courtesy of Bleepingcomputer.com).
1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
Then after running RKill give combofix another try
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#14
Bally
-
- Authentic Member
-
- 56 posts
Authentic Member
Posted 10 August 2014 - 02:23 PM
Ken... same results running MBytes Anti-Mal... MS option Send/Don't Send... clicking on Don't the program closed.
The Rkill file ran the 1st time, log #1 results below... will run again, so as, you can compare log #1 with log #2
Rkill.txt
Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 08/10/2014 10:12:09 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Possibly Patched Files.
* C:\WINDOWS\system32\lsass.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\wscntfy.exe
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\clipsrv.exe : 33,280 : 04/14/2008 02:12 AM : 34cbe729f38138217f9c80212a2a0c82 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe : 33,280 : 08/04/2004 02:00 PM : c8dec22c4137d7a90f8bdf41ca4b82ae [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe : 33,280 : 04/14/2008 02:12 AM : 34cbe729f38138217f9c80212a2a0c82 [Pos Repl]
* C:\WINDOWS\System32\comres.dll : 792,064 : 04/14/2008 02:11 AM : 1280a158c722fa95a80fb7aebe78fa7d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\comres.dll : 792,064 : 08/04/2004 02:00 PM : 6728270cb7dbb776ed086f5ac4c82310 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\comres.dll : 792,064 : 04/14/2008 02:11 AM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
* C:\WINDOWS\System32\cryptsvc.dll : 62,464 : 04/14/2008 02:11 AM : 3d4e199942e29207970e04315d02ad3b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll : 60,416 : 08/04/2004 02:00 PM : 10654f9ddcea9c46cfb77554231be73b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll : 62,464 : 04/14/2008 02:11 AM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]
* C:\WINDOWS\System32\csrss.exe : 6,144 : 04/14/2008 02:12 AM : 44f275c64738ea2056e3d9580c23b60f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\csrss.exe : 6,144 : 08/04/2004 02:00 PM : f12b178b1678d778cfd3ff1fc38c71fb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\csrss.exe : 6,144 : 04/14/2008 02:12 AM : 44f275c64738ea2056e3d9580c23b60f [Pos Repl]
* C:\WINDOWS\System32\ctfmon.exe : 15,360 : 04/14/2008 02:12 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe : 15,360 : 08/04/2004 02:00 PM : 24232996a38c0b0cf151c2140ae29fc8 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe : 15,360 : 04/14/2008 02:12 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
* C:\WINDOWS\System32\d3d8.dll : 1,179,648 : 04/14/2008 02:11 AM : f099b129022170f2df9e1c0185c9bcfb [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll : 1,179,648 : 08/04/2004 02:00 PM : 42803ec60803c1a0754671e9183458f1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\d3d8.dll : 1,179,648 : 04/14/2008 02:11 AM : f099b129022170f2df9e1c0185c9bcfb [Pos Repl]
* C:\WINDOWS\System32\d3d8thk.dll : 8,192 : 04/14/2008 02:11 AM : 31b067c412fa1a9bad3ca2a63d7da440 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll : 8,192 : 08/04/2004 02:00 PM : 8d9210e9858d525646251dfa1fe37ebe [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll : 8,192 : 04/14/2008 02:11 AM : 31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]
* C:\WINDOWS\System32\d3d9.dll : 1,689,088 : 04/14/2008 02:11 AM : 0607cbc6fa20114cb491efe4b2f9efad [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll : 1,689,088 : 08/04/2004 02:00 PM : d67bdbbda86cc9aeebbaf3217c1717d8 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\d3d9.dll : 1,689,088 : 04/14/2008 02:11 AM : 0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]
* C:\WINDOWS\System32\ddraw.dll : 279,552 : 04/14/2008 02:11 AM : a340cd71eb535a3dd751b5f28723e50c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll : 266,240 : 08/04/2004 02:00 PM : 7ed462f353b3d915a418a689fa881f96 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ddraw.dll : 279,552 : 04/14/2008 02:11 AM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
* C:\WINDOWS\System32\dllhost.exe : 5,120 : 04/14/2008 02:12 AM : 0a9ba6af531afe7fa5e4fb973852d863 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe : 5,120 : 08/04/2004 02:00 PM : dd87db7387b9eb441c5674888a0d840c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dllhost.exe : 5,120 : 04/14/2008 02:12 AM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]
* C:\WINDOWS\System32\dsound.dll : 367,616 : 04/14/2008 02:11 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dsound.dll : 367,616 : 08/04/2004 02:00 PM : 55e148c01296696588eafa425782c3e8 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dsound.dll : 367,616 : 04/14/2008 02:11 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
* C:\WINDOWS\System32\dssenh.dll : 138,752 : 04/13/2008 07:37 PM : fede68bf80052bad393afd5c2e60dcb0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll : 137,216 : 08/04/2004 02:00 PM : cacd2c63a79268d131ea37e85524cc44 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dssenh.dll : 138,752 : 04/13/2008 07:37 PM : fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]
* C:\WINDOWS\System32\eventlog.dll : 56,320 : 04/14/2008 02:11 AM : 6d4feb43ee538fc5428cc7f0565aa656 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll : 55,808 : 08/04/2004 02:00 PM : 82b24cb70e5944e6e34662205a2a5b78 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll : 56,320 : 04/14/2008 02:11 AM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
* C:\WINDOWS\System32\hid.dll : 20,992 : 04/14/2008 02:11 AM : 8973122796e3b5d6b5900fc186e55fea [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\hid.dll : 20,992 : 08/04/2004 02:00 PM : 18afee0ede045b6255408d634372dc29 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hid.dll : 20,992 : 04/14/2008 02:11 AM : 8973122796e3b5d6b5900fc186e55fea [Pos Repl]
* C:\WINDOWS\System32\hnetcfg.dll : 344,064 : 04/14/2008 02:11 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll : 344,064 : 08/04/2004 02:00 PM : 765b30c776a1780b46b479fe614f707c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll : 344,064 : 04/14/2008 02:11 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]
* C:\WINDOWS\System32\imm32.dll : 110,080 : 04/14/2008 02:11 AM : 0da85218e92526972a821587e6a8bf8f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\imm32.dll : 110,080 : 08/04/2004 02:00 PM : 87ca7ce6469577f059297b9d6556d66d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\imm32.dll : 110,080 : 04/14/2008 02:11 AM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]
* C:\WINDOWS\System32\ipsecsvc.dll : 183,808 : 04/14/2008 02:11 AM : 332760fba1655fcfd35bd6f4fd871300 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll : 182,784 : 08/04/2004 02:00 PM : d1e299962b5956005113ec4ab1e0d9b7 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll : 183,808 : 04/14/2008 02:11 AM : 332760fba1655fcfd35bd6f4fd871300 [Pos Repl]
* C:\WINDOWS\System32\ksuser.dll : 4,096 : 04/14/2008 02:11 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll : 4,096 : 08/04/2004 09:56 AM : cbcd254547689bff80c9f547b20911e9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ksuser.dll : 4,096 : 04/14/2008 02:11 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
* C:\WINDOWS\System32\linkinfo.dll : 19,968 : 04/14/2008 02:11 AM : 2dc5a8019e2387987905f77c664e4be2 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll : 19,968 : 09/01/2005 03:44 AM : 648bf0b4dde4f7a1156dae7174d36efa [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll : 19,968 : 09/01/2005 03:41 AM : a1a688ee56cf3bbd24edeb815d48e9ba [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll : 18,944 : 08/04/2004 02:00 PM : c2bbd044c741ea4292016c36f718d2e4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll : 19,968 : 04/14/2008 02:11 AM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
* C:\WINDOWS\System32\lpk.dll : 22,016 : 04/14/2008 02:11 AM : 012df358cebaa23acb26d82077820817 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\lpk.dll : 22,016 : 08/04/2004 02:00 PM : 74d66b3de265e8789153414e75175f26 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\lpk.dll : 22,016 : 04/14/2008 02:11 AM : 012df358cebaa23acb26d82077820817 [Pos Repl]
* C:\WINDOWS\System32\lsass.exe : 13,312 : 04/14/2008 02:12 AM : bf2466b3e18e970d8a976fb95fc1ca85 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\lsass.exe : 13,312 : 08/04/2004 02:00 PM : 84885f9b82f4d55c6146ebf6065d75d2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\lsass.exe : 13,312 : 04/14/2008 02:12 AM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
* C:\WINDOWS\System32\midimap.dll : 18,944 : 04/14/2008 02:11 AM : 5c12660a97822f6e61576943b49aaad6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\midimap.dll : 18,944 : 08/04/2004 02:00 PM : 3b4702155bb2ae9dc00c06a68834bdfa [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\midimap.dll : 18,944 : 04/14/2008 02:11 AM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]
* C:\WINDOWS\System32\msgsvc.dll : 33,792 : 04/14/2008 02:11 AM : 986b1ff5814366d71e0ac5755c88f2d3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll : 33,792 : 08/04/2004 02:00 PM : 95fd808e4ac22aba025a7b3eac0375d2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll : 33,792 : 04/14/2008 02:11 AM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
* C:\WINDOWS\System32\msimg32.dll : 4,608 : 04/14/2008 02:11 AM : affc87e2501fce8f09d4c10ba6421ccf [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll : 4,608 : 08/04/2004 02:00 PM : b5331f2b6f37c66c29c847f3b94ff900 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msimg32.dll : 4,608 : 04/14/2008 02:11 AM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
* C:\WINDOWS\System32\msprivs.dll : 48,128 : 04/13/2008 06:23 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msprivs.dll : 48,128 : 08/04/2004 02:00 PM : 6bec17053284e847cf1fbb8c9a181e1e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msprivs.dll : 48,128 : 04/13/2008 06:23 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]
* C:\WINDOWS\System32\msvcrt.dll : 343,040 : 04/14/2008 02:12 AM : 355edbb4d412b01f1740c17e3f50fa00 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll : 343,040 : 08/04/2004 02:00 PM : b0fefa816d61ec66aa765ddf534eab5e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll : 343,040 : 04/14/2008 02:12 AM : 355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322,560 : 08/04/2004 02:00 PM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll : 343,040 : 08/04/2004 02:00 PM : 98ec447e00229afd88d5161a25d065da [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll : 343,040 : 04/14/2008 02:12 AM : d7075e95aa599ee77b7a89d39296bd3d [Pos Repl]
* C:\WINDOWS\System32\netlogon.dll : 407,040 : 04/14/2008 02:12 AM : 1b7f071c51b77c272875c3a23e1e4550 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll : 407,040 : 08/04/2004 02:00 PM : 96353fcecba774bb8da74a1c6507015a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll : 407,040 : 04/14/2008 02:12 AM : 1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]
* C:\WINDOWS\System32\netman.dll : 198,144 : 04/14/2008 02:12 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll : 197,632 : 08/22/2005 08:24 PM : 3516d8a18b36784b1005b950b84232e1 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\netman.dll : 197,632 : 08/22/2005 08:29 PM : 36739b39267914ba69ad0610a0299732 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB905414$\netman.dll : 198,144 : 08/04/2004 02:00 PM : dab9e6c7105d2ef49876fe92c524f565 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netman.dll : 198,144 : 04/14/2008 02:12 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
* C:\WINDOWS\System32\ntmssvc.dll : 435,200 : 04/14/2008 02:12 AM : 156f64a3345bd23c600655fb4d10bc08 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll : 435,200 : 08/04/2004 02:00 PM : b62f29c00ac55a761b2e45877d85ea0f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll : 435,200 : 04/14/2008 02:12 AM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
* C:\WINDOWS\System32\olepro32.dll : 84,992 : 04/14/2008 02:12 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll : 83,456 : 08/04/2004 02:00 PM : b48d3193dd1474dcbcc32bf4779ac698 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\olepro32.dll : 84,992 : 04/14/2008 02:12 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
* C:\WINDOWS\System32\perfctrs.dll : 39,936 : 04/14/2008 02:12 AM : dbe2b62353660ecca0d75ea307a717e9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll : 39,936 : 08/04/2004 02:00 PM : 96492c721c6ea517e2bfd5381fef55e3 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll : 39,936 : 04/14/2008 02:12 AM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
* C:\WINDOWS\System32\powrprof.dll : 17,408 : 04/14/2008 02:12 AM : 50a166237a0fa771261275a405646cc0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll : 17,408 : 08/04/2004 02:00 PM : 1b5f6923abb450692e9fe0672c897aed [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\powrprof.dll : 17,408 : 04/14/2008 02:12 AM : 50a166237a0fa771261275a405646cc0 [Pos Repl]
* C:\WINDOWS\System32\psbase.dll : 96,768 : 04/14/2008 02:12 AM : 22d89d84e8e081cda529dbf8c0255a38 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\psbase.dll : 96,768 : 08/04/2004 02:00 PM : 4d3ccdf22d2b4bae229ba73b81d13e26 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\psbase.dll : 96,768 : 04/14/2008 02:12 AM : 22d89d84e8e081cda529dbf8c0255a38 [Pos Repl]
* C:\WINDOWS\System32\pstorsvc.dll : 34,304 : 04/14/2008 02:12 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pstorsvc.dll : 34,304 : 08/04/2004 02:00 PM : 306b30a036db25fcb76b507fede07d58 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pstorsvc.dll : 34,304 : 04/14/2008 02:12 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]
* C:\WINDOWS\System32\qmgr.dll : 409,088 : 04/14/2008 02:12 AM : 574738f61fca2935f5265dc4e5691314 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB923845\SP2QFE\qmgr.dll : 409,600 : 03/29/2007 02:46 PM : 65e23953d337574e549b1ef34fe0b1da [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll : 409,600 : 03/29/2007 02:56 PM : cc431e6deaad867a583ee5e804ee4cf2 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB923845$\qmgr.dll : 382,464 : 08/04/2004 02:00 PM : 2c69ec7e5a311334d10dd95f338fccea [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\qmgr.dll : 409,088 : 04/14/2008 02:12 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
+-> C:\WINDOWS\system32\bits\qmgr.dll : 409,088 : 04/14/2008 02:12 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
* C:\WINDOWS\System32\rasadhlp.dll : 7,680 : 04/14/2008 02:12 AM : 6f9bef24c578d5d6740e080bedd6a448 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll : 7,680 : 06/26/2006 07:45 PM : b5d08c96b2dadaf5171fb69e341b272b [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll : 8,192 : 06/26/2006 07:37 PM : 5f098bd2ae6b03044b085decffdf91ec [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll : 8,192 : 08/04/2004 02:00 PM : 4caec028c1e21c75e17877d4522d3db4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll : 7,680 : 04/14/2008 02:12 AM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
* C:\WINDOWS\System32\regsvc.dll : 59,904 : 04/14/2008 02:12 AM : 5b19b557b0c188210a56a6b699d90b8f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll : 59,904 : 08/04/2004 02:00 PM : 3151427db7d87107d1c5be58fac53960 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\regsvc.dll : 59,904 : 04/14/2008 02:12 AM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
* C:\WINDOWS\System32\scecli.dll : 181,248 : 04/14/2008 02:12 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll : 180,224 : 08/04/2004 02:00 PM : 0f78e27f563f2aaf74b91a49e2abf19a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\scecli.dll : 181,248 : 04/14/2008 02:12 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
* C:\WINDOWS\System32\schedsvc.dll : 192,512 : 04/14/2008 02:12 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll : 190,976 : 08/04/2004 02:00 PM : 92360854316611f6cc471612213c3d92 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll : 192,512 : 04/14/2008 02:12 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
* C:\WINDOWS\System32\setupapi.dll : 985,088 : 04/14/2008 05:42 AM : 24192246760e0e64435522e246b1d6c2 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll : 983,552 : 08/04/2004 02:00 PM : 7808313cbc634ee08346d5ddfef1cc5f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\setupapi.dll : 985,088 : 04/14/2008 05:42 AM : 24192246760e0e64435522e246b1d6c2 [Pos Repl]
* C:\WINDOWS\System32\sfc.dll : 5,120 : 04/14/2008 02:12 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sfc.dll : 5,120 : 08/04/2004 02:00 PM : e8a12a12ea9088b4327d49edca3add3e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sfc.dll : 5,120 : 04/14/2008 02:12 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
* C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 04/14/2008 02:12 AM : 9dd07af82244867ca36681ea2d29ce79 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll : 1,580,544 : 08/04/2004 02:00 PM : 30a609e00bd1d4ffc49d6b5a432be7f2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll : 1,614,848 : 04/14/2008 02:12 AM : 9dd07af82244867ca36681ea2d29ce79 [Pos Repl]
* C:\WINDOWS\System32\smss.exe : 50,688 : 04/14/2008 02:12 AM : 5f816c1f539266d2d4c78694239da0b5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\smss.exe : 50,688 : 08/04/2004 02:00 PM : bd7fb0957c716f1a60333aee04de2178 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\smss.exe : 50,688 : 04/14/2008 02:12 AM : 5f816c1f539266d2d4c78694239da0b5 [Pos Repl]
* C:\WINDOWS\System32\svchost.exe : 14,336 : 04/14/2008 02:12 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\svchost.exe : 14,336 : 08/04/2004 02:00 PM : 8f078ae4ed187aaabc0a305146de6716 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\svchost.exe : 14,336 : 04/14/2008 02:12 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
* C:\WINDOWS\System32\tapisrv.dll : 249,856 : 04/14/2008 02:12 AM : 3cb78c17bb664637787c9a1c98f79c38 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll : 249,344 : 07/08/2005 06:28 PM : 1418a3a6e76e5a2e3f5e43866e793a8b [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll : 249,344 : 07/08/2005 06:27 PM : fb78839b36025aa286a51289ed28b73e [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll : 246,272 : 08/04/2004 02:00 PM : eb4a4187d74a8efdcbea3ea2cb1bdfbd [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll : 249,856 : 04/14/2008 02:12 AM : 3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]
* C:\WINDOWS\System32\termsrv.dll : 295,424 : 04/14/2008 02:12 AM : ff3477c03be7201c294c35f684b3479f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll : 295,424 : 08/04/2004 02:00 PM : b60c877d16d9c880b952fda04adf16e6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\termsrv.dll : 295,424 : 04/14/2008 02:12 AM : ff3477c03be7201c294c35f684b3479f [Pos Repl]
* C:\WINDOWS\System32\user32.dll : 578,560 : 04/14/2008 02:12 AM : b26b135ff1b9f60c9388b4a7d16f600b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll : 577,024 : 03/02/2005 08:19 PM : 1800f293bccc8ede8a70e12b88d80036 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll : 578,048 : 03/08/2007 05:48 PM : 7aa4f6c00405dfc4b70ed4214e7d687b [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\user32.dll : 577,536 : 03/08/2007 05:36 PM : b409909f6e2e8a7067076ed748abf1e7 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB890859$\user32.dll : 577,024 : 08/04/2004 02:00 PM : c72661f8552ace7c5c85e16a3cf505c4 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB925902$\user32.dll : 577,024 : 03/02/2005 08:09 PM : de2db164bbb35db061af0997e4499054 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\user32.dll : 578,560 : 04/14/2008 02:12 AM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
* C:\WINDOWS\System32\userinit.exe : 26,112 : 04/14/2008 02:12 AM : a93aee1928a9d7ce3e16d24ec7380f89 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\userinit.exe : 24,576 : 08/04/2004 02:00 PM : 39b1ffb03c2296323832acbae50d2aff [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\userinit.exe : 26,112 : 04/14/2008 02:12 AM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
* C:\WINDOWS\System32\UxTheme.dll : 218,624 : 04/14/2008 02:12 AM : 7a2cc3719b255e6b5d74396183b7715b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll : 218,624 : 08/04/2004 02:00 PM : 2cde496666a975a2ce8f969f3042c8db [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll : 218,624 : 04/14/2008 02:12 AM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]
* C:\WINDOWS\System32\version.dll : 18,944 : 04/14/2008 02:12 AM : c7ce131408739b0b3a318be2d0032719 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\version.dll : 18,944 : 08/04/2004 02:00 PM : d38408967be738d0c1b47005bce8ceeb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\version.dll : 18,944 : 04/14/2008 02:12 AM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]
* C:\WINDOWS\System32\w32time.dll : 175,104 : 04/14/2008 02:12 AM : 54af4b1d5459500ef0937f6d33b1914f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\w32time.dll : 174,592 : 08/04/2004 02:00 PM : 2b281958f5d0cf99ed626e3ef39d5c8d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\w32time.dll : 175,104 : 04/14/2008 02:12 AM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]
* C:\WINDOWS\System32\wiaservc.dll : 333,824 : 04/14/2008 02:12 AM : 8bad69cbac032d4bbacfce0306174c30 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll : 333,824 : 12/19/2006 08:47 PM : d9f097aa3b97034d3358a01b43e635b2 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll : 333,824 : 12/19/2006 08:16 PM : b6763f8534ac547cf1af98afdff2edc8 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll : 333,312 : 08/04/2004 02:00 PM : d9f6c4f6b1e188adafc42b561d9bc2e6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll : 333,824 : 04/14/2008 02:12 AM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
* C:\WINDOWS\System32\winlogon.exe : 507,904 : 04/14/2008 02:12 AM : ed0ef0a136dec83df69f04118870003e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe : 502,272 : 08/04/2004 02:00 PM : 01c3346c241652f43aed8e2149881bfe [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe : 507,904 : 04/14/2008 02:12 AM : ed0ef0a136dec83df69f04118870003e [Pos Repl]
* C:\WINDOWS\System32\ws2_32.dll : 82,432 : 04/14/2008 02:12 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll : 82,944 : 08/04/2004 02:00 PM : 2ed0b7f12a60f90092081c50fa0ec2b2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll : 82,432 : 04/14/2008 02:12 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
* C:\WINDOWS\System32\ws2help.dll : 19,968 : 04/14/2008 02:12 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll : 19,968 : 08/04/2004 02:00 PM : 9beacb911ca61e5881102188ab7fb431 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ws2help.dll : 19,968 : 04/14/2008 02:12 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ws2help.dll : 19,968 : 04/14/2008 02:12 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
* C:\WINDOWS\System32\wscntfy.exe : 13,824 : 04/14/2008 02:12 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe : 13,824 : 08/04/2004 02:00 PM : 49911dd39e023bb6c45e4e436cfbd297 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe : 13,824 : 04/14/2008 02:12 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
* C:\WINDOWS\System32\xmlprov.dll : 129,024 : 04/14/2008 02:12 AM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll : 129,536 : 08/04/2004 02:00 PM : eef46dab68229a14da3d8e73c99e2959 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll : 129,024 : 04/14/2008 02:12 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
* C:\WINDOWS\explorer.exe : 1,033,728 : 04/14/2008 02:12 AM : 12896823fb95bfb3dc9b46bcaedc9923 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe : 1,033,216 : 06/13/2007 01:26 PM : 7712df0cdde3a5ac89843e61cd5b3658 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe : 1,033,216 : 06/13/2007 12:23 AM : 97bd6515465659ff8f3b7be375b2ea87 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB938828$\explorer.exe : 1,032,192 : 08/04/2004 02:00 PM : a0732187050030ae399b241436565e64 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\explorer.exe : 1,033,728 : 04/14/2008 02:12 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
* C:\WINDOWS\System32\drivers\acpiec.sys : 11,648 : 08/04/2004 02:00 PM : 9859c0f6936e723e4892d7141b1327d5 [NoSig]
* C:\WINDOWS\System32\drivers\acpi.sys : 187,776 : 04/13/2008 08:36 PM : 8fd99680a539792a30e97944fdaecf17 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\acpi.sys : 187,776 : 08/04/2004 02:00 PM : a10c7534f7223f4a73a948967d00e69b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\acpi.sys : 187,776 : 04/13/2008 08:36 PM : 8fd99680a539792a30e97944fdaecf17 [Pos Repl]
* C:\WINDOWS\System32\drivers\aec.sys : 142,592 : 04/13/2008 06:39 PM : 8bed39e3c35d6a489438b8141717a557 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys : 142,464 : 02/15/2006 02:30 AM : 1ee7b434ba961ef845de136224c30fec [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\aec.sys : 142,464 : 02/15/2006 02:22 AM : 1ee7b434ba961ef845de136224c30fec [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB900485$\aec.sys : 142,464 : 08/04/2004 07:39 AM : 841f385c6cfaf66b58fbd898722bb4f0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\aec.sys : 142,592 : 04/13/2008 06:39 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
* C:\WINDOWS\System32\drivers\agp440.sys : 42,368 : 04/13/2008 08:36 PM : 08fd04aa961bdc77fb983f328334e3d7 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\agp440.sys : 42,368 : 04/13/2008 08:36 PM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
* C:\WINDOWS\System32\drivers\amdk6.sys : 37,376 : 04/13/2008 08:31 PM : d7701d7e72243286cc88c9973d891057 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys : 36,992 : 08/04/2004 02:00 PM : dad16a9d5c873e7219e6b43802ed316a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\amdk6.sys : 37,376 : 04/13/2008 08:31 PM : d7701d7e72243286cc88c9973d891057 [Pos Repl]
* C:\WINDOWS\System32\drivers\amdk7.sys : 37,760 : 04/13/2008 08:31 PM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys : 37,376 : 08/04/2004 02:00 PM : 680ad1c1bb16239e28d8f33a54a7a3c7 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\amdk7.sys : 37,760 : 04/13/2008 08:31 PM : 8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl]
* C:\WINDOWS\System32\drivers\arp1394.sys : 60,800 : 04/13/2008 08:51 PM : b5b8a80875c1dededa8b02765642c32f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys : 60,800 : 08/04/2004 02:00 PM : f0d692b0bffb46e30eb3cea168bbc49f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\arp1394.sys : 60,800 : 04/13/2008 08:51 PM : b5b8a80875c1dededa8b02765642c32f [Pos Repl]
* C:\WINDOWS\System32\drivers\asyncmac.sys : 14,336 : 04/13/2008 08:57 PM : b153affac761e7f5fcfa822b9c4e97bc [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys : 14,336 : 08/04/2004 02:00 PM : 02000abf34af4c218c35d257024807d6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys : 14,336 : 04/13/2008 08:57 PM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
* C:\WINDOWS\System32\drivers\atapi.sys : 96,512 : 04/13/2008 08:40 PM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : 95,360 : 08/04/2004 07:59 AM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\atapi.sys : 96,512 : 04/13/2008 08:40 PM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys : 95,360 : 08/04/2004 02:00 PM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]
* C:\WINDOWS\System32\drivers\audstub.sys : 3,072 : 08/17/2001 03:59 PM : d9f724aa26c010a217c97606b160ed68 [NoSig]
* C:\WINDOWS\System32\drivers\beep.sys : 4,224 : 08/04/2004 02:00 PM : da1f27d85e0d1525f6621372e7b685e9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 08/04/2004 02:00 PM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
* C:\WINDOWS\System32\drivers\cbidf2k.sys : 13,952 : 08/04/2004 02:00 PM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig]
* C:\WINDOWS\System32\drivers\cdaudio.sys : 18,688 : 08/04/2004 02:00 PM : c1b486a7658353d33a10cc15211a873b [NoSig]
* C:\WINDOWS\System32\drivers\cdfs.sys : 63,744 : 04/13/2008 09:14 PM : c885b02847f5d2fd45a24e219ed93b32 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys : 63,744 : 08/04/2004 02:00 PM : cd7d5152df32b47f4e36f710b35aae02 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\cdfs.sys : 63,744 : 04/13/2008 09:14 PM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
* C:\WINDOWS\System32\drivers\cdrom.sys : 62,976 : 04/13/2008 08:40 PM : 1f4260cc5b42272d71f79e570a27a4fe [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys : 49,536 : 08/04/2004 02:00 PM : af9c19b3100fe010496b1a27181fbf72 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\cdrom.sys : 62,976 : 04/13/2008 08:40 PM : 1f4260cc5b42272d71f79e570a27a4fe [Pos Repl]
* C:\WINDOWS\System32\drivers\classpnp.sys : 49,536 : 04/13/2008 09:16 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys : 49,664 : 08/04/2004 02:00 PM : d86173b401470f06d9810f7962969ddf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\classpnp.sys : 49,536 : 04/13/2008 09:16 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
* C:\WINDOWS\System32\drivers\crusoe.sys : 36,736 : 04/13/2008 08:31 PM : f50d9bdbb25cce075e514dc07472a22f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys : 36,480 : 08/04/2004 02:00 PM : 6af1684ccaac3f7ef4ee9ba65eb0677a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\crusoe.sys : 36,736 : 04/13/2008 08:31 PM : f50d9bdbb25cce075e514dc07472a22f [Pos Repl]
* C:\WINDOWS\System32\drivers\diskdump.sys : 14,208 : 04/13/2008 08:40 PM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys : 14,208 : 08/04/2004 02:00 PM : d16c81677a9be399c63cd2ea486472a5 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\diskdump.sys : 14,208 : 04/13/2008 08:40 PM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
* C:\WINDOWS\System32\drivers\disk.sys : 36,352 : 04/13/2008 08:40 PM : 044452051f3e02e7963599fc8f4f3e25 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\disk.sys : 36,352 : 08/04/2004 02:00 PM : 00ca44e4534865f8a3b64f7c0984bff0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\disk.sys : 36,352 : 04/13/2008 08:40 PM : 044452051f3e02e7963599fc8f4f3e25 [Pos Repl]
* C:\WINDOWS\System32\drivers\dmboot.sys : 799,744 : 04/13/2008 08:44 PM : d992fe1274bde0f84ad826acae022a41 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys : 799,744 : 08/04/2004 02:00 PM : c0fbb516e06e243f0cf31f597e7ebf7d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dmboot.sys : 799,744 : 04/13/2008 08:44 PM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]
* C:\WINDOWS\System32\drivers\dmio.sys : 153,344 : 04/13/2008 08:44 PM : 7c824cf7bbde77d95c08005717a95f6f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dmio.sys : 153,344 : 08/04/2004 02:00 PM : f5e7b358a732d09f4bcf2824b88b9e28 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dmio.sys : 153,344 : 04/13/2008 08:44 PM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
* C:\WINDOWS\System32\drivers\dmload.sys : 5,888 : 08/04/2004 02:00 PM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 08/04/2004 02:00 PM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
* C:\WINDOWS\System32\drivers\DMusic.sys : 52,864 : 04/13/2008 08:45 PM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys : 52,864 : 08/04/2004 08:07 AM : a6f881284ac1150e37d9ae47ff601267 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dmusic.sys : 52,864 : 04/13/2008 08:45 PM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
* C:\WINDOWS\System32\drivers\drmkaud.sys : 2,944 : 04/13/2008 08:45 PM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys : 2,944 : 08/04/2004 08:07 AM : 1ed4dbbae9f5d558dbba4cc450e3eb2e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys : 2,944 : 04/13/2008 08:45 PM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
* C:\WINDOWS\System32\drivers\drmk.sys : 60,160 : 04/13/2008 08:45 PM : 6cb08593487f5701d2d2254e693eafce [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\drmk.sys : 60,288 : 08/04/2004 08:08 AM : ff86422268de771d571e123eb7092c6a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\drmk.sys : 60,160 : 04/13/2008 08:45 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/13/2008 08:45 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
* C:\WINDOWS\System32\drivers\dxapi.sys : 10,496 : 08/04/2004 02:00 PM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 08/04/2004 02:00 PM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
* C:\WINDOWS\System32\drivers\dxg.sys : 71,168 : 04/13/2008 08:38 PM : ac7280566a7bb85cb3291f04ddc1198e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dxg.sys : 71,040 : 08/04/2004 02:00 PM : d3dac8432110aad0b02a58b4459ab835 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dxg.sys : 71,168 : 04/13/2008 08:38 PM : ac7280566a7bb85cb3291f04ddc1198e [Pos Repl]
* C:\WINDOWS\System32\drivers\dxgthk.sys : 3,328 : 08/04/2004 02:00 PM : a73f5d6705b1d820c19b18782e176efd [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 08/04/2004 02:00 PM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]
* C:\WINDOWS\System32\drivers\fastfat.sys : 143,744 : 04/13/2008 09:14 PM : 38d332a6d56af32635675f132548343e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys : 143,360 : 08/04/2004 02:00 PM : 3117f595e9615e04f05a54fc15a03b20 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fastfat.sys : 143,744 : 04/13/2008 09:14 PM : 38d332a6d56af32635675f132548343e [Pos Repl]
* C:\WINDOWS\System32\drivers\fdc.sys : 27,392 : 04/13/2008 08:40 PM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fdc.sys : 27,392 : 08/04/2004 02:00 PM : ced2e8396a8838e59d8fd529c680e02c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fdc.sys : 27,392 : 04/13/2008 08:40 PM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl]
* C:\WINDOWS\System32\drivers\fips.sys : 44,544 : 04/13/2008 08:33 PM : d45926117eb9fa946a6af572fbe1caa3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fips.sys : 34,944 : 08/04/2004 02:00 PM : e153ab8a11de5452bcf5ac7652dbf3ed [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fips.sys : 44,544 : 04/13/2008 08:33 PM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
* C:\WINDOWS\System32\drivers\flpydisk.sys : 20,480 : 04/13/2008 08:40 PM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys : 20,480 : 08/04/2004 02:00 PM : 0dd1de43115b93f4d85e889d7a86f548 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys : 20,480 : 04/13/2008 08:40 PM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl]
* C:\WINDOWS\System32\drivers\fltMgr.sys : 129,792 : 04/13/2008 08:32 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\fltmgr.sys : 128,768 : 02/21/2006 05:37 AM : 358db977c3247038eb58a81fddd2b58f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys : 128,768 : 08/21/2006 11:43 AM : 5a85cd3d07273e3f6fe72ee9c6431632 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys : 128,896 : 08/21/2006 11:14 AM : 3d234fb6d6ee875eb009864a299bea29 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB922582$\fltmgr.sys : 124,800 : 08/04/2004 02:00 PM : 157754f0df355a9e0a6f54721914f9c6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys : 129,792 : 04/13/2008 08:32 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
* C:\WINDOWS\System32\drivers\fs_rec.sys : 7,936 : 08/04/2004 02:00 PM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [NoSig]
+-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 08/04/2004 02:00 PM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]
* C:\WINDOWS\System32\drivers\fsvga.sys : 12,160 : 08/04/2004 02:00 PM : 455f778ee14368468560bd7cb8c854d0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\fsvga.sys : 12,160 : 08/04/2004 02:00 PM : 455f778ee14368468560bd7cb8c854d0 [Pos Repl]
* C:\WINDOWS\System32\drivers\ftdisk.sys : 125,056 : 08/04/2004 02:00 PM : 6ac26732762483366c3969c9e4d2259d [NoSig]
* C:\WINDOWS\System32\drivers\hidclass.sys : 36,864 : 04/13/2008 08:45 PM : 1af592532532a402ed7c060f6954004f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys : 36,224 : 08/04/2004 02:00 PM : 378055ab8dda86228683c697c4e11685 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hidclass.sys : 36,864 : 04/13/2008 08:45 PM : 1af592532532a402ed7c060f6954004f [Pos Repl]
* C:\WINDOWS\System32\drivers\hidusb.sys : 10,368 : 04/13/2008 08:45 PM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\hidusb.sys : 9,600 : 08/04/2004 02:00 PM : 1de6783b918f540149aa69943bdfeba8 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hidusb.sys : 10,368 : 04/13/2008 08:45 PM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
* C:\WINDOWS\System32\drivers\i8042prt.sys : 52,480 : 04/13/2008 09:18 PM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys : 52,736 : 08/04/2004 02:00 PM : 5502b58eef7486ee6f93f3f164dcb808 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys : 52,480 : 04/13/2008 09:18 PM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
* C:\WINDOWS\System32\drivers\imapi.sys : 42,112 : 04/13/2008 08:40 PM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\imapi.sys : 41,856 : 08/04/2004 02:00 PM : f8aa320c6a0409c0380e5d8a99d76ec6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\imapi.sys : 42,112 : 04/13/2008 08:40 PM : 083a052659f5310dd8b6a6cb05edcf8e [Pos Repl]
* C:\WINDOWS\System32\drivers\intelide.sys : 5,504 : 04/13/2008 08:40 PM : b5466a9250342a7aa0cd1fba13420678 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\intelide.sys : 5,504 : 08/04/2004 00:59 AM : 2d722b2b54ab55b2fa475eb58d7b2aad [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\intelide.sys : 5,504 : 04/13/2008 08:40 PM : b5466a9250342a7aa0cd1fba13420678 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\intelide.sys : 5,504 : 08/04/2004 00:59 AM : 2d722b2b54ab55b2fa475eb58d7b2aad [Pos Repl]
* C:\WINDOWS\System32\drivers\intelppm.sys : 36,352 : 04/13/2008 08:31 PM : 8c953733d8f36eb2133f5bb58808b66b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\intelppm.sys : 36,096 : 08/04/2004 02:00 PM : 279fb78702454dff2bb445f238c048d2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\intelppm.sys : 36,352 : 04/13/2008 08:31 PM : 8c953733d8f36eb2133f5bb58808b66b [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\intelppm.sys : 36,096 : 08/04/2004 02:00 PM : 279fb78702454dff2bb445f238c048d2 [Pos Repl]
* C:\WINDOWS\System32\drivers\ip6fw.sys : 36,608 : 04/13/2008 08:53 PM : 3bb22519a194418d5fec05d800a19ad0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys : 29,056 : 08/04/2004 02:00 PM : 4448006b6bc60e6c027932cfc38d6855 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys : 36,608 : 04/13/2008 08:53 PM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipfltdrv.sys : 32,896 : 08/04/2004 02:00 PM : 731f22ba402ee4b62748adaf6363c182 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 08/04/2004 02:00 PM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipinip.sys : 20,864 : 04/13/2008 08:57 PM : b87ab476dcf76e72010632b5550955f5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys : 20,992 : 08/04/2004 02:00 PM : e1ec7f5da720b640cd8fb8424f1b14bb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipinip.sys : 20,864 : 04/13/2008 08:57 PM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipnat.sys : 152,832 : 04/13/2008 08:57 PM : cc748ea12c6effde940ee98098bf96bb [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys : 134,912 : 09/30/2004 00:31 AM : 5191673215c91ff13ceaa83ef8e9653f [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys : 134,912 : 09/30/2004 00:28 AM : e2168cbc7098ffe963c6f23f472a3593 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB886185$\ipnat.sys : 134,912 : 08/04/2004 02:00 PM : b5a8e215ac29d24d60b4d1250ef05ace [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipnat.sys : 152,832 : 04/13/2008 08:57 PM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]
* C:\WINDOWS\System32\drivers\ipsec.sys : 75,264 : 04/13/2008 09:19 PM : 23c74d75e36e7158768dd63d92789a91 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys : 74,752 : 08/04/2004 02:00 PM : 64537aa5c003a6afeee1df819062d0d1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipsec.sys : 75,264 : 04/13/2008 09:19 PM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
* C:\WINDOWS\System32\drivers\isapnp.sys : 37,248 : 04/13/2008 08:36 PM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys : 35,840 : 08/17/2001 10:58 PM : e504f706ccb699c2596e9a3da1596e87 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\isapnp.sys : 37,248 : 04/13/2008 08:36 PM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\isapnp.sys : 35,840 : 08/04/2004 02:00 PM : e504f706ccb699c2596e9a3da1596e87 [Pos Repl]
* C:\WINDOWS\System32\drivers\kbdclass.sys : 24,576 : 04/13/2008 08:39 PM : 463c1ec80cd17420a542b7f36a36f128 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys : 24,576 : 08/04/2004 02:00 PM : ebdee8a2ee5393890a1acee971c4c246 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys : 24,576 : 04/13/2008 08:39 PM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]
* C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 04/13/2008 08:45 PM : 692bcf44383d056aed41b045a323d378 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys : 172,416 : 06/14/2006 10:50 AM : 8531438246ce9474e41ee1599904c0c7 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys : 172,416 : 06/14/2006 10:47 AM : ba5deda4d934e6288c2f66caf58d2562 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB920872$\kmixer.sys : 171,776 : 08/04/2004 08:07 AM : d93cad07c5683db066b0b2d2d3790ead [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\kmixer.sys : 172,416 : 04/13/2008 08:45 PM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
* C:\WINDOWS\System32\drivers\ks.sys : 141,056 : 04/13/2008 09:16 PM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ks.sys : 140,928 : 08/04/2004 08:15 AM : b9540e258f952650de8dec68719a5c97 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ks.sys : 141,056 : 04/13/2008 09:16 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/13/2008 09:16 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mcd.sys : 7,680 : 08/04/2004 02:00 PM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig]
+-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 08/04/2004 02:00 PM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
* C:\WINDOWS\System32\drivers\mf.sys : 63,744 : 04/13/2008 08:36 PM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mf.sys : 63,744 : 08/04/2004 02:00 PM : 729d83e56c29c510258a6e9e79ffddc3 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mf.sys : 63,744 : 04/13/2008 08:36 PM : a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mnmdd.sys : 4,224 : 08/04/2004 02:00 PM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 08/04/2004 02:00 PM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
* C:\WINDOWS\System32\drivers\modem.sys : 30,080 : 04/13/2008 09:00 PM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\modem.sys : 30,080 : 08/04/2004 02:00 PM : 6fc6f9d7acc36dca9b914565a3aeda05 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\modem.sys : 30,080 : 04/13/2008 09:00 PM : dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mouclass.sys : 23,040 : 04/13/2008 08:39 PM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys : 23,040 : 08/04/2004 02:00 PM : 34e1f0031153e491910e12551400192c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mouclass.sys : 23,040 : 04/13/2008 08:39 PM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
* C:\WINDOWS\System32\drivers\mouhid.sys : 12,160 : 08/04/2004 02:00 PM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig]
* C:\WINDOWS\System32\drivers\mountmgr.sys : 42,368 : 04/13/2008 08:39 PM : a80b9a0bad1b73637dbcbba7df72d3fd [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys : 42,240 : 08/04/2004 02:00 PM : 65653f3b4477f3c63e68a9659f85ee2e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys : 42,368 : 04/13/2008 08:39 PM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]
* C:\WINDOWS\System32\drivers\mrxdav.sys : 180,608 : 04/13/2008 08:32 PM : 11d42bb6206f33fbb3ba0288d3ef81bd [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys : 179,712 : 12/18/2007 11:38 AM : 9921d9df98f266560ec28b3bdb580180 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys : 179,584 : 12/18/2007 11:51 AM : 29414447eb5bde2f8397dc965dbb3156 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys : 181,248 : 08/04/2004 02:00 PM : 46edcc8f2db2f322c24f48785cb46366 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mrxdav.sys : 180,608 : 04/13/2008 08:32 PM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]
* C:\WINDOWS\System32\drivers\msfs.sys : 19,072 : 04/13/2008 08:32 PM : c941ea2454ba8350021d774daf0f1027 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msfs.sys : 19,072 : 08/04/2004 02:00 PM : 561b3a4333ca2dbdba28b5b956822519 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msfs.sys : 19,072 : 04/13/2008 08:32 PM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]
* C:\WINDOWS\System32\drivers\msgpc.sys : 35,072 : 04/13/2008 08:56 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msgpc.sys : 35,072 : 08/04/2004 02:00 PM : c0f1d4a21de5a415df8170616703debf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msgpc.sys : 35,072 : 04/13/2008 08:56 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
* C:\WINDOWS\System32\drivers\MSKSSRV.sys : 7,552 : 04/13/2008 08:39 PM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys : 7,552 : 08/04/2004 07:58 AM : ae431a8dd3c1d0d0610cdbac16057ad0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys : 7,552 : 04/13/2008 08:39 PM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
* C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 5,376 : 04/13/2008 08:39 PM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mspclock.sys : 5,376 : 08/04/2004 07:58 AM : 13e75fef9dfeb08eeded9d0246e1f448 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mspclock.sys : 5,376 : 04/13/2008 08:39 PM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
* C:\WINDOWS\System32\drivers\MSPQM.sys : 4,992 : 04/13/2008 08:39 PM : bad59648ba099da4a17680b39730cb3d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mspqm.sys : 4,992 : 08/04/2004 07:58 AM : 1988a33ff19242576c3d0ef9ce785da7 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mspqm.sys : 4,992 : 04/13/2008 08:39 PM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
* C:\WINDOWS\System32\drivers\mssmbios.sys : 15,488 : 04/13/2008 08:36 PM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mssmbios.sys : 15,488 : 08/04/2004 02:00 PM : 469541f8bfd2b32659d5d463a6714bce [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys : 15,488 : 04/13/2008 08:36 PM : af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndis.sys : 182,656 : 04/13/2008 09:20 PM : 1df7f42665c94b825322fae71721130d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndis.sys : 182,912 : 08/04/2004 02:00 PM : 558635d3af1c7546d26067d5d9b6959e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndis.sys : 182,656 : 04/13/2008 09:20 PM : 1df7f42665c94b825322fae71721130d [Pos Repl]
* C:\WINDOWS\System32\drivers\ndisuio.sys : 14,592 : 04/13/2008 08:55 PM : f927a4434c5028758a842943ef1a3849 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys : 12,928 : 08/04/2004 02:00 PM : 34d6cd56409da9a7ed573e1c90a308bf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys : 14,592 : 04/13/2008 08:55 PM : f927a4434c5028758a842943ef1a3849 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndiswan.sys : 91,520 : 04/13/2008 09:20 PM : edc1531a49c80614b2cfda43ca8659ab [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndiswan.sys : 91,776 : 08/04/2004 02:00 PM : 0b90e255a9490166ab368cd55a529893 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys : 91,520 : 04/13/2008 09:20 PM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
* C:\WINDOWS\System32\drivers\netbios.sys : 34,688 : 04/13/2008 08:56 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\netbios.sys : 34,560 : 08/04/2004 02:00 PM : 3a2aca8fc1d7786902ca434998d7ceb4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netbios.sys : 34,688 : 04/13/2008 08:56 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
* C:\WINDOWS\System32\drivers\netbt.sys : 162,816 : 04/13/2008 09:21 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\netbt.sys : 162,816 : 08/04/2004 02:00 PM : 0c80e410cd2f47134407ee7dd19cc86b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netbt.sys : 162,816 : 04/13/2008 09:21 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
* C:\WINDOWS\System32\drivers\nic1394.sys : 61,824 : 04/13/2008 08:51 PM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys : 61,824 : 08/04/2004 02:00 PM : 5c5c53db4fef16cf87b9911c7e8c6fbc [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\nic1394.sys : 61,824 : 04/13/2008 08:51 PM : e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl]
* C:\WINDOWS\System32\drivers\nmnt.sys : 40,320 : 04/13/2008 08:53 PM : 1e421a6bcf2203cc61b821ada9de878b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\nmnt.sys : 40,320 : 08/04/2004 02:00 PM : 60cf8c7192b3614f240838ddbaa4a245 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\nmnt.sys : 40,320 : 04/13/2008 08:53 PM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
* C:\WINDOWS\System32\drivers\npfs.sys : 30,848 : 04/13/2008 08:32 PM : 3182d64ae053d6fb034f44b6def8034a [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\npfs.sys : 30,848 : 08/04/2004 02:00 PM : 4f601bcb8f64ea3ac0994f98fed03f8e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\npfs.sys : 30,848 : 04/13/2008 08:32 PM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]
* C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 04/13/2008 09:15 PM : 78a08dd6a8d65e697c18e1db01c5cdca [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys : 574,976 : 02/09/2007 01:23 PM : 05ab81909514bfd69cbb1f2c147cf6b9 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys : 574,464 : 02/09/2007 01:10 PM : 19a811ef5f1ed5c926a028ce107ff1af [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys : 574,592 : 08/04/2004 02:00 PM : b78be402c3f63dd55521f73876951cdd [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ntfs.sys : 574,976 : 04/13/2008 09:15 PM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
* C:\WINDOWS\System32\drivers\null.sys : 2,944 : 08/04/2004 02:00 PM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig]
+-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 08/04/2004 02:00 PM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkflt.sys : 12,416 : 08/04/2004 02:00 PM : b305f3fad35083837ef46a0bbce2fc57 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 08/04/2004 02:00 PM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkfwd.sys : 32,512 : 08/04/2004 02:00 PM : c99b3415198d1aab7227f2c88fd664b9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 08/04/2004 02:00 PM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkipx.sys : 88,320 : 04/13/2008 08:56 PM : 8b8b1be2dba4025da6786c645f77f123 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\nwlnkipx.sys : 88,448 : 08/04/2004 02:00 PM : 79ea3fcda7067977625b3363a2657c80 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys : 88,320 : 04/13/2008 08:56 PM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnknb.sys : 63,232 : 08/04/2004 02:00 PM : 56d34a67c05e94e16377c60609741ff8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 08/04/2004 02:00 PM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkspx.sys : 55,936 : 08/04/2004 02:00 PM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 08/04/2004 02:00 PM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
* C:\WINDOWS\System32\drivers\oprghdlr.sys : 3,456 : 08/04/2004 02:00 PM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\oprghdlr.sys : 3,456 : 08/04/2004 02:00 PM : 4bb30ddc53ebc76895e38694580cdfe9 [Pos Repl]
* C:\WINDOWS\System32\drivers\p3.sys : 42,752 : 04/13/2008 08:31 PM : c90018bafdc7098619a4a95b046b30f3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\p3.sys : 42,496 : 08/04/2004 02:00 PM : 3e16eff2a6fed2d8d7f5a66dfe65d183 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\p3.sys : 42,752 : 04/13/2008 08:31 PM : c90018bafdc7098619a4a95b046b30f3 [Pos Repl]
* C:\WINDOWS\System32\drivers\parport.sys : 80,128 : 04/13/2008 08:40 PM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\parport.sys : 80,128 : 08/04/2004 02:00 PM : 29744eb4ce659dfe3b4122deb45bc478 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\parport.sys : 80,128 : 04/13/2008 08:40 PM : 5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl]
* C:\WINDOWS\System32\drivers\partmgr.sys : 19,712 : 04/13/2008 08:40 PM : beb3ba25197665d82ec7065b724171c6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\partmgr.sys : 18,688 : 08/04/2004 02:00 PM : 3334430c29dc338092f79c38ef7b4cd0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\partmgr.sys : 19,712 : 04/13/2008 08:40 PM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]
* C:\WINDOWS\System32\drivers\parvdm.sys : 6,784 : 08/04/2004 02:00 PM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 08/04/2004 02:00 PM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
* C:\WINDOWS\System32\drivers\pciidex.sys : 24,960 : 04/13/2008 08:40 PM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys : 25,088 : 08/04/2004 07:59 AM : 520b91ab011456b940d9b05fc91108ff [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pciidex.sys : 24,960 : 04/13/2008 08:40 PM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\pciidex.sys : 25,088 : 08/04/2004 02:00 PM : 520b91ab011456b940d9b05fc91108ff [Pos Repl]
* C:\WINDOWS\System32\drivers\pci.sys : 68,224 : 04/13/2008 08:36 PM : a219903ccf74233761d92bef471a07b1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pci.sys : 68,224 : 08/04/2004 08:07 AM : 8086d9979234b603ad5bc2f5d890b234 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pci.sys : 68,224 : 04/13/2008 08:36 PM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\pci.sys : 68,224 : 08/04/2004 02:00 PM : 8086d9979234b603ad5bc2f5d890b234 [Pos Repl]
* C:\WINDOWS\System32\drivers\pcmcia.sys : 120,192 : 04/13/2008 08:36 PM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pcmcia.sys : 119,936 : 08/04/2004 02:00 PM : 82a087207decec8456fbe8537947d579 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys : 120,192 : 04/13/2008 08:36 PM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl]
* C:\WINDOWS\System32\drivers\portcls.sys : 146,048 : 04/13/2008 09:19 PM : e82a496c3961efc6828b508c310ce98f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\portcls.sys : 145,792 : 08/04/2004 08:15 AM : 5b0f00e43a7094c0b7e433cb42c79164 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\portcls.sys : 146,048 : 04/13/2008 09:19 PM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/13/2008 09:19 PM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
* C:\WINDOWS\System32\drivers\processr.sys : 35,840 : 04/13/2008 08:31 PM : a32bebaf723557681bfc6bd93e98bd26 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\processr.sys : 35,328 : 08/04/2004 02:00 PM : 0d97d88720a4087ec93af7dbb303b30a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\processr.sys : 35,840 : 04/13/2008 08:31 PM : a32bebaf723557681bfc6bd93e98bd26 [Pos Repl]
* C:\WINDOWS\System32\drivers\psched.sys : 69,120 : 04/13/2008 08:56 PM : 09298ec810b07e5d582cb3a3f9255424 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\psched.sys : 69,120 : 08/04/2004 02:00 PM : 48671f327553dcf1d27f6197f622a668 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\psched.sys : 69,120 : 04/13/2008 08:56 PM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]
* C:\WINDOWS\System32\drivers\ptilink.sys : 17,792 : 08/04/2004 02:00 PM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig]
+-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 08/04/2004 02:00 PM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
* C:\WINDOWS\System32\drivers\rasacd.sys : 8,832 : 08/04/2004 02:00 PM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 08/04/2004 02:00 PM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
* C:\WINDOWS\System32\drivers\rasl2tp.sys : 51,328 : 04/13/2008 09:19 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys : 51,328 : 08/04/2004 02:00 PM : 98faeb4a4dcf812ba1c6fca4aa3e115c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys : 51,328 : 04/13/2008 09:19 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
* C:\WINDOWS\System32\drivers\raspppoe.sys : 41,472 : 04/13/2008 08:57 PM : 5bc962f2654137c9909c3d4603587dee [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys : 41,472 : 08/04/2004 02:00 PM : 7306eeed8895454cbed4669be9f79faa [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\raspppoe.sys : 41,472 : 04/13/2008 08:57 PM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]
* C:\WINDOWS\System32\drivers\raspptp.sys : 48,384 : 04/13/2008 09:19 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys : 48,384 : 08/04/2004 02:00 PM : 1c5cc65aac0783c344f16353e60b72ac [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\raspptp.sys : 48,384 : 04/13/2008 09:19 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
* C:\WINDOWS\System32\drivers\raspti.sys : 16,512 : 08/04/2004 02:00 PM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 08/04/2004 02:00 PM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
* C:\WINDOWS\System32\drivers\rawwan.sys : 34,432 : 08/04/2004 02:00 PM : 01524cd237223b18adbb48f70083f101 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 08/04/2004 02:00 PM : 01524cd237223b18adbb48f70083f101 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdbss.sys : 175,744 : 04/13/2008 09:28 PM : 7ad224ad1a1437fe28d89cf22b17780a [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys : 174,592 : 10/28/2004 03:14 AM : d0fef8156d2d2fec557c100956d76887 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys : 174,592 : 05/05/2006 12:22 AM : ed375ce745c42a14f10753f7022ecd6a [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys : 174,592 : 05/05/2006 11:47 AM : 03b965b1ca47f6ef60eb5e51cb50e0af [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB885835$\rdbss.sys : 176,512 : 08/04/2004 02:00 PM : 29d66245adba878fff574cd66abd2884 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB914389$\rdbss.sys : 174,592 : 10/28/2004 03:13 AM : 809ca45caa9072b3176ad44579d7f688 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rdbss.sys : 175,744 : 04/13/2008 09:28 PM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpcdd.sys : 4,224 : 08/04/2004 02:00 PM : 4912d5b403614ce99c28420f75353332 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 08/04/2004 02:00 PM : 4912d5b403614ce99c28420f75353332 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpdr.sys : 196,224 : 04/13/2008 08:32 PM : 15cabd0f7c00c47c70124907916af3f1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys : 196,864 : 08/04/2004 08:01 AM : a2cae2c60bc37e0751ef9dda7ceaf4ad [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys : 196,224 : 04/13/2008 08:32 PM : 15cabd0f7c00c47c70124907916af3f1 [Pos Repl]
* C:\WINDOWS\System32\drivers\redbook.sys : 57,600 : 04/13/2008 08:40 PM : f828dd7e1419b6653894a8f97a0094c5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\redbook.sys : 57,472 : 08/04/2004 00:59 AM : b31b4588e4086d8d84adbf9845c2402b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\redbook.sys : 57,600 : 04/13/2008 08:40 PM : f828dd7e1419b6653894a8f97a0094c5 [Pos Repl]
* C:\WINDOWS\System32\drivers\rndismp.sys : 30,592 : 04/13/2008 08:56 PM : 601844cbcf617ff8c868130ca5b2039d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys : 30,080 : 08/04/2004 02:00 PM : 7ce8b277f3207ea82d7d22ad348befc6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rndismp.sys : 30,592 : 04/13/2008 08:56 PM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]
* C:\WINDOWS\System32\drivers\rootmdm.sys : 5,888 : 08/04/2004 02:00 PM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 08/04/2004 02:00 PM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
* C:\WINDOWS\System32\drivers\scsiport.sys : 96,384 : 04/13/2008 08:40 PM : 76c465f570e90c28942d52ccb2580a10 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys : 96,256 : 08/04/2004 02:00 PM : d7fd0ff761e28ac0ea35ad71e0cd67e9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\scsiport.sys : 96,384 : 04/13/2008 08:40 PM : 76c465f570e90c28942d52ccb2580a10 [Pos Repl]
* C:\WINDOWS\System32\drivers\sdbus.sys : 79,232 : 04/13/2008 08:36 PM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sdbus.sys : 67,584 : 08/04/2004 02:00 PM : 02fc71b020ec8700ee8a46c58bc6f276 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sdbus.sys : 79,232 : 04/13/2008 08:36 PM : 8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl]
* C:\WINDOWS\System32\drivers\serenum.sys : 15,744 : 04/13/2008 08:40 PM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\serenum.sys : 15,488 : 08/04/2004 02:00 PM : a2d868aeeff612e70e213c451a70cafb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\serenum.sys : 15,744 : 04/13/2008 08:40 PM : 0f29512ccd6bead730039fb4bd2c85ce [Pos Repl]
* C:\WINDOWS\System32\drivers\serial.sys : 64,512 : 04/13/2008 09:15 PM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\serial.sys : 64,896 : 08/04/2004 02:00 PM : cd9404d115a00d249f70a371b46d5a26 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\serial.sys : 64,512 : 04/13/2008 09:15 PM : cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl]
* C:\WINDOWS\System32\drivers\sffdisk.sys : 11,904 : 04/13/2008 08:40 PM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sffdisk.sys : 11,136 : 08/04/2004 02:00 PM : 1d9f1bec651815741f088a8fb88e17ee [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sffdisk.sys : 11,904 : 04/13/2008 08:40 PM : 0fa803c64df0914b41f807ea276bf2a6 [Pos Repl]
* C:\WINDOWS\System32\drivers\sffp_sd.sys : 11,008 : 04/13/2008 08:40 PM : c17c331e435ed8737525c86a7557b3ac [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sffp_sd.sys : 10,240 : 08/04/2004 02:00 PM : 586499fd312ffd7f78553f408e71682e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sffp_sd.sys : 11,008 : 04/13/2008 08:40 PM : c17c331e435ed8737525c86a7557b3ac [Pos Repl]
* C:\WINDOWS\System32\drivers\sfloppy.sys : 11,392 : 04/13/2008 08:40 PM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys : 11,392 : 08/04/2004 02:00 PM : 0d13b6df6e9e101013a7afb0ce629fe0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys : 11,392 : 04/13/2008 08:40 PM : 8e6b8c671615d126fdc553d1e2de5562 [Pos Repl]
* C:\WINDOWS\System32\drivers\smclib.sys : 14,592 : 08/04/2004 02:00 PM : 017daecf0ed3aa731313433601ec40fa [NoSig]
+-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 08/04/2004 02:00 PM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]
* C:\WINDOWS\System32\drivers\sonydcam.sys : 25,344 : 04/13/2008 08:46 PM : 489703624dac94ed943c2abda022a1cd [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys : 25,472 : 08/04/2004 02:00 PM : addc9e4757a68ab60562ad3cb9c288d6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys : 25,344 : 04/13/2008 08:46 PM : 489703624dac94ed943c2abda022a1cd [Pos Repl]
* C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 04/13/2008 08:45 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys : 6,272 : 06/14/2006 10:50 AM : 9bb1dd670cb7505a90fc4e61d4aa8227 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\splitter.sys : 6,400 : 06/14/2006 10:47 AM : 0ce218578fff5f4f7e4201539c45c78f [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB920872$\splitter.sys : 6,400 : 08/04/2004 08:07 AM : 8e186b8f23295d1e42c573b82b80d548 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\splitter.sys : 6,272 : 04/13/2008 08:45 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
* C:\WINDOWS\System32\drivers\stream.sys : 49,408 : 04/13/2008 08:45 PM : 3e5d89099ded9e86e5639f411693218f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\stream.sys : 48,640 : 08/04/2004 08:08 AM : c43356072eb3e88cd62958db10cead47 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\stream.sys : 49,408 : 04/13/2008 08:45 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/13/2008 08:45 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
* C:\WINDOWS\System32\drivers\swenum.sys : 4,352 : 04/13/2008 08:39 PM : 3941d127aef12e93addf6fe6ee027e0f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\swenum.sys : 4,352 : 08/04/2004 02:00 PM : 03c1bae4766e2450219d20b993d6e046 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\swenum.sys : 4,352 : 04/13/2008 08:39 PM : 3941d127aef12e93addf6fe6ee027e0f [Pos Repl]
* C:\WINDOWS\System32\drivers\swmidi.sys : 56,576 : 04/13/2008 08:45 PM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys : 54,272 : 08/17/2001 11:00 PM : 94abc808fc4b6d7d2bbf42b85e25bb4d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\swmidi.sys : 56,576 : 04/13/2008 08:45 PM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
* C:\WINDOWS\System32\drivers\sysaudio.sys : 60,800 : 04/13/2008 09:15 PM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys : 60,800 : 08/04/2004 08:15 AM : 650ad082d46bac0e64c9c0e0928492fd [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys : 60,800 : 04/13/2008 09:15 PM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
* C:\WINDOWS\System32\drivers\tape.sys : 14,976 : 04/13/2008 08:40 PM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tape.sys : 14,976 : 08/04/2004 02:00 PM : a2a9ca0d1a9ac1ff54220aa0789fe5cf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tape.sys : 14,976 : 04/13/2008 08:40 PM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
* C:\WINDOWS\System32\drivers\tdi.sys : 19,072 : 04/13/2008 09:00 PM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tdi.sys : 18,560 : 08/04/2004 02:00 PM : 6891b74ab9a016064e82a419388d0601 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tdi.sys : 19,072 : 04/13/2008 09:00 PM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
* C:\WINDOWS\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 02:13 AM : 6471a66807f5e104e4885f5b67349397 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys : 12,040 : 08/04/2004 02:00 PM : 38d437cf2d98965f239b0abcd66dcb0f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys : 12,040 : 04/14/2008 02:13 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]
* C:\WINDOWS\System32\drivers\tdtcp.sys : 21,896 : 04/14/2008 02:13 AM : c56b6d0402371cf3700eb322ef3aaf61 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys : 21,896 : 08/04/2004 02:00 PM : ed0580af02502d00ad8c4c066b156be9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys : 21,896 : 04/14/2008 02:13 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]
* C:\WINDOWS\System32\drivers\termdd.sys : 40,840 : 04/14/2008 02:13 AM : 88155247177638048422893737429d9e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\termdd.sys : 40,840 : 08/04/2004 10:01 AM : a540a99c281d933f3d69d55e48727f47 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\termdd.sys : 40,840 : 04/14/2008 02:13 AM : 88155247177638048422893737429d9e [Pos Repl]
* C:\WINDOWS\System32\drivers\tosdvd.sys : 51,712 : 08/04/2004 02:00 PM : 699450901c5ccfd82357cbc531cedd23 [NoSig]
+-> C:\WINDOWS\system32\dllcache\tosdvd.sys : 51,712 : 08/04/2004 02:00 PM : 699450901c5ccfd82357cbc531cedd23 [Pos Repl]
* C:\WINDOWS\System32\drivers\tunmp.sys : 12,288 : 04/13/2008 08:56 PM : 8f861eda21c05857eb8197300a92501c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tunmp.sys : 12,416 : 08/04/2004 02:00 PM : 87a0e9e18c10a9e454238e3330e2a26d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tunmp.sys : 12,288 : 04/13/2008 08:56 PM : 8f861eda21c05857eb8197300a92501c [Pos Repl]
* C:\WINDOWS\System32\drivers\udfs.sys : 66,048 : 04/13/2008 08:32 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\udfs.sys : 66,176 : 08/04/2004 02:00 PM : 12f70256f140cd7d52c58c7048fde657 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\udfs.sys : 66,048 : 04/13/2008 08:32 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
* C:\WINDOWS\System32\drivers\update.sys : 384,768 : 04/13/2008 08:39 PM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys : 364,160 : 04/23/2007 12:14 AM : 7b2170ee3d858ce8fbe503904cc9b663 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\update.sys : 364,160 : 04/23/2007 12:32 AM : ced744117e91bdc0beb810f7d8608183 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB936357$\update.sys : 209,408 : 08/04/2004 02:00 PM : aff2e5045961bbc0a602bb6f95eb1345 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\update.sys : 384,768 : 04/13/2008 08:39 PM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbcamd2.sys : 25,728 : 04/13/2008 08:45 PM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbcamd2.sys : 23,936 : 08/04/2004 02:00 PM : 61018ba9df6b63e51d9753c980e73ec2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbcamd2.sys : 25,728 : 04/13/2008 08:45 PM : ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbcamd.sys : 25,600 : 04/13/2008 08:45 PM : 1c1a47b40c23358245aa8d0443b6935e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbcamd.sys : 23,808 : 08/04/2004 02:00 PM : 2654eecc6fb13603ebddcd5c8ea943d1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbcamd.sys : 25,600 : 04/13/2008 08:45 PM : 1c1a47b40c23358245aa8d0443b6935e [Pos Repl]
* C:\WINDOWS\System32\drivers\usbhub.sys : 59,520 : 04/13/2008 08:45 PM : 1ab3cdde553b6e064d2e754efe20285c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys : 57,600 : 08/04/2004 08:08 AM : c72f40947f92cea56a8fb532edf025f1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbhub.sys : 59,520 : 04/13/2008 08:45 PM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbhub.sys : 57,600 : 08/04/2004 02:00 PM : c72f40947f92cea56a8fb532edf025f1 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\usbhub.sys : 57,600 : 08/04/2004 08:08 AM : c72f40947f92cea56a8fb532edf025f1 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\usbhub.sys : 57,600 : 08/04/2004 08:08 AM : c72f40947f92cea56a8fb532edf025f1 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbintel.sys : 15,872 : 04/13/2008 08:45 PM : 290913dc4f1125e5a82de52579a44c43 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys : 16,000 : 08/04/2004 02:00 PM : 2853fd4c4489e0f8bfcf78efcdb7e998 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbintel.sys : 15,872 : 04/13/2008 08:45 PM : 290913dc4f1125e5a82de52579a44c43 [Pos Repl]
* C:\WINDOWS\System32\drivers\USBSTOR.sys : 26,368 : 04/13/2008 08:45 PM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys : 26,496 : 08/04/2004 08:08 AM : 6cd7b22193718f1d17a47a1cd6d37e75 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbstor.sys : 26,368 : 04/13/2008 08:45 PM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbuhci.sys : 20,608 : 04/13/2008 08:45 PM : 26496f9dee2d787fc3e61ad54821ffe6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys : 20,480 : 08/04/2004 08:08 AM : f8fd1400092e23c8f2f31406ef06167b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbuhci.sys : 20,608 : 04/13/2008 08:45 PM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbuhci.sys : 20,480 : 08/04/2004 02:00 PM : f8fd1400092e23c8f2f31406ef06167b [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\usbuhci.sys : 20,480 : 08/04/2004 08:08 AM : f8fd1400092e23c8f2f31406ef06167b [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\usbuhci.sys : 20,480 : 08/04/2004 08:08 AM : f8fd1400092e23c8f2f31406ef06167b [Pos Repl]
* C:\WINDOWS\System32\drivers\vga.sys : 20,992 : 04/13/2008 08:44 PM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\vga.sys : 20,992 : 08/04/2004 02:00 PM : 8a60edd72b4ea5aea8202daf0e427925 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\vga.sys : 20,992 : 04/13/2008 08:44 PM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
* C:\WINDOWS\System32\drivers\videoprt.sys : 81,664 : 04/13/2008 08:44 PM : e28726b72c46821a28830e077d39a55b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\videoprt.sys : 79,744 : 08/04/2004 02:00 PM : d5a9d123f5ed7c9965a481bd20cf66d8 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\videoprt.sys : 81,664 : 04/13/2008 08:44 PM : e28726b72c46821a28830e077d39a55b [Pos Repl]
* C:\WINDOWS\System32\drivers\volsnap.sys : 52,352 : 08/09/2014 03:07 AM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys : 52,352 : 08/04/2004 02:00 PM : ee4660083deba849ff6c485d944b379b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\volsnap.sys : 52,352 : 04/13/2008 08:41 PM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
* C:\WINDOWS\System32\drivers\wanarp.sys : 34,560 : 04/13/2008 08:57 PM : e20b95baedb550f32dd489265c1da1f6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\wanarp.sys : 34,560 : 08/04/2004 02:00 PM : 984ef0b9788abf89974cfed4bfbaacbc [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wanarp.sys : 34,560 : 04/13/2008 08:57 PM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
* C:\WINDOWS\System32\drivers\wdmaud.sys : 83,072 : 04/13/2008 09:17 PM : 6768acf64b18196494413695f0c3a00f [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys : 82,944 : 06/14/2006 11:17 AM : 0bfa8203b8148fb4e54bc212c41ce497 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\wdmaud.sys : 82,944 : 06/14/2006 11:00 AM : efd235ca22b57c81118c1aeb4798f1c1 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB920872$\wdmaud.sys : 82,944 : 08/04/2004 08:15 AM : 2797f33ebf50466020c430ee4f037933 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys : 83,072 : 04/13/2008 09:17 PM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
* C:\WINDOWS\System32\drivers\wmilib.sys : 4,352 : 08/04/2004 02:00 PM : 2f31b7f954bed437f2c75026c65caf7b [NoSig]
+-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 08/04/2004 02:00 PM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
* C:\WINDOWS\System32\drivers\ws2ifsl.sys : 12,032 : 08/04/2004 02:00 PM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 08/04/2004 02:00 PM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.
* HOSTS file entries found:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
20 out of 15348 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 08/10/2014 10:17:56 PM
Execution time: 0 hours(s), 5 minute(s), and 47 seconds(s)
-END-
#15
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 10 August 2014 - 02:44 PM
Go ahead and run a new scan with FRST and include the Additions log
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
