Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost is slowly eating my laptop...


  • This topic is locked This topic is locked
30 replies to this topic

#1 Fixer_27

Fixer_27

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 August 2013 - 10:48 PM

Hi Folks,  happy to make your acquaintance, I just wish I could say I'm happy to be here  :(

 

Anyway, I've tried many tools and I don't seem to be able to kill the bug I've gotten.  It's gradually disabling my laptop, seems to have gotten in though a Java exploit, but I really don't know at tthis point.

 

I'd like to be able to post a log from DDS, but it won't complete.  Combofix also will not run.  I think some of my windows components are busted. I'm running winXP with SP3, and recently switched to Chrome after IE8 started being really flaky.  I've lost most of my network capabilities as well, so if I have to download something, I have to use my main computer and ping-pong it to the laptop on a USB stick.

 

I've run MBAM and Avast and SUPER antispyware, they all find nothing.  I'm pretty sure I'm doing things in the wrong order, so I need some intelligent help, please!

 

Something that is interesting, to me anyway, is that my taskbar at the bottom of the screen changes from blue to a nasty gray "win 95" style occasionally, usually when svchost is maxing the processor.  I've also seen "interrupt" and "googleupdate" grab 99% of the processor.

 

Anyway, this computer has no real info on it, so If I have to scrape it, I will.  I just thought I'd see what the pro's say... :thumbsup2:

 

Will keep checking back, thanks for the help!



BC AdBot (Login to Remove)

 


#2 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 11 August 2013 - 09:05 PM

Hi again.  This is not a bump, I got DDS to work finally.  It won't work if you leave the default "check MBR" option on, hangs the computer instead.  So, here are the contents of DDS and Attach:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.25.2
Run by User at 19:46:34 on 2013-08-11
#Option MBR scan  is disabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1707 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374976826042
TCP: NameServer = 199.19.216.40 199.19.216.41
TCP: Interfaces\{3096055C-C546-4589-BB30-C967EAA5B2CC} : DHCPNameServer = 199.19.216.40 199.19.216.41
TCP: Interfaces\{77106C9A-F671-4C42-A0A2-C7E8E348D2C9} : DHCPNameServer = 199.19.216.40 199.19.216.41
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-19 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-19 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-6 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-6 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-6 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-19 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-6 46808]
S3 59730292;59730292;c:\windows\system32\drivers\52495798.sys [2013-7-28 177760]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-8-3 35144]
.
=============== Created Last 30 ================
.
2013-08-10 15:54:32 98816 ----a-w- c:\windows\sed.exe
2013-08-10 15:54:32 256000 ----a-w- c:\windows\PEV.exe
2013-08-10 15:54:32 208896 ----a-w- c:\windows\MBR.exe
2013-08-10 15:54:17 -------- d-s---w- C:\ComboFix
2013-08-08 02:51:47 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2013-08-08 02:49:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-08 02:49:51 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-08 01:34:01 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-08 01:33:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-04 06:16:18 -------- d-----w- C:\FRST
2013-08-04 05:49:42 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-04 05:28:46 -------- d-sha-r- C:\cmdcons
2013-08-04 02:55:25 -------- d--h--w- c:\windows\PIF
2013-08-04 01:53:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-07-28 19:38:42 177760 ----a-w- c:\windows\system32\drivers\52495798.sys
2013-07-28 19:24:13 177760 ----a-w- c:\windows\system32\drivers\31304954.sys
2013-07-28 19:12:48 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-28 02:27:02 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2013-07-28 02:26:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-07-28 02:26:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-28 02:26:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-20 03:27:08 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-20 03:27:07 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-20 03:27:07 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
.
==================== Find3M  ====================
.
2013-08-08 01:32:21 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-08 01:32:21 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-20 03:27:16 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-03 02:08:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-03 02:08:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 19:47:03.15 ===============
=========================================================================================================================
 
attach.txt
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2012 9:49:10 AM
System Uptime: 8/11/2013 7:10:03 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation |  | 00U838
Processor:    Mobile Intel® Pentium® 4 - M CPU 2.20GHz | Microprocessor | 2193/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 18.794 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&16793A72&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&16793A72&0&00F0
Service: bcm4sbxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\4&16793A72&0&18F0
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\4&16793A72&0&18F0
Service: BCM43XX
.
==== System Restore Points ===================
.
RP57: 5/15/2013 6:29:11 PM - Software Distribution Service 3.0
RP58: 6/2/2013 2:05:51 PM - System Checkpoint
RP59: 7/2/2013 7:15:22 PM - System Checkpoint
RP60: 7/17/2013 8:38:34 PM - System Checkpoint
RP61: 7/19/2013 8:26:32 PM - System Checkpoint
RP62: 7/19/2013 10:46:26 PM - Software Distribution Service 3.0
RP63: 7/22/2013 6:47:20 PM - System Checkpoint
RP64: 7/23/2013 7:02:31 PM - System Checkpoint
RP65: 7/25/2013 8:50:18 PM - System Checkpoint
RP66: 7/27/2013 9:55:35 PM - System Checkpoint
RP67: 8/3/2013 10:15:21 PM - before combofix 02aug13
RP68: 8/7/2013 6:58:45 PM - System Checkpoint
RP69: 8/10/2013 12:06:45 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
ALPS Touch Pad Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Broadcom 440x 10/100 Integrated Controller
Broadcom Advanced Control Suite
Broadcom Wireless Network Adapter
C-Major Audio
Calculator Powertoy for Windows XP
Canon PowerShot A40 WIA Driver
CCleaner
DataPro Standard Edition 14.1.16
Defraggler
Dell Modem-On-Hold
FastStone Image Viewer 4.6
GOM Player
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Java 7 Update 25
Java Auto Updater
Magnifier Powertoy for Windows XP
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU 
Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
OBDAutoDoctor 1.5.0
OpenOffice.org 3.4.1
PCTEL 2304WT V.92 MDC Modem Drivers
progeCAD 2009 Smart! ENG
QuickSet
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows XP (KB2820197)
Speccy
SUPERAntiSpyware
SyncToy 2.1 (x86)
TouchScan
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Winamp (remove only)
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 9:30:34 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the BITS service to connect.
8/9/2013 9:30:34 PM, error: Service Control Manager [7000]  - The BITS service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/9/2013 9:30:32 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/9/2013 8:23:01 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
8/8/2013 8:45:01 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/8/2013 8:41:48 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/7/2013 9:05:23 PM, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/7/2013 9:02:22 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AswRdr aswRvrt aswSnx aswSP aswTdi aswVmm Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
8/7/2013 9:02:22 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
8/7/2013 9:02:22 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/7/2013 9:02:22 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/7/2013 9:02:22 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
8/7/2013 9:01:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2013 9:01:37 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/7/2013 8:15:30 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde
8/7/2013 8:10:06 PM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  Access is denied.
8/4/2013 11:37:04 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/4/2013 11:25:54 AM, error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
8/4/2013 10:47:46 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
8/10/2013 9:36:54 AM, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 805640ff, parameter3 a4322ab0, parameter4 00000000.
.
==== End Of File ===========================
 

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 PM

Posted 12 August 2013 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download these tools to a flash drive from a good computer and copy them to the Desktop of the Infected computer.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#4 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 12 August 2013 - 07:50 PM

Hi Nasdaq!  I hope we can figure this out, because now it looks like my main computer is starting to do stupid stuff too.  I'll start a new topic for that one as soon as I get this laptops fixed...

 

Here are the logs:

 

18:00:29.0589 3116  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
18:00:29.0870 3116  ============================================================
18:00:29.0870 3116  Current date / time: 2013/08/12 18:00:29.0870
18:00:29.0870 3116  SystemInfo:
18:00:29.0870 3116  
18:00:29.0870 3116  OS Version: 5.1.2600 ServicePack: 3.0
18:00:29.0870 3116  Product type: Workstation
18:00:29.0870 3116  ComputerName: INSPRN-85K-XP2
18:00:29.0870 3116  UserName: User
18:00:29.0870 3116  Windows directory: C:\WINDOWS
18:00:29.0870 3116  System windows directory: C:\WINDOWS
18:00:29.0870 3116  Processor architecture: Intel x86
18:00:29.0870 3116  Number of processors: 1
18:00:29.0870 3116  Page size: 0x1000
18:00:29.0870 3116  Boot type: Normal boot
18:00:29.0870 3116  ============================================================
18:00:40.0885 3116  Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:00:41.0056 3116  ============================================================
18:00:41.0056 3116  \Device\Harddisk0\DR0:
18:00:41.0116 3116  MBR partitions:
18:00:41.0116 3116  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
18:00:41.0116 3116  ============================================================
18:00:41.0807 3116  C: <-> \Device\Harddisk0\DR0\Partition1
18:00:41.0897 3116  ============================================================
18:00:41.0897 3116  Initialize success
18:00:41.0897 3116  ============================================================
18:00:54.0865 3156  ============================================================
18:00:54.0865 3156  Scan started
18:00:54.0865 3156  Mode: Manual; SigCheck; TDLFS; 
18:00:54.0865 3156  ============================================================
18:00:55.0516 3156  ================ Scan system memory ========================
18:00:55.0516 3156  System memory - ok
18:00:55.0526 3156  ================ Scan services =============================
18:00:55.0777 3156  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:01:04.0189 3156  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
18:01:04.0189 3156  !SASCORE - detected UnsignedFile.Multi.Generic (1)
18:01:06.0472 3156  [ C367A55B3D361A303B2B67464A9A5464 ] 59730292        C:\WINDOWS\system32\drivers\52495798.sys
18:01:06.0712 3156  59730292 - ok
18:01:06.0723 3156  Abiosdsk - ok
18:01:06.0743 3156  abp480n5 - ok
18:01:06.0873 3156  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:01:08.0325 3156  ACPI - ok
18:01:08.0355 3156  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
18:01:09.0567 3156  ACPIEC - ok
18:01:09.0747 3156  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:10.0137 3156  AdobeFlashPlayerUpdateSvc - ok
18:01:10.0157 3156  adpu160m - ok
18:01:10.0258 3156  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:01:11.0610 3156  aec - ok
18:01:11.0700 3156  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:01:12.0270 3156  AFD - ok
18:01:12.0341 3156  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
18:01:13.0843 3156  agp440 - ok
18:01:13.0853 3156  Aha154x - ok
18:01:13.0873 3156  aic78u2 - ok
18:01:13.0913 3156  aic78xx - ok
18:01:13.0973 3156  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:01:15.0155 3156  Alerter - ok
18:01:15.0205 3156  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
18:01:16.0256 3156  ALG - ok
18:01:16.0266 3156  AliIde - ok
18:01:16.0286 3156  amsint - ok
18:01:16.0386 3156  [ AEB775A2BAE0F392BA6ADC0BB706233A ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:01:16.0987 3156  ApfiltrService - ok
18:01:16.0997 3156  AppMgmt - ok
18:01:17.0127 3156  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:01:18.0349 3156  Arp1394 - ok
18:01:18.0359 3156  asc - ok
18:01:18.0389 3156  asc3350p - ok
18:01:18.0429 3156  asc3550 - ok
18:01:18.0630 3156  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:01:18.0870 3156  aspnet_state - ok
18:01:18.0950 3156  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:01:19.0251 3156  aswFsBlk - ok
18:01:19.0321 3156  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:01:19.0601 3156  aswMonFlt - ok
18:01:19.0651 3156  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
18:01:19.0932 3156  AswRdr - ok
18:01:19.0972 3156  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
18:01:20.0292 3156  aswRvrt - ok
18:01:20.0653 3156  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
18:01:21.0183 3156  aswSnx - ok
18:01:21.0354 3156  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
18:01:21.0844 3156  aswSP - ok
18:01:21.0894 3156  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
18:01:22.0175 3156  aswTdi - ok
18:01:22.0295 3156  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
18:01:22.0826 3156  aswVmm - ok
18:01:22.0866 3156  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:01:24.0178 3156  AsyncMac - ok
18:01:24.0258 3156  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:01:25.0429 3156  atapi - ok
18:01:25.0439 3156  Atdisk - ok
18:01:25.0620 3156  [ D38BD6065EEC1F6EAF98CD853F482388 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:01:26.0201 3156  Ati HotKey Poller - ok
18:01:26.0461 3156  [ 1CA68BC171E299636026EE9656217D27 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:01:27.0142 3156  ati2mtag - ok
18:01:27.0182 3156  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:01:28.0874 3156  Atmarpc - ok
18:01:28.0934 3156  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:01:30.0136 3156  AudioSrv - ok
18:01:30.0176 3156  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:01:31.0488 3156  audstub - ok
18:01:31.0598 3156  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:01:31.0839 3156  avast! Antivirus - ok
18:01:31.0969 3156  [ 6F7911F3E674363A91541E097F49B633 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:01:32.0379 3156  b57w2k - ok
18:01:33.0711 3156  [ D9C373CD4A399D133D7444A7274FD0E9 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:01:36.0485 3156  BCM43XX - ok
18:01:36.0565 3156  [ 068523D2CD260069B19AD68ADEA0D739 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:01:37.0216 3156  bcm4sbxp - ok
18:01:37.0266 3156  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:01:38.0498 3156  Beep - ok
18:01:38.0688 3156  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:01:40.0571 3156  BITS - ok
18:01:40.0631 3156  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
18:01:41.0292 3156  Browser - ok
18:01:41.0312 3156  bvrp_pci - ok
18:01:41.0513 3156  catchme - ok
18:01:41.0573 3156  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:01:42.0774 3156  cbidf2k - ok
18:01:42.0824 3156  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:01:44.0126 3156  CCDECODE - ok
18:01:44.0146 3156  cd20xrnt - ok
18:01:44.0206 3156  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:01:45.0378 3156  Cdaudio - ok
18:01:45.0438 3156  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:01:46.0890 3156  Cdfs - ok
18:01:46.0950 3156  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:01:48.0312 3156  Cdrom - ok
18:01:48.0322 3156  Changer - ok
18:01:48.0382 3156  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:01:49.0644 3156  CiSvc - ok
18:01:49.0684 3156  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:01:50.0986 3156  ClipSrv - ok
18:01:51.0056 3156  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:51.0367 3156  clr_optimization_v2.0.50727_32 - ok
18:01:51.0457 3156  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:01:52.0679 3156  CmBatt - ok
18:01:52.0689 3156  CmdIde - ok
18:01:52.0759 3156  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:01:54.0021 3156  Compbatt - ok
18:01:54.0031 3156  COMSysApp - ok
18:01:54.0071 3156  Cpqarray - ok
18:01:54.0161 3156  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:01:55.0483 3156  CryptSvc - ok
18:01:55.0493 3156  dac2w2k - ok
18:01:55.0523 3156  dac960nt - ok
18:01:55.0713 3156  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:01:57.0085 3156  DcomLaunch - ok
18:01:57.0185 3156  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:01:58.0547 3156  Dhcp - ok
18:01:58.0597 3156  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:01:59.0909 3156  Disk - ok
18:01:59.0919 3156  dmadmin - ok
18:02:00.0290 3156  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:02:02.0122 3156  dmboot - ok
18:02:02.0202 3156  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:02:03.0564 3156  dmio - ok
18:02:03.0614 3156  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:02:04.0996 3156  dmload - ok
18:02:05.0026 3156  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:02:06.0378 3156  dmserver - ok
18:02:06.0438 3156  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:02:07.0760 3156  DMusic - ok
18:02:07.0820 3156  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:02:08.0511 3156  Dnscache - ok
18:02:08.0622 3156  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:02:10.0044 3156  Dot3svc - ok
18:02:10.0054 3156  dpti2o - ok
18:02:10.0134 3156  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:02:11.0456 3156  drmkaud - ok
18:02:11.0526 3156  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:02:13.0098 3156  EapHost - ok
18:02:13.0158 3156  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:02:14.0580 3156  ERSvc - ok
18:02:14.0660 3156  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
18:02:15.0742 3156  Eventlog - ok
18:02:15.0892 3156  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
18:02:16.0703 3156  EventSystem - ok
18:02:16.0813 3156  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:02:18.0145 3156  Fastfat - ok
18:02:18.0265 3156  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:02:19.0417 3156  FastUserSwitchingCompatibility - ok
18:02:19.0447 3156  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
18:02:20.0679 3156  Fdc - ok
18:02:20.0729 3156  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:02:22.0071 3156  Fips - ok
18:02:22.0091 3156  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
18:02:23.0443 3156  Flpydisk - ok
18:02:23.0533 3156  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:02:24.0875 3156  FltMgr - ok
18:02:24.0955 3156  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:02:25.0165 3156  FontCache3.0.0.0 - ok
18:02:25.0195 3156  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:02:26.0517 3156  Fs_Rec - ok
18:02:26.0587 3156  [ D6E3667F5E2BC6AFC50308B480DE2999 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
18:02:26.0978 3156  FTDIBUS - ok
18:02:27.0078 3156  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:02:28.0470 3156  Ftdisk - ok
18:02:28.0520 3156  [ E4CF4C1F9E3D57A66850F484C08E9ECF ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
18:02:28.0941 3156  FTSER2K - ok
18:02:29.0001 3156  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:02:30.0293 3156  Gpc - ok
18:02:30.0443 3156  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:30.0743 3156  gupdate - ok
18:02:30.0803 3156  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:31.0064 3156  gupdatem - ok
18:02:31.0214 3156  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:02:32.0386 3156  helpsvc - ok
18:02:32.0436 3156  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:02:34.0188 3156  HidServ - ok
18:02:34.0228 3156  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:02:35.0570 3156  HidUsb - ok
18:02:35.0630 3156  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:02:37.0223 3156  hkmsvc - ok
18:02:37.0233 3156  hpn - ok
18:02:37.0393 3156  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:02:38.0084 3156  HTTP - ok
18:02:38.0144 3156  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:02:39.0977 3156  HTTPFilter - ok
18:02:39.0987 3156  i2omgmt - ok
18:02:40.0007 3156  i2omp - ok
18:02:40.0087 3156  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:02:41.0419 3156  i8042prt - ok
18:02:41.0819 3156  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:02:42.0731 3156  idsvc - ok
18:02:42.0941 3156  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:02:44.0443 3156  Imapi - ok
18:02:44.0543 3156  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:02:46.0045 3156  ImapiService - ok
18:02:46.0065 3156  ini910u - ok
18:02:46.0135 3156  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
18:02:47.0387 3156  IntelIde - ok
18:02:47.0437 3156  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:02:48.0689 3156  intelppm - ok
18:02:48.0729 3156  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
18:02:50.0051 3156  Ip6Fw - ok
18:02:50.0111 3156  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:02:51.0463 3156  IpFilterDriver - ok
18:02:51.0483 3156  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:02:52.0765 3156  IpInIp - ok
18:02:52.0975 3156  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:02:54.0397 3156  IpNat - ok
18:02:54.0467 3156  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:02:55.0719 3156  IPSec - ok
18:02:55.0749 3156  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:02:56.0811 3156  IRENUM - ok
18:02:56.0871 3156  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:02:58.0233 3156  isapnp - ok
18:02:58.0633 3156  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:02:58.0914 3156  JavaQuickStarterService - ok
18:02:58.0964 3156  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:03:00.0286 3156  Kbdclass - ok
18:03:00.0386 3156  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:03:01.0738 3156  kmixer - ok
18:03:01.0808 3156  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:03:02.0589 3156  KSecDD - ok
18:03:02.0689 3156  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
18:03:04.0812 3156  lanmanserver - ok
18:03:04.0983 3156  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:03:06.0705 3156  lanmanworkstation - ok
18:03:06.0715 3156  lbrtfdc - ok
18:03:06.0785 3156  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:03:08.0287 3156  LmHosts - ok
18:03:08.0357 3156  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:03:08.0768 3156  mbamchameleon - ok
18:03:08.0818 3156  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:03:10.0470 3156  Messenger - ok
18:03:10.0521 3156  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:03:11.0802 3156  mnmdd - ok
18:03:11.0842 3156  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:03:13.0365 3156  mnmsrvc - ok
18:03:13.0425 3156  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:03:14.0727 3156  Modem - ok
18:03:14.0787 3156  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:03:16.0129 3156  Mouclass - ok
18:03:16.0159 3156  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:03:17.0420 3156  mouhid - ok
18:03:17.0501 3156  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:03:18.0772 3156  MountMgr - ok
18:03:18.0782 3156  mraid35x - ok
18:03:18.0893 3156  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:03:20.0355 3156  MRxDAV - ok
18:03:20.0565 3156  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:03:21.0536 3156  MRxSmb - ok
18:03:21.0586 3156  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:03:23.0149 3156  MSDTC - ok
18:03:23.0199 3156  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:03:24.0481 3156  Msfs - ok
18:03:24.0491 3156  MSIServer - ok
18:03:24.0581 3156  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:03:25.0843 3156  MSKSSRV - ok
18:03:25.0873 3156  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:03:27.0144 3156  MSPCLOCK - ok
18:03:27.0184 3156  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:03:28.0486 3156  MSPQM - ok
18:03:28.0536 3156  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:03:29.0938 3156  mssmbios - ok
18:03:29.0978 3156  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:03:31.0250 3156  MSTEE - ok
18:03:31.0330 3156  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:03:38.0981 3156  Mup - ok
18:03:39.0132 3156  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:03:52.0381 3156  NABTSFEC - ok
18:03:52.0521 3156  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:03:54.0434 3156  napagent - ok
18:03:54.0534 3156  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:03:55.0926 3156  NDIS - ok
18:03:55.0966 3156  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:03:57.0408 3156  NdisIP - ok
18:03:57.0458 3156  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:03:58.0029 3156  NdisTapi - ok
18:03:58.0099 3156  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:03:59.0461 3156  Ndisuio - ok
18:03:59.0531 3156  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:04:00.0843 3156  NdisWan - ok
18:04:00.0903 3156  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:04:01.0554 3156  NDProxy - ok
18:04:01.0634 3156  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:04:02.0916 3156  NetBIOS - ok
18:04:03.0006 3156  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:04:04.0448 3156  NetBT - ok
18:04:04.0528 3156  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:04:06.0221 3156  NetDDE - ok
18:04:06.0281 3156  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:04:07.0963 3156  NetDDEdsdm - ok
18:04:08.0023 3156  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:04:09.0535 3156  Netlogon - ok
18:04:09.0676 3156  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
18:04:11.0448 3156  Netman - ok
18:04:11.0528 3156  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:11.0739 3156  NetTcpPortSharing - ok
18:04:11.0819 3156  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:04:13.0161 3156  NIC1394 - ok
18:04:13.0271 3156  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:04:14.0352 3156  Nla - ok
18:04:14.0412 3156  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:04:15.0734 3156  Npfs - ok
18:04:15.0965 3156  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:04:17.0677 3156  Ntfs - ok
18:04:17.0717 3156  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:04:19.0360 3156  NtLmSsp - ok
18:04:19.0560 3156  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:04:21.0573 3156  NtmsSvc - ok
18:04:21.0613 3156  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:04:22.0935 3156  Null - ok
18:04:22.0985 3156  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:04:24.0317 3156  NwlnkFlt - ok
18:04:24.0357 3156  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:04:25.0689 3156  NwlnkFwd - ok
18:04:25.0739 3156  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:04:27.0131 3156  ohci1394 - ok
18:04:27.0211 3156  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
18:04:28.0563 3156  Parport - ok
18:04:28.0593 3156  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:04:29.0945 3156  PartMgr - ok
18:04:29.0995 3156  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:04:31.0407 3156  ParVdm - ok
18:04:31.0467 3156  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:04:32.0879 3156  PCI - ok
18:04:32.0889 3156  PCIDump - ok
18:04:32.0949 3156  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:04:34.0231 3156  PCIIde - ok
18:04:34.0311 3156  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:04:35.0713 3156  Pcmcia - ok
18:04:35.0723 3156  PDCOMP - ok
18:04:35.0753 3156  PDFRAME - ok
18:04:35.0793 3156  PDRELI - ok
18:04:35.0863 3156  PDRFRAME - ok
18:04:35.0883 3156  perc2 - ok
18:04:35.0923 3156  perc2hib - ok
18:04:36.0094 3156  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:04:37.0195 3156  PlugPlay - ok
18:04:37.0235 3156  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:04:38.0777 3156  PolicyAgent - ok
18:04:38.0848 3156  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:04:40.0290 3156  PptpMiniport - ok
18:04:40.0320 3156  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:04:41.0792 3156  ProtectedStorage - ok
18:04:41.0842 3156  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:04:43.0074 3156  PSched - ok
18:04:43.0094 3156  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:04:44.0416 3156  Ptilink - ok
18:04:44.0536 3156  [ 546DCA98BEFFB92F887E10D7F299D308 ] Ptserial        C:\WINDOWS\system32\DRIVERS\ptserial.sys
18:04:45.0147 3156  Ptserial - ok
18:04:45.0177 3156  ql1080 - ok
18:04:45.0197 3156  Ql10wnt - ok
18:04:45.0257 3156  ql12160 - ok
18:04:45.0277 3156  ql1240 - ok
18:04:45.0307 3156  ql1280 - ok
18:04:45.0377 3156  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:04:46.0699 3156  RasAcd - ok
18:04:46.0829 3156  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:04:50.0524 3156  RasAuto - ok
18:04:50.0614 3156  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:04:51.0616 3156  Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
18:04:51.0616 3156  Rasl2tp - detected UnsignedFile.Multi.Generic (1)
18:04:51.0866 3156  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:04:51.0966 3156  RasMan ( UnsignedFile.Multi.Generic ) - warning
18:04:51.0966 3156  RasMan - detected UnsignedFile.Multi.Generic (1)
18:04:52.0006 3156  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:04:52.0077 3156  RasPppoe ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0077 3156  RasPppoe - detected UnsignedFile.Multi.Generic (1)
18:04:52.0097 3156  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:04:52.0147 3156  Raspti ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0147 3156  Raspti - detected UnsignedFile.Multi.Generic (1)
18:04:52.0237 3156  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:04:52.0317 3156  Rdbss ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0317 3156  Rdbss - detected UnsignedFile.Multi.Generic (1)
18:04:52.0347 3156  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:04:52.0357 3156  RDPCDD ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0357 3156  RDPCDD - detected UnsignedFile.Multi.Generic (1)
18:04:52.0477 3156  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:04:52.0517 3156  RDPWD ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0517 3156  RDPWD - detected UnsignedFile.Multi.Generic (1)
18:04:52.0617 3156  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:04:52.0677 3156  RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0677 3156  RDSessMgr - detected UnsignedFile.Multi.Generic (1)
18:04:52.0818 3156  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:04:52.0878 3156  redbook ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0878 3156  redbook - detected UnsignedFile.Multi.Generic (1)
18:04:52.0938 3156  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:04:52.0978 3156  RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
18:04:52.0978 3156  RemoteAccess - detected UnsignedFile.Multi.Generic (1)
18:04:53.0038 3156  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:04:53.0078 3156  RpcLocator ( UnsignedFile.Multi.Generic ) - warning
18:04:53.0078 3156  RpcLocator - detected UnsignedFile.Multi.Generic (1)
18:04:53.0258 3156  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
18:04:53.0418 3156  RpcSs ( UnsignedFile.Multi.Generic ) - warning
18:04:53.0418 3156  RpcSs - detected UnsignedFile.Multi.Generic (1)
18:04:53.0509 3156  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:04:53.0569 3156  RSVP ( UnsignedFile.Multi.Generic ) - warning
18:04:53.0569 3156  RSVP - detected UnsignedFile.Multi.Generic (1)
18:04:53.0619 3156  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:04:53.0629 3156  SamSs ( UnsignedFile.Multi.Generic ) - warning
18:04:53.0629 3156  SamSs - detected UnsignedFile.Multi.Generic (1)
18:04:53.0669 3156  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:04:59.0067 3156  SASDIFSV - ok
18:04:59.0117 3156  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:04:59.0197 3156  SASKUTIL - ok
18:04:59.0287 3156  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:05:02.0512 3156  SCardSvr - ok
18:05:02.0622 3156  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:05:03.0052 3156  Schedule - ok
18:05:03.0102 3156  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:05:03.0243 3156  Secdrv - ok
18:05:03.0303 3156  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:05:03.0553 3156  seclogon - ok
18:05:03.0573 3156  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
18:05:03.0803 3156  SENS - ok
18:05:03.0863 3156  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:05:04.0154 3156  Serenum - ok
18:05:04.0224 3156  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
18:05:04.0484 3156  Serial - ok
18:05:04.0534 3156  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:05:04.0775 3156  Sfloppy - ok
18:05:04.0945 3156  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:05:05.0416 3156  SharedAccess - ok
18:05:06.0307 3156  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:05:06.0417 3156  ShellHWDetection - ok
18:05:06.0427 3156  Simbad - ok
18:05:06.0477 3156  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:05:06.0718 3156  SLIP - ok
18:05:06.0738 3156  Sparrow - ok
18:05:06.0798 3156  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:05:07.0008 3156  splitter - ok
18:05:07.0108 3156  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:05:07.0188 3156  Spooler - ok
18:05:07.0248 3156  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:05:07.0379 3156  sr - ok
18:05:07.0509 3156  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:05:07.0679 3156  srservice - ok
18:05:07.0859 3156  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:05:08.0150 3156  Srv - ok
18:05:08.0230 3156  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:05:08.0360 3156  SSDPSRV - ok
18:05:08.0520 3156  [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97          C:\WINDOWS\system32\drivers\stac97.sys
18:05:08.0660 3156  STAC97 - ok
18:05:08.0841 3156  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:05:09.0331 3156  stisvc - ok
18:05:09.0371 3156  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:05:09.0602 3156  streamip - ok
18:05:09.0652 3156  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:05:09.0872 3156  swenum - ok
18:05:09.0942 3156  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:05:10.0273 3156  swmidi - ok
18:05:10.0283 3156  SwPrv - ok
18:05:10.0313 3156  symc810 - ok
18:05:10.0333 3156  symc8xx - ok
18:05:10.0343 3156  sym_hi - ok
18:05:10.0363 3156  sym_u3 - ok
18:05:10.0433 3156  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:05:10.0663 3156  sysaudio - ok
18:05:10.0743 3156  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:05:11.0004 3156  SysmonLog - ok
18:05:11.0164 3156  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:05:11.0525 3156  TapiSrv - ok
18:05:11.0695 3156  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:05:11.0935 3156  Tcpip - ok
18:05:11.0985 3156  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:05:12.0296 3156  TDPIPE - ok
18:05:12.0356 3156  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:05:12.0606 3156  TDTCP - ok
18:05:12.0646 3156  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:05:12.0856 3156  TermDD - ok
18:05:13.0027 3156  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
18:05:13.0427 3156  TermService - ok
18:05:13.0507 3156  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:05:13.0547 3156  Themes - ok
18:05:13.0567 3156  TosIde - ok
18:05:13.0658 3156  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:05:13.0928 3156  TrkWks - ok
18:05:13.0998 3156  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:05:14.0339 3156  Udfs - ok
18:05:14.0349 3156  ultra - ok
18:05:14.0549 3156  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:05:15.0010 3156  Update - ok
18:05:15.0140 3156  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:05:15.0350 3156  upnphost - ok
18:05:15.0400 3156  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
18:05:15.0670 3156  UPS - ok
18:05:15.0741 3156  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:05:16.0051 3156  usbccgp - ok
18:05:16.0081 3156  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:05:16.0412 3156  usbehci - ok
18:05:16.0482 3156  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:05:16.0722 3156  usbhub - ok
18:05:16.0772 3156  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:05:17.0012 3156  usbscan - ok
18:05:17.0072 3156  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:05:17.0383 3156  USBSTOR - ok
18:05:17.0433 3156  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:05:17.0673 3156  usbuhci - ok
18:05:17.0743 3156  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
18:05:18.0014 3156  usbvideo - ok
18:05:18.0074 3156  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:05:18.0374 3156  VgaSave - ok
18:05:18.0384 3156  ViaIde - ok
18:05:18.0675 3156  [ 308532AC80BE7F676EC58B423C6C5C84 ] Vmodem          C:\WINDOWS\system32\DRIVERS\vmodem.sys
18:05:19.0166 3156  Vmodem - ok
18:05:19.0196 3156  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:05:19.0486 3156  VolSnap - ok
18:05:19.0676 3156  [ CC040A11BB7BCEC2E90F1425B46DC38D ] Vpctcom         C:\WINDOWS\system32\DRIVERS\vpctcom.sys
18:05:19.0987 3156  Vpctcom - ok
18:05:20.0157 3156  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
18:05:20.0427 3156  VSS - ok
18:05:20.0497 3156  [ 5065D56C6829C4546B007384E9FC8812 ] Vvoice          C:\WINDOWS\system32\DRIVERS\vvoice.sys
18:05:20.0568 3156  Vvoice - ok
18:05:20.0648 3156  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
18:05:21.0809 3156  W32Time - ok
18:05:21.0859 3156  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:05:22.0110 3156  Wanarp - ok
18:05:22.0140 3156  WDICA - ok
18:05:22.0310 3156  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:05:22.0580 3156  wdmaud - ok
18:05:22.0661 3156  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:05:22.0911 3156  WebClient - ok
18:05:23.0091 3156  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:05:23.0462 3156  winmgmt - ok
18:05:23.0542 3156  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
18:05:23.0812 3156  WmdmPmSN - ok
18:05:23.0902 3156  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:05:24.0173 3156  WmiApSrv - ok
18:05:24.0243 3156  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:05:24.0533 3156  WS2IFSL - ok
18:05:24.0613 3156  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:05:24.0864 3156  wscsvc - ok
18:05:24.0924 3156  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:05:25.0174 3156  WSTCODEC - ok
18:05:25.0224 3156  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:05:25.0485 3156  wuauserv - ok
18:05:25.0725 3156  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:05:26.0256 3156  WZCSVC - ok
18:05:26.0356 3156  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:05:26.0666 3156  xmlprov - ok
18:05:26.0706 3156  ================ Scan global ===============================
18:05:26.0766 3156  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:05:26.0927 3156  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
18:05:27.0157 3156  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
18:05:27.0247 3156  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:05:27.0257 3156  [Global] - ok
18:05:27.0267 3156  ================ Scan MBR ==================================
18:05:27.0307 3156  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:05:27.0788 3156  \Device\Harddisk0\DR0 - ok
18:05:27.0798 3156  ================ Scan VBR ==================================
18:05:27.0828 3156  [ E6C0A527A9C6D22BEC67E0E090119BB7 ] \Device\Harddisk0\DR0\Partition1
18:05:27.0828 3156  \Device\Harddisk0\DR0\Partition1 - ok
18:05:27.0838 3156  ============================================================
18:05:27.0838 3156  Scan finished
18:05:27.0838 3156  ============================================================
18:05:27.0988 3148  Detected object count: 15
18:05:27.0988 3148  Actual detected object count: 15
18:05:52.0423 3148  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0423 3148  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0423 3148  Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0423 3148  Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0423 3148  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0423 3148  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0423 3148  RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0433 3148  RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0433 3148  Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0433 3148  Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0433 3148  Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0433 3148  Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0584 3148  RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0614 3148  RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0704 3148  RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0704 3148  RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0704 3148  RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0704 3148  RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0714 3148  redbook ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0714 3148  redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0724 3148  RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0724 3148  RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0724 3148  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0724 3148  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0734 3148  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0734 3148  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0734 3148  RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0734 3148  RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:52.0744 3148  SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:52.0744 3148  SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0036 3004  Deinitialize success
==========================================================================================
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-12 18:09:20
-----------------------------
18:09:20.563    OS Version: Windows 5.1.2600 Service Pack 3
18:09:20.563    Number of processors: 1 586 0x207
18:09:20.563    ComputerName: INSPRN-85K-XP2  UserName: User
18:09:22.966    Initialize success
18:09:23.477    AVAST engine defs: 13072801
18:09:45.228    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:09:45.228    Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
18:09:45.438    Disk 0 MBR read successfully
18:09:45.438    Disk 0 MBR scan
18:09:45.448    Disk 0 Windows XP default MBR code
18:09:45.448    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38154 MB offset 63
18:09:45.468    Disk 0 scanning sectors +78140160
18:09:45.689    Disk 0 scanning C:\WINDOWS\system32\drivers
18:10:12.577    Service scanning
18:10:54.428    Modules scanning
18:11:12.564    Disk 0 trace - called modules:
18:11:12.584    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
18:11:12.584    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5daab8]
18:11:12.584    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a602b00]
18:11:14.286    AVAST engine scan C:\WINDOWS
18:11:26.404    AVAST engine scan C:\WINDOWS\system32
18:17:14.594    AVAST engine scan C:\WINDOWS\system32\drivers
18:17:47.692    AVAST engine scan C:\Documents and Settings\User
18:23:04.577    AVAST engine scan C:\Documents and Settings\All Users
18:23:22.203    Scan finished successfully
18:25:55.233    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
18:25:55.233    The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
 

=============================================================================================================

Farbar Service Scanner Version: 04-08-2013
Ran by User (administrator) on 12-08-2013 at 18:28:17
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
 
netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
===============================================================================
 
Hope that's correct....  I had trouble running those scans because "interrupts" was using 50% of the processor the whole time.  Thanks!  

Attached Files

  • Attached File  MBR.zip   499bytes   2 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 PM

Posted 13 August 2013 - 08:24 AM

I had trouble running those scans because "interrupts" was using 50% of the processor the whole time. Thanks!

I suggest you remove Chrome from this computer.
use the Add/Remove Programs applet.
Restart the computer normally.

Open Internet Explorer menu > Tools > Internet options > General Tab.
In the Bottom of the pane, reset the IE settings.
Restart the computer normally.

Can you now connect to the Internet?

What problem persists.

#6 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 13 August 2013 - 08:51 AM

I put Chrome on that computer because IE8 was not working correctly.  I thought Chrome was more secure? it sure runs better!

 

I remember using CCleaner to uninstall IE8, I hope I still have IE7.

 

I can actually connect to the internet with the laptop, it's just really sporadic, and I was worried about having an infected computer online.

 

Will do as you suggest and post again tonight, thanks!



#7 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 14 August 2013 - 09:19 AM

Hi Nasdaq, sorry for the late reply.  I removed Chrome, and now I have IE6, which will connect to the internet.  I downloaded IE8 and tried to install it, but it hangs up and will not finish.  I didn't find an option in IE6 to reset IE settings.
 
Problems are as follows:

  • svchost.exe will grab 100% of processor and bog the system every now and then. This happens every time at boot up.
  • interrupts can grab up to 50% of the processor, which is really slowing the system.  I'm not sure if this is normal, but it is irritating.
  • windows firewall, updates not running, and cannot be started. (as shown in log above)
  • If I boot the computer with the network cable plugged in, I can get on the internet.  If I unplug the cable, the local area connection will stop running (I do not get a message that a cable has been unplugged).  If I plug the cable back in, the connection will not come back, and I cannot "repair" the connection.  I can't even talk to my router.
  • Taskbar at screen bottom will change color, I assume that's the virus doing its thing.

run numerous scans with Avast, MBAM, spybot, superantispyware, etc and finding nothing.  VERY frustrated.

 

Now my desktop computer is doing the same thing, so my network access will be spotty.   :(  



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 PM

Posted 14 August 2013 - 09:57 AM

With IE6 and the internet Connection can you run ComboFix and submit a if you can.

#9 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 16 August 2013 - 11:06 AM

Hi, sorry it's takin me awhile to get this done, I have a lot of work outside. Had power issues last night and lost my router. Grrr. Combofix would not complete, It gets to the "scanning" screen and runs for about 2 minutes then the computer hangs up and stops responding. This cursor will still move, but I cannot access any programs or restart or anything. Thought maybe I should run RKill before combofix just in case, and it produced a larger log than usual, which I have attached.

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/15/2013 09:28:28 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\version.dll : 18,944 : 04/14/2008 05:42 AM : c7ce131408739b0b3a318be2d0032719 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\version.dll : 18,944 : 08/12/2004 08:08 AM : d38408967be738d0c1b47005bce8ceeb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\version.dll : 18,944 : 04/14/2008 05:42 AM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]

* C:\WINDOWS\System32\w32time.dll : 175,104 : 04/14/2008 05:42 AM : 54af4b1d5459500ef0937f6d33b1914f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\w32time.dll : 174,592 : 08/12/2004 08:08 AM : 2b281958f5d0cf99ed626e3ef39d5c8d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\w32time.dll : 175,104 : 04/14/2008 05:42 AM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]

* C:\WINDOWS\System32\wbem\wmiprvse.exe : 227,840 : 02/06/2009 04:10 AM : 798a9e6828997eef4517ada8a2259831 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe : 227,840 : 02/06/2009 04:15 AM : f520ab392d58c0a1070268032d809382 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe : 218,112 : 08/12/2004 08:10 AM : 075ea6c849ab0fe416a3d6dd65c3cf41 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe : 218,112 : 04/14/2008 05:42 AM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 04:10 AM : 798a9e6828997eef4517ada8a2259831 [Pos Repl]

* C:\WINDOWS\System32\wdigest.dll : 54,272 : 06/25/2009 02:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\wdigest.dll : 54,272 : 06/25/2009 02:41 AM : d9dcec3fa1b27689fc56e34c38d3f148 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\wdigest.dll : 49,152 : 08/12/2004 08:08 AM : a8b82c5d30b7ab937e164ab349478fba [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wdigest.dll : 49,152 : 04/14/2008 05:42 AM : cefcc6a64983eb8119f3a07a0c1ede30 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 02:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]

* C:\WINDOWS\System32\wiaservc.dll : 333,824 : 04/14/2008 05:42 AM : 8bad69cbac032d4bbacfce0306174c30 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll : 333,312 : 08/12/2004 08:09 AM : d9f6c4f6b1e188adafc42b561d9bc2e6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll : 333,824 : 04/14/2008 05:42 AM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]

* C:\WINDOWS\System32\wininet.dll : 666,112 : 04/14/2008 05:42 AM : 7a4f775abb2f1c97def3e73afa2faedd [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll : 920,064 : 08/28/2012 09:13 AM : dcea3b3193b7181cf818ecc4eab30a66 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll : 920,064 : 03/01/2013 08:05 PM : 43eadba9f3cd2a5f01b189bd95fcde95 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\wininet.dll : 656,384 : 08/12/2004 08:09 AM : c0823fc5469663ba63e7db88f9919d70 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wininet.dll : 666,112 : 04/14/2008 05:42 AM : 7a4f775abb2f1c97def3e73afa2faedd [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\110d3ffbdc310a3ca9b6f7dfeb13a91f\SP3QFE\wininet.dll : 920,064 : 04/16/2013 04:17 PM : 5c4aac5a91422c95522ecc6c26fb93c8 [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe : 507,904 : 04/14/2008 05:42 AM : ed0ef0a136dec83df69f04118870003e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe : 502,272 : 08/12/2004 08:09 AM : 01c3346c241652f43aed8e2149881bfe [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe : 507,904 : 04/14/2008 05:42 AM : ed0ef0a136dec83df69f04118870003e [Pos Repl]

* C:\WINDOWS\System32\ws2_32.dll : 82,432 : 04/14/2008 05:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll : 82,944 : 08/12/2004 08:10 AM : 2ed0b7f12a60f90092081c50fa0ec2b2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll : 82,432 : 04/14/2008 05:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]

* C:\WINDOWS\System32\ws2help.dll : 19,968 : 04/14/2008 05:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll : 19,968 : 08/12/2004 08:10 AM : 9beacb911ca61e5881102188ab7fb431 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ws2help.dll : 19,968 : 04/14/2008 05:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]

* C:\WINDOWS\System32\wscntfy.exe : 13,824 : 04/14/2008 05:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe : 13,824 : 08/12/2004 08:10 AM : 49911dd39e023bb6c45e4e436cfbd297 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe : 13,824 : 04/14/2008 05:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]

* C:\WINDOWS\System32\xmlprov.dll : 129,024 : 04/14/2008 05:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll : 129,536 : 08/12/2004 08:10 AM : eef46dab68229a14da3d8e73c99e2959 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll : 129,024 : 04/14/2008 05:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]

* C:\WINDOWS\explorer.exe : 1,033,728 : 04/14/2008 05:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe : 1,032,192 : 08/12/2004 07:57 AM : a0732187050030ae399b241436565e64 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\explorer.exe : 1,033,728 : 04/14/2008 05:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]

* C:\WINDOWS\System32\drivers\acpiec.sys : 11,648 : 08/12/2004 07:55 AM : 9859c0f6936e723e4892d7141b1327d5 [NoSig]

* C:\WINDOWS\System32\drivers\acpi.sys : 187,776 : 04/14/2008 00:06 AM : 8fd99680a539792a30e97944fdaecf17 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\acpi.sys : 187,776 : 08/12/2004 07:55 AM : a10c7534f7223f4a73a948967d00e69b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\acpi.sys : 187,776 : 04/14/2008 00:06 AM : 8fd99680a539792a30e97944fdaecf17 [Pos Repl]

* C:\WINDOWS\System32\drivers\aec.sys : 142,592 : 04/13/2008 10:09 PM : 8bed39e3c35d6a489438b8141717a557 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\aec.sys : 142,592 : 04/13/2008 10:09 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\aec.sys : 142,592 : 04/13/2008 10:09 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]

* C:\WINDOWS\System32\drivers\afd.sys : 138,496 : 08/17/2011 07:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/16/2008 09:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/17/2011 07:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\afd.sys : 138,496 : 08/12/2004 07:55 AM : 5ac495f4cb807b2b98ad2ad591e6d92e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\afd.sys : 138,112 : 04/14/2008 00:49 AM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 07:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]

* C:\WINDOWS\System32\drivers\agp440.sys : 42,368 : 04/14/2008 00:06 AM : 08fd04aa961bdc77fb983f328334e3d7 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys : 42,368 : 08/03/2004 05:07 PM : 2c428fa0c3e3a01ed93c9b2a27d8d4bb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\agp440.sys : 42,368 : 04/14/2008 00:06 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\agp440.sys : 42,368 : 04/14/2008 00:06 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\AGP440.SYS : 42,368 : 04/14/2008 00:06 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]

* C:\WINDOWS\System32\drivers\amdk6.sys : 37,376 : 04/14/2008 00:01 AM : d7701d7e72243286cc88c9973d891057 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys : 36,992 : 08/12/2004 08:06 AM : dad16a9d5c873e7219e6b43802ed316a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\amdk6.sys : 37,376 : 04/14/2008 00:01 AM : d7701d7e72243286cc88c9973d891057 [Pos Repl]

* C:\WINDOWS\System32\drivers\amdk7.sys : 37,760 : 04/14/2008 00:01 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys : 37,376 : 08/12/2004 08:06 AM : 680ad1c1bb16239e28d8f33a54a7a3c7 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\amdk7.sys : 37,760 : 04/14/2008 00:01 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl]

* C:\WINDOWS\System32\drivers\arp1394.sys : 60,800 : 04/14/2008 00:21 AM : b5b8a80875c1dededa8b02765642c32f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys : 60,800 : 08/12/2004 08:06 AM : f0d692b0bffb46e30eb3cea168bbc49f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\arp1394.sys : 60,800 : 04/14/2008 00:21 AM : b5b8a80875c1dededa8b02765642c32f [Pos Repl]

* C:\WINDOWS\System32\drivers\asyncmac.sys : 14,336 : 04/14/2008 00:27 AM : b153affac761e7f5fcfa822b9c4e97bc [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys : 14,336 : 08/12/2004 07:55 AM : 02000abf34af4c218c35d257024807d6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys : 14,336 : 04/14/2008 00:27 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]

* C:\WINDOWS\System32\drivers\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : 95,360 : 08/12/2004 07:55 AM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]

* C:\WINDOWS\System32\drivers\audstub.sys : 3,072 : 08/17/2001 07:59 AM : d9f724aa26c010a217c97606b160ed68 [NoSig]

* C:\WINDOWS\System32\drivers\battc.sys : 14,208 : 04/14/2008 00:06 AM : 0d93976f7801b7fcd8135cc77257bbd0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\battc.sys : 14,080 : 08/17/2001 07:57 AM : ea22edadf90c0aba8319454b2a07b700 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\battc.sys : 14,208 : 04/14/2008 00:06 AM : 0d93976f7801b7fcd8135cc77257bbd0 [Pos Repl]

* C:\WINDOWS\System32\drivers\beep.sys : 4,224 : 08/12/2004 07:55 AM : da1f27d85e0d1525f6621372e7b685e9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 08/12/2004 07:55 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]

* C:\WINDOWS\System32\drivers\bridge.sys : 71,552 : 04/14/2008 00:23 AM : f934d1b230f84e1d19dd00ac5a7a83ed [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\bridge.sys : 71,552 : 08/12/2004 07:55 AM : e4e6a0922e3d983728c9ad4e8d466954 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\bridge.sys : 71,552 : 04/14/2008 00:23 AM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]

* C:\WINDOWS\System32\drivers\bthport.sys : 272,128 : 06/13/2008 05:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 05:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 05:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\bthport.sys : 273,024 : 04/14/2008 00:16 AM : 10b85171b90c449f8da71c2640b797e9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 05:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]

* C:\WINDOWS\System32\drivers\cbidf2k.sys : 13,952 : 08/12/2004 07:56 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig]

* C:\WINDOWS\System32\drivers\cdaudio.sys : 18,688 : 08/12/2004 07:57 AM : c1b486a7658353d33a10cc15211a873b [NoSig]

* C:\WINDOWS\System32\drivers\cdfs.sys : 63,744 : 04/14/2008 00:44 AM : c885b02847f5d2fd45a24e219ed93b32 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys : 63,744 : 08/12/2004 07:56 AM : cd7d5152df32b47f4e36f710b35aae02 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\cdfs.sys : 63,744 : 04/14/2008 00:44 AM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]

* C:\WINDOWS\System32\drivers\cdrom.sys : 62,976 : 04/14/2008 00:10 AM : 1f4260cc5b42272d71f79e570a27a4fe [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys : 49,536 : 08/12/2004 07:56 AM : af9c19b3100fe010496b1a27181fbf72 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\cdrom.sys : 62,976 : 04/14/2008 00:10 AM : 1f4260cc5b42272d71f79e570a27a4fe [Pos Repl]

* C:\WINDOWS\System32\drivers\classpnp.sys : 49,536 : 04/14/2008 00:46 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys : 49,664 : 08/12/2004 07:56 AM : d86173b401470f06d9810f7962969ddf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\classpnp.sys : 49,536 : 04/14/2008 00:46 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]

* C:\WINDOWS\System32\drivers\CmBatt.sys : 13,952 : 04/14/2008 00:06 AM : 0f6c187d38d98f8df904589a5f94d411 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys : 14,080 : 08/03/2004 05:07 PM : 4266be808f85826aedf3c64c1e240203 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys : 13,952 : 04/14/2008 00:06 AM : 0f6c187d38d98f8df904589a5f94d411 [Pos Repl]

* C:\WINDOWS\System32\drivers\compbatt.sys : 10,240 : 04/14/2008 00:06 AM : 6e4c9f21f0fae8940661144f41b13203 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\compbatt.sys : 9,344 : 08/17/2001 07:58 AM : df1b1a24bf52d0ebc01ed4ece8979f50 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\compbatt.sys : 10,240 : 04/14/2008 00:06 AM : 6e4c9f21f0fae8940661144f41b13203 [Pos Repl]

* C:\WINDOWS\System32\drivers\cpqdap01.sys : 11,776 : 08/12/2004 07:57 AM : 9624293e55ad405415862b504ca95b73 [NoSig]

* C:\WINDOWS\System32\drivers\crusoe.sys : 36,736 : 04/14/2008 00:01 AM : f50d9bdbb25cce075e514dc07472a22f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys : 36,480 : 08/12/2004 08:06 AM : 6af1684ccaac3f7ef4ee9ba65eb0677a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\crusoe.sys : 36,736 : 04/14/2008 00:01 AM : f50d9bdbb25cce075e514dc07472a22f [Pos Repl]

* C:\WINDOWS\System32\drivers\diskdump.sys : 14,208 : 04/14/2008 00:10 AM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys : 14,208 : 08/12/2004 07:56 AM : d16c81677a9be399c63cd2ea486472a5 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\diskdump.sys : 14,208 : 04/14/2008 00:10 AM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]

* C:\WINDOWS\System32\drivers\disk.sys : 36,352 : 04/14/2008 00:10 AM : 044452051f3e02e7963599fc8f4f3e25 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\disk.sys : 36,352 : 08/12/2004 07:56 AM : 00ca44e4534865f8a3b64f7c0984bff0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\disk.sys : 36,352 : 04/14/2008 00:10 AM : 044452051f3e02e7963599fc8f4f3e25 [Pos Repl]

* C:\WINDOWS\System32\drivers\dmboot.sys : 799,744 : 04/14/2008 00:14 AM : d992fe1274bde0f84ad826acae022a41 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys : 799,744 : 08/12/2004 07:56 AM : c0fbb516e06e243f0cf31f597e7ebf7d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dmboot.sys : 799,744 : 04/14/2008 00:14 AM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]

* C:\WINDOWS\System32\drivers\dmio.sys : 153,344 : 04/14/2008 00:14 AM : 7c824cf7bbde77d95c08005717a95f6f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dmio.sys : 153,344 : 08/12/2004 07:56 AM : f5e7b358a732d09f4bcf2824b88b9e28 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dmio.sys : 153,344 : 04/14/2008 00:14 AM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]

* C:\WINDOWS\System32\drivers\dmload.sys : 5,888 : 08/12/2004 07:56 AM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 08/12/2004 07:56 AM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]

* C:\WINDOWS\System32\drivers\DMusic.sys : 52,864 : 04/14/2008 00:15 AM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\dmusic.sys : 52,864 : 04/14/2008 00:15 AM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\dmusic.sys : 52,864 : 04/14/2008 00:15 AM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]

* C:\WINDOWS\System32\drivers\drmkaud.sys : 2,944 : 04/14/2008 00:15 AM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys : 2,944 : 04/14/2008 00:15 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 00:15 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]

* C:\WINDOWS\System32\drivers\drmk.sys : 60,160 : 04/14/2008 00:15 AM : 6cb08593487f5701d2d2254e693eafce [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\drmk.sys : 60,160 : 04/14/2008 00:15 AM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/14/2008 00:15 AM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]

* C:\WINDOWS\System32\drivers\dxapi.sys : 10,496 : 08/12/2004 07:57 AM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 08/12/2004 07:57 AM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]

* C:\WINDOWS\System32\drivers\dxg.sys : 71,168 : 04/14/2008 00:08 AM : ac7280566a7bb85cb3291f04ddc1198e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dxg.sys : 71,040 : 08/12/2004 07:57 AM : d3dac8432110aad0b02a58b4459ab835 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dxg.sys : 71,168 : 04/14/2008 00:08 AM : ac7280566a7bb85cb3291f04ddc1198e [Pos Repl]

* C:\WINDOWS\System32\drivers\dxgthk.sys : 3,328 : 08/12/2004 07:57 AM : a73f5d6705b1d820c19b18782e176efd [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 08/12/2004 07:57 AM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]

* C:\WINDOWS\System32\drivers\fastfat.sys : 143,744 : 04/14/2008 00:44 AM : 38d332a6d56af32635675f132548343e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys : 143,360 : 08/12/2004 07:57 AM : 3117f595e9615e04f05a54fc15a03b20 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fastfat.sys : 143,744 : 04/14/2008 00:44 AM : 38d332a6d56af32635675f132548343e [Pos Repl]

* C:\WINDOWS\System32\drivers\fdc.sys : 27,392 : 04/14/2008 00:10 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fdc.sys : 27,392 : 08/12/2004 07:57 AM : ced2e8396a8838e59d8fd529c680e02c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fdc.sys : 27,392 : 04/14/2008 00:10 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl]

* C:\WINDOWS\System32\drivers\fips.sys : 44,544 : 04/14/2008 00:03 AM : d45926117eb9fa946a6af572fbe1caa3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fips.sys : 34,944 : 08/12/2004 07:57 AM : e153ab8a11de5452bcf5ac7652dbf3ed [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fips.sys : 44,544 : 04/14/2008 00:03 AM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]

* C:\WINDOWS\System32\drivers\flpydisk.sys : 20,480 : 04/14/2008 00:10 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys : 20,480 : 08/12/2004 07:57 AM : 0dd1de43115b93f4d85e889d7a86f548 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys : 20,480 : 04/14/2008 00:10 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl]

* C:\WINDOWS\System32\drivers\fltMgr.sys : 129,792 : 04/14/2008 00:03 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys : 124,800 : 08/12/2004 07:57 AM : 157754f0df355a9e0a6f54721914f9c6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys : 129,792 : 04/14/2008 00:03 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]

* C:\WINDOWS\System32\drivers\fs_rec.sys : 7,936 : 08/12/2004 07:57 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [NoSig]
+-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 08/12/2004 07:57 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]

* C:\WINDOWS\System32\drivers\fsvga.sys : 12,160 : 08/12/2004 07:57 AM : 455f778ee14368468560bd7cb8c854d0 [NoSig]

* C:\WINDOWS\System32\drivers\ftdisk.sys : 125,056 : 08/12/2004 07:57 AM : 6ac26732762483366c3969c9e4d2259d [NoSig]

* C:\WINDOWS\System32\drivers\hidclass.sys : 36,864 : 04/14/2008 00:15 AM : 1af592532532a402ed7c060f6954004f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys : 36,224 : 08/12/2004 07:57 AM : 378055ab8dda86228683c697c4e11685 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hidclass.sys : 36,864 : 04/14/2008 00:15 AM : 1af592532532a402ed7c060f6954004f [Pos Repl]

* C:\WINDOWS\System32\drivers\hidparse.sys : 24,960 : 04/14/2008 00:15 AM : 96eccf28fdbf1b2cc12725818a63628d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys : 24,960 : 08/12/2004 07:57 AM : 5fff41cd5108e9051d255c37825af697 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hidparse.sys : 24,960 : 04/14/2008 00:15 AM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]

* C:\WINDOWS\System32\drivers\hidusb.sys : 10,368 : 04/14/2008 00:15 AM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\hidusb.sys : 10,368 : 04/14/2008 00:15 AM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\hidusb.sys : 10,368 : 04/14/2008 00:15 AM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]

* C:\WINDOWS\System32\drivers\http.sys : 265,728 : 10/20/2009 10:20 AM : f80a415ef82cd06ffaf0d971528ead38 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/20/2009 09:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\http.sys : 263,040 : 08/12/2004 07:57 AM : c19b522a9ae0bbc3293397f3055e80a1 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 10:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\http.sys : 264,832 : 04/14/2008 00:23 AM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 10:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]

* C:\WINDOWS\System32\drivers\i8042prt.sys : 52,480 : 04/14/2008 00:48 AM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys : 52,736 : 08/12/2004 07:57 AM : 5502b58eef7486ee6f93f3f164dcb808 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys : 52,480 : 04/14/2008 00:48 AM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\i8042prt.sys : 52,480 : 04/14/2008 00:48 AM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\i8042prt.sys : 52,480 : 04/14/2008 00:48 AM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]

* C:\WINDOWS\System32\drivers\imapi.sys : 42,112 : 04/14/2008 00:11 AM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\imapi.sys : 41,856 : 08/12/2004 07:58 AM : f8aa320c6a0409c0380e5d8a99d76ec6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\imapi.sys : 42,112 : 04/14/2008 00:11 AM : 083a052659f5310dd8b6a6cb05edcf8e [Pos Repl]

* C:\WINDOWS\System32\drivers\intelide.sys : 5,504 : 04/14/2008 00:10 AM : b5466a9250342a7aa0cd1fba13420678 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\intelide.sys : 5,504 : 08/03/2004 04:59 PM : 2d722b2b54ab55b2fa475eb58d7b2aad [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\intelide.sys : 5,504 : 04/14/2008 00:10 AM : b5466a9250342a7aa0cd1fba13420678 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\intelide.sys : 5,504 : 04/14/2008 00:10 AM : b5466a9250342a7aa0cd1fba13420678 [Pos Repl]

* C:\WINDOWS\System32\drivers\intelppm.sys : 36,352 : 04/14/2008 00:01 AM : 8c953733d8f36eb2133f5bb58808b66b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\intelppm.sys : 36,096 : 08/12/2004 07:58 AM : 279fb78702454dff2bb445f238c048d2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\intelppm.sys : 36,352 : 04/14/2008 00:01 AM : 8c953733d8f36eb2133f5bb58808b66b [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\intelppm.sys : 36,096 : 08/12/2004 07:58 AM : 279fb78702454dff2bb445f238c048d2 [Pos Repl]

* C:\WINDOWS\System32\drivers\ip6fw.sys : 36,608 : 04/14/2008 00:23 AM : 3bb22519a194418d5fec05d800a19ad0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys : 29,056 : 08/12/2004 07:58 AM : 4448006b6bc60e6c027932cfc38d6855 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys : 36,608 : 04/14/2008 00:23 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]

* C:\WINDOWS\System32\drivers\ipfltdrv.sys : 32,896 : 08/12/2004 07:58 AM : 731f22ba402ee4b62748adaf6363c182 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 08/12/2004 07:58 AM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]

* C:\WINDOWS\System32\drivers\ipinip.sys : 20,864 : 04/14/2008 00:27 AM : b87ab476dcf76e72010632b5550955f5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys : 20,992 : 08/12/2004 07:58 AM : e1ec7f5da720b640cd8fb8424f1b14bb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipinip.sys : 20,864 : 04/14/2008 00:27 AM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]

* C:\WINDOWS\System32\drivers\ipnat.sys : 152,832 : 04/14/2008 00:27 AM : cc748ea12c6effde940ee98098bf96bb [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys : 134,912 : 08/12/2004 07:58 AM : b5a8e215ac29d24d60b4d1250ef05ace [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipnat.sys : 152,832 : 04/14/2008 00:27 AM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]

* C:\WINDOWS\System32\drivers\ipsec.sys : 75,264 : 04/14/2008 00:49 AM : 23c74d75e36e7158768dd63d92789a91 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys : 74,752 : 08/12/2004 07:58 AM : 64537aa5c003a6afeee1df819062d0d1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipsec.sys : 75,264 : 04/14/2008 00:49 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]

* C:\WINDOWS\System32\drivers\irenum.sys : 11,264 : 04/14/2008 00:24 AM : c93c9ff7b04d772627a3646d89f7bf89 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\irenum.sys : 11,264 : 08/12/2004 07:58 AM : 50708daa1b1cbb7d6ac1cf8f56a24410 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\irenum.sys : 11,264 : 04/14/2008 00:24 AM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]

* C:\WINDOWS\System32\drivers\isapnp.sys : 37,248 : 04/14/2008 00:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys : 35,840 : 08/12/2004 07:58 AM : e504f706ccb699c2596e9a3da1596e87 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\isapnp.sys : 37,248 : 04/14/2008 00:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\isapnp.sys : 37,248 : 04/14/2008 00:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\isapnp.sys : 37,248 : 04/14/2008 00:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]

* C:\WINDOWS\System32\drivers\kbdclass.sys : 24,576 : 04/14/2008 00:09 AM : 463c1ec80cd17420a542b7f36a36f128 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys : 24,576 : 08/12/2004 07:58 AM : ebdee8a2ee5393890a1acee971c4c246 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys : 24,576 : 04/14/2008 00:09 AM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]

* C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 04/14/2008 00:15 AM : 692bcf44383d056aed41b045a323d378 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\kmixer.sys : 172,416 : 04/14/2008 00:15 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 00:15 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl]

* C:\WINDOWS\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 05:18 AM : b467646c54cc746128904e1654c750c1 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 04:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys : 92,032 : 08/12/2004 07:58 AM : eb7ffe87fd367ea8fca0506f74a87fbb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ksecdd.sys : 92,288 : 04/14/2008 00:01 AM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 05:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl]

* C:\WINDOWS\System32\drivers\ks.sys : 141,056 : 04/14/2008 00:46 AM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ks.sys : 140,928 : 08/12/2004 08:06 AM : b9540e258f952650de8dec68719a5c97 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ks.sys : 141,056 : 04/14/2008 00:46 AM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/14/2008 00:46 AM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]

* C:\WINDOWS\System32\drivers\mcd.sys : 7,680 : 08/12/2004 07:59 AM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig]
+-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 08/12/2004 07:59 AM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]

* C:\WINDOWS\System32\drivers\mf.sys : 63,744 : 04/14/2008 00:06 AM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mf.sys : 63,744 : 08/12/2004 08:06 AM : 729d83e56c29c510258a6e9e79ffddc3 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mf.sys : 63,744 : 04/14/2008 00:06 AM : a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl]

* C:\WINDOWS\System32\drivers\mnmdd.sys : 4,224 : 08/12/2004 07:59 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 08/12/2004 07:59 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]

* C:\WINDOWS\System32\drivers\modem.sys : 30,080 : 04/14/2008 00:30 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\modem.sys : 30,080 : 08/12/2004 08:06 AM : 6fc6f9d7acc36dca9b914565a3aeda05 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\modem.sys : 30,080 : 04/14/2008 00:30 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl]

* C:\WINDOWS\System32\drivers\mouclass.sys : 23,040 : 04/14/2008 00:09 AM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys : 23,040 : 08/12/2004 08:06 AM : 34e1f0031153e491910e12551400192c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mouclass.sys : 23,040 : 04/14/2008 00:09 AM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mouclass.sys : 23,040 : 04/14/2008 00:09 AM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\mouclass.sys : 23,040 : 04/14/2008 00:09 AM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]

* C:\WINDOWS\System32\drivers\mouhid.sys : 12,160 : 08/17/2001 01:48 PM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mouhid.sys : 12,160 : 08/17/2001 01:48 PM : b1c303e17fb9d46e87a98e4ba6769685 [Pos Repl]

* C:\WINDOWS\System32\drivers\mountmgr.sys : 42,368 : 04/14/2008 00:09 AM : a80b9a0bad1b73637dbcbba7df72d3fd [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys : 42,240 : 08/12/2004 08:00 AM : 65653f3b4477f3c63e68a9659f85ee2e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys : 42,368 : 04/14/2008 00:09 AM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]

* C:\WINDOWS\System32\drivers\mrxdav.sys : 180,608 : 04/14/2008 00:02 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys : 181,248 : 08/12/2004 08:00 AM : 46edcc8f2db2f322c24f48785cb46366 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mrxdav.sys : 180,608 : 04/14/2008 00:02 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]

* C:\WINDOWS\System32\drivers\mrxsmb.sys : 456,320 : 07/15/2011 07:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/15/2011 07:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys : 451,456 : 08/12/2004 08:00 AM : 1fd607fc67f7f7c633c3da65bfc53d18 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 07:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys : 456,576 : 04/14/2008 00:47 AM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 07:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]

* C:\WINDOWS\System32\drivers\msfs.sys : 19,072 : 04/14/2008 00:02 AM : c941ea2454ba8350021d774daf0f1027 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msfs.sys : 19,072 : 08/12/2004 08:00 AM : 561b3a4333ca2dbdba28b5b956822519 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msfs.sys : 19,072 : 04/14/2008 00:02 AM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]

* C:\WINDOWS\System32\drivers\msgpc.sys : 35,072 : 04/14/2008 00:26 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\msgpc.sys : 35,072 : 08/12/2004 08:00 AM : c0f1d4a21de5a415df8170616703debf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\msgpc.sys : 35,072 : 04/14/2008 00:26 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]

* C:\WINDOWS\System32\drivers\MSKSSRV.sys : 7,552 : 04/14/2008 00:09 AM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys : 7,552 : 04/14/2008 00:09 AM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mskssrv.sys : 7,552 : 04/14/2008 00:09 AM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]

* C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 5,376 : 04/14/2008 00:09 AM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\mspclock.sys : 5,376 : 04/14/2008 00:09 AM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mspclock.sys : 5,376 : 04/14/2008 00:09 AM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]

* C:\WINDOWS\System32\drivers\MSPQM.sys : 4,992 : 04/14/2008 00:09 AM : bad59648ba099da4a17680b39730cb3d [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\mspqm.sys : 4,992 : 04/14/2008 00:09 AM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mspqm.sys : 4,992 : 04/14/2008 00:09 AM : bad59648ba099da4a17680b39730cb3d [Pos Repl]

* C:\WINDOWS\System32\drivers\mssmbios.sys : 15,488 : 04/14/2008 00:06 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\mssmbios.sys : 15,488 : 08/12/2004 08:06 AM : 469541f8bfd2b32659d5d463a6714bce [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys : 15,488 : 04/14/2008 00:06 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl]

* C:\WINDOWS\System32\drivers\mup.sys : 105,472 : 04/21/2011 07:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/21/2011 07:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\mup.sys : 107,904 : 08/12/2004 08:01 AM : 82035e0f41c2dd05ae41d27fe6cf7de1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mup.sys : 105,344 : 04/14/2008 00:47 AM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 07:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]

* C:\WINDOWS\System32\drivers\ndis.sys : 182,656 : 04/14/2008 00:50 AM : 1df7f42665c94b825322fae71721130d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndis.sys : 182,912 : 08/12/2004 08:01 AM : 558635d3af1c7546d26067d5d9b6959e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndis.sys : 182,656 : 04/14/2008 00:50 AM : 1df7f42665c94b825322fae71721130d [Pos Repl]

* C:\WINDOWS\System32\drivers\ndistapi.sys : 10,496 : 07/08/2011 08:02 AM : 0109c4f3850dfbab279542515386ae22 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/08/2011 07:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndistapi.sys : 9,600 : 08/12/2004 08:01 AM : 08d43bbdacdf23f34d79e44ed35c1b4c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndistapi.sys : 10,112 : 04/14/2008 00:27 AM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 08:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl]

* C:\WINDOWS\System32\drivers\ndisuio.sys : 14,592 : 04/14/2008 00:26 AM : f927a4434c5028758a842943ef1a3849 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys : 12,928 : 08/12/2004 08:06 AM : 34d6cd56409da9a7ed573e1c90a308bf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys : 14,592 : 04/14/2008 00:26 AM : f927a4434c5028758a842943ef1a3849 [Pos Repl]

* C:\WINDOWS\System32\drivers\ndiswan.sys : 91,520 : 04/14/2008 00:50 AM : edc1531a49c80614b2cfda43ca8659ab [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndiswan.sys : 91,776 : 08/12/2004 08:01 AM : 0b90e255a9490166ab368cd55a529893 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys : 91,520 : 04/14/2008 00:50 AM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]

* C:\WINDOWS\System32\drivers\ndproxy.sys : 40,960 : 11/02/2010 09:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40,960 : 11/02/2010 11:55 PM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\ndproxy.sys : 38,016 : 08/12/2004 08:01 AM : 59fc3fb44d2669bc144fd87826bb571f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys : 40,576 : 04/14/2008 00:27 AM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/02/2010 09:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl]

* C:\WINDOWS\System32\drivers\netbios.sys : 34,688 : 04/14/2008 00:26 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\netbios.sys : 34,560 : 08/12/2004 08:01 AM : 3a2aca8fc1d7786902ca434998d7ceb4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netbios.sys : 34,688 : 04/14/2008 00:26 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]

* C:\WINDOWS\System32\drivers\netbt.sys : 162,816 : 04/14/2008 00:51 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\netbt.sys : 162,816 : 08/12/2004 08:01 AM : 0c80e410cd2f47134407ee7dd19cc86b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\netbt.sys : 162,816 : 04/14/2008 00:51 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]

* C:\WINDOWS\System32\drivers\nic1394.sys : 61,824 : 04/14/2008 00:21 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys : 61,824 : 08/12/2004 08:06 AM : 5c5c53db4fef16cf87b9911c7e8c6fbc [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\nic1394.sys : 61,824 : 04/14/2008 00:21 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl]

* C:\WINDOWS\System32\drivers\nikedrv.sys : 12,032 : 08/12/2004 07:57 AM : be984d604d91c217355cdd3737aad25d [NoSig]

* C:\WINDOWS\System32\drivers\nmnt.sys : 40,320 : 04/14/2008 00:23 AM : 1e421a6bcf2203cc61b821ada9de878b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\nmnt.sys : 40,320 : 08/12/2004 08:02 AM : 60cf8c7192b3614f240838ddbaa4a245 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\nmnt.sys : 40,320 : 04/14/2008 00:23 AM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]

* C:\WINDOWS\System32\drivers\npfs.sys : 30,848 : 04/14/2008 00:02 AM : 3182d64ae053d6fb034f44b6def8034a [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\npfs.sys : 30,848 : 08/12/2004 08:02 AM : 4f601bcb8f64ea3ac0994f98fed03f8e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\npfs.sys : 30,848 : 04/14/2008 00:02 AM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]

* C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 04/14/2008 00:45 AM : 78a08dd6a8d65e697c18e1db01c5cdca [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys : 574,592 : 08/12/2004 08:02 AM : b78be402c3f63dd55521f73876951cdd [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ntfs.sys : 574,976 : 04/14/2008 00:45 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]

* C:\WINDOWS\System32\drivers\null.sys : 2,944 : 08/12/2004 08:02 AM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig]
+-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 08/12/2004 08:02 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]

* C:\WINDOWS\System32\drivers\nwlnkflt.sys : 12,416 : 08/12/2004 08:02 AM : b305f3fad35083837ef46a0bbce2fc57 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 08/12/2004 08:02 AM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]

* C:\WINDOWS\System32\drivers\nwlnkfwd.sys : 32,512 : 08/12/2004 08:02 AM : c99b3415198d1aab7227f2c88fd664b9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 08/12/2004 08:02 AM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]

* C:\WINDOWS\System32\drivers\nwlnkipx.sys : 88,320 : 04/14/2008 00:26 AM : 8b8b1be2dba4025da6786c645f77f123 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\nwlnkipx.sys : 88,448 : 08/12/2004 08:02 AM : 79ea3fcda7067977625b3363a2657c80 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys : 88,320 : 04/14/2008 00:26 AM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]

* C:\WINDOWS\System32\drivers\nwlnknb.sys : 63,232 : 08/12/2004 08:02 AM : 56d34a67c05e94e16377c60609741ff8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 08/12/2004 08:02 AM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]

* C:\WINDOWS\System32\drivers\nwlnkspx.sys : 55,936 : 08/12/2004 08:02 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 08/12/2004 08:02 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]

* C:\WINDOWS\System32\drivers\oprghdlr.sys : 3,456 : 08/12/2004 08:03 AM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig]

* C:\WINDOWS\System32\drivers\p3.sys : 42,752 : 04/14/2008 00:01 AM : c90018bafdc7098619a4a95b046b30f3 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\p3.sys : 42,496 : 08/12/2004 08:06 AM : 3e16eff2a6fed2d8d7f5a66dfe65d183 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\p3.sys : 42,752 : 04/14/2008 00:01 AM : c90018bafdc7098619a4a95b046b30f3 [Pos Repl]

* C:\WINDOWS\System32\drivers\parport.sys : 80,128 : 04/14/2008 00:10 AM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\parport.sys : 80,128 : 08/12/2004 08:06 AM : 29744eb4ce659dfe3b4122deb45bc478 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\parport.sys : 80,128 : 04/14/2008 00:10 AM : 5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl]

* C:\WINDOWS\System32\drivers\partmgr.sys : 19,712 : 04/14/2008 00:10 AM : beb3ba25197665d82ec7065b724171c6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\partmgr.sys : 18,688 : 08/12/2004 08:03 AM : 3334430c29dc338092f79c38ef7b4cd0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\partmgr.sys : 19,712 : 04/14/2008 00:10 AM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]

* C:\WINDOWS\System32\drivers\parvdm.sys : 6,784 : 08/12/2004 08:03 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 08/12/2004 08:03 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]

* C:\WINDOWS\System32\drivers\pciidex.sys : 24,960 : 04/14/2008 00:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys : 25,088 : 08/12/2004 08:03 AM : 520b91ab011456b940d9b05fc91108ff [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pciidex.sys : 24,960 : 04/14/2008 00:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\pciidex.sys : 24,960 : 04/14/2008 00:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\pciidex.sys : 24,960 : 04/14/2008 00:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]

* C:\WINDOWS\System32\drivers\pci.sys : 68,224 : 04/14/2008 00:06 AM : a219903ccf74233761d92bef471a07b1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pci.sys : 68,224 : 08/12/2004 08:03 AM : 8086d9979234b603ad5bc2f5d890b234 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pci.sys : 68,224 : 04/14/2008 00:06 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\pci.sys : 68,224 : 04/14/2008 00:06 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\pci.sys : 68,224 : 04/14/2008 00:06 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]

* C:\WINDOWS\System32\drivers\pcmcia.sys : 120,192 : 04/14/2008 00:06 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\pcmcia.sys : 119,936 : 08/12/2004 08:03 AM : 82a087207decec8456fbe8537947d579 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys : 120,192 : 04/14/2008 00:06 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl]

* C:\WINDOWS\System32\drivers\portcls.sys : 146,048 : 04/14/2008 00:49 AM : e82a496c3961efc6828b508c310ce98f [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\portcls.sys : 146,048 : 04/14/2008 00:49 AM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/14/2008 00:49 AM : e82a496c3961efc6828b508c310ce98f [Pos Repl]

* C:\WINDOWS\System32\drivers\processr.sys : 35,840 : 04/14/2008 00:01 AM : a32bebaf723557681bfc6bd93e98bd26 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\processr.sys : 35,328 : 08/12/2004 08:06 AM : 0d97d88720a4087ec93af7dbb303b30a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\processr.sys : 35,840 : 04/14/2008 00:01 AM : a32bebaf723557681bfc6bd93e98bd26 [Pos Repl]

* C:\WINDOWS\System32\drivers\psched.sys : 69,120 : 04/14/2008 00:26 AM : 09298ec810b07e5d582cb3a3f9255424 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\psched.sys : 69,120 : 08/12/2004 08:03 AM : 48671f327553dcf1d27f6197f622a668 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\psched.sys : 69,120 : 04/14/2008 00:26 AM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]

* C:\WINDOWS\System32\drivers\ptilink.sys : 17,792 : 08/12/2004 08:03 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig]
+-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 08/12/2004 08:03 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]

* C:\WINDOWS\System32\drivers\rasacd.sys : 8,832 : 08/12/2004 08:04 AM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 08/12/2004 08:04 AM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]

* C:\WINDOWS\System32\drivers\rasl2tp.sys : 51,328 : 04/14/2008 00:49 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys : 51,328 : 08/12/2004 08:04 AM : 98faeb4a4dcf812ba1c6fca4aa3e115c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys : 51,328 : 04/14/2008 00:49 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]

* C:\WINDOWS\System32\drivers\raspppoe.sys : 41,472 : 04/14/2008 00:27 AM : 5bc962f2654137c9909c3d4603587dee [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys : 41,472 : 08/12/2004 08:04 AM : 7306eeed8895454cbed4669be9f79faa [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\raspppoe.sys : 41,472 : 04/14/2008 00:27 AM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]

* C:\WINDOWS\System32\drivers\raspptp.sys : 48,384 : 04/14/2008 00:49 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys : 48,384 : 08/12/2004 08:04 AM : 1c5cc65aac0783c344f16353e60b72ac [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\raspptp.sys : 48,384 : 04/14/2008 00:49 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]

* C:\WINDOWS\System32\drivers\raspti.sys : 16,512 : 08/12/2004 08:04 AM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 08/12/2004 08:04 AM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]

* C:\WINDOWS\System32\drivers\rawwan.sys : 34,432 : 08/12/2004 08:04 AM : 01524cd237223b18adbb48f70083f101 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 08/12/2004 08:04 AM : 01524cd237223b18adbb48f70083f101 [Pos Repl]

* C:\WINDOWS\System32\drivers\rdbss.sys : 175,744 : 04/14/2008 00:58 AM : 7ad224ad1a1437fe28d89cf22b17780a [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys : 176,512 : 08/12/2004 08:04 AM : 29d66245adba878fff574cd66abd2884 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rdbss.sys : 175,744 : 04/14/2008 00:58 AM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]

* C:\WINDOWS\System32\drivers\rdpcdd.sys : 4,224 : 08/12/2004 08:04 AM : 4912d5b403614ce99c28420f75353332 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 08/12/2004 08:04 AM : 4912d5b403614ce99c28420f75353332 [Pos Repl]

* C:\WINDOWS\System32\drivers\rdpdr.sys : 196,224 : 04/14/2008 00:02 AM : 15cabd0f7c00c47c70124907916af3f1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys : 196,864 : 08/03/2004 11:01 PM : a2cae2c60bc37e0751ef9dda7ceaf4ad [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys : 196,224 : 04/14/2008 00:02 AM : 15cabd0f7c00c47c70124907916af3f1 [Pos Repl]

* C:\WINDOWS\System32\drivers\rdpwd.sys : 139,784 : 07/04/2012 08:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2723135\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 07:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys : 139,400 : 08/12/2004 08:04 AM : d4f5643d7714ef499ae9527fdcd50894 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys : 139,656 : 04/14/2008 05:43 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/04/2012 08:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]

* C:\WINDOWS\System32\drivers\redbook.sys : 57,600 : 04/14/2008 00:10 AM : f828dd7e1419b6653894a8f97a0094c5 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\redbook.sys : 57,472 : 08/03/2004 04:59 PM : b31b4588e4086d8d84adbf9845c2402b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\redbook.sys : 57,600 : 04/14/2008 00:10 AM : f828dd7e1419b6653894a8f97a0094c5 [Pos Repl]

* C:\WINDOWS\System32\drivers\rmcast.sys : 203,136 : 05/08/2008 08:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/08/2008 07:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\rmcast.sys : 200,064 : 08/12/2004 08:04 AM : 35e81b908ae4e97fc7bdf4607c516ff4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rmcast.sys : 202,624 : 04/14/2008 00:25 AM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 08:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]

* C:\WINDOWS\System32\drivers\rndismp.sys : 30,592 : 04/14/2008 00:26 AM : 601844cbcf617ff8c868130ca5b2039d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys : 30,080 : 08/12/2004 08:04 AM : 7ce8b277f3207ea82d7d22ad348befc6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rndismp.sys : 30,592 : 04/14/2008 00:26 AM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]

* C:\WINDOWS\System32\drivers\rootmdm.sys : 5,888 : 08/12/2004 08:04 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 08/12/2004 08:04 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]

* C:\WINDOWS\System32\drivers\scsiport.sys : 96,384 : 04/14/2008 00:10 AM : 76c465f570e90c28942d52ccb2580a10 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys : 96,256 : 08/12/2004 08:04 AM : d7fd0ff761e28ac0ea35ad71e0cd67e9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\scsiport.sys : 96,384 : 04/14/2008 00:10 AM : 76c465f570e90c28942d52ccb2580a10 [Pos Repl]

* C:\WINDOWS\System32\drivers\sdbus.sys : 79,232 : 04/14/2008 00:06 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sdbus.sys : 67,584 : 08/12/2004 08:04 AM : 02fc71b020ec8700ee8a46c58bc6f276 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sdbus.sys : 79,232 : 04/14/2008 00:06 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl]

* C:\WINDOWS\System32\drivers\serenum.sys : 15,744 : 04/14/2008 00:10 AM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\serenum.sys : 15,488 : 08/12/2004 08:04 AM : a2d868aeeff612e70e213c451a70cafb [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\serenum.sys : 15,744 : 04/14/2008 00:10 AM : 0f29512ccd6bead730039fb4bd2c85ce [Pos Repl]

* C:\WINDOWS\System32\drivers\serial.sys : 64,512 : 04/14/2008 00:45 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\serial.sys : 64,896 : 08/12/2004 08:04 AM : cd9404d115a00d249f70a371b46d5a26 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\serial.sys : 64,512 : 04/14/2008 00:45 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl]

* C:\WINDOWS\System32\drivers\sffdisk.sys : 11,904 : 04/14/2008 00:10 AM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sffdisk.sys : 11,136 : 08/12/2004 08:05 AM : 1d9f1bec651815741f088a8fb88e17ee [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sffdisk.sys : 11,904 : 04/14/2008 00:10 AM : 0fa803c64df0914b41f807ea276bf2a6 [Pos Repl]

* C:\WINDOWS\System32\drivers\sffp_sd.sys : 11,008 : 04/14/2008 00:10 AM : c17c331e435ed8737525c86a7557b3ac [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sffp_sd.sys : 10,240 : 08/12/2004 08:05 AM : 586499fd312ffd7f78553f408e71682e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sffp_sd.sys : 11,008 : 04/14/2008 00:10 AM : c17c331e435ed8737525c86a7557b3ac [Pos Repl]

* C:\WINDOWS\System32\drivers\sfloppy.sys : 11,392 : 04/14/2008 00:10 AM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys : 11,392 : 08/12/2004 08:05 AM : 0d13b6df6e9e101013a7afb0ce629fe0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys : 11,392 : 04/14/2008 00:10 AM : 8e6b8c671615d126fdc553d1e2de5562 [Pos Repl]

* C:\WINDOWS\System32\drivers\smclib.sys : 14,592 : 08/12/2004 08:05 AM : 017daecf0ed3aa731313433601ec40fa [NoSig]
+-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 08/12/2004 08:05 AM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]

* C:\WINDOWS\System32\drivers\sonydcam.sys : 25,344 : 04/14/2008 00:16 AM : 489703624dac94ed943c2abda022a1cd [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys : 25,472 : 08/12/2004 08:06 AM : addc9e4757a68ab60562ad3cb9c288d6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys : 25,344 : 04/14/2008 00:16 AM : 489703624dac94ed943c2abda022a1cd [Pos Repl]

* C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 04/14/2008 00:15 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\splitter.sys : 6,272 : 04/14/2008 00:15 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\splitter.sys : 6,272 : 04/14/2008 00:15 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]

* C:\WINDOWS\System32\drivers\sr.sys : 73,472 : 04/14/2008 00:06 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\sr.sys : 73,472 : 08/12/2004 08:06 AM : e41b6d037d6cd08461470af04500dc24 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\sr.sys : 73,472 : 04/14/2008 00:06 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]

* C:\WINDOWS\System32\drivers\srv.sys : 357,888 : 02/17/2011 07:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/26/2010 07:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/17/2011 07:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\srv.sys : 336,256 : 08/12/2004 08:06 AM : 20b7e396720353e4117d64d9dcb926ca [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\srv.sys : 334,848 : 04/14/2008 00:45 AM : 5252605079810904e31c332e241cd59b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 07:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]

* C:\WINDOWS\System32\drivers\stream.sys : 49,408 : 04/14/2008 00:15 AM : 3e5d89099ded9e86e5639f411693218f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\stream.sys : 48,640 : 08/12/2004 08:06 AM : c43356072eb3e88cd62958db10cead47 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\stream.sys : 49,408 : 04/14/2008 00:15 AM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/14/2008 00:15 AM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]

* C:\WINDOWS\System32\drivers\swenum.sys : 4,352 : 04/14/2008 00:09 AM : 3941d127aef12e93addf6fe6ee027e0f [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\swenum.sys : 4,352 : 08/12/2004 08:06 AM : 03c1bae4766e2450219d20b993d6e046 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\swenum.sys : 4,352 : 04/14/2008 00:09 AM : 3941d127aef12e93addf6fe6ee027e0f [Pos Repl]

* C:\WINDOWS\System32\drivers\swmidi.sys : 56,576 : 04/14/2008 00:15 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\swmidi.sys : 56,576 : 04/14/2008 00:15 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 00:15 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]

* C:\WINDOWS\System32\drivers\sysaudio.sys : 60,800 : 04/14/2008 00:45 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys : 60,800 : 04/14/2008 00:45 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 00:45 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]

* C:\WINDOWS\System32\drivers\tape.sys : 14,976 : 04/14/2008 00:10 AM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tape.sys : 14,976 : 08/12/2004 08:07 AM : a2a9ca0d1a9ac1ff54220aa0789fe5cf [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tape.sys : 14,976 : 04/14/2008 00:10 AM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]

* C:\WINDOWS\System32\drivers\tcpip6.sys : 226,880 : 02/11/2010 06:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 05:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 05:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys : 223,616 : 08/12/2004 08:07 AM : 4d58bb1ae8841aafd8790ad7e1e3b8ea [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip6.sys : 225,664 : 04/14/2008 00:30 AM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 06:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]

* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 05:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 05:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 359,040 : 08/12/2004 08:07 AM : 9f4b36614a0fc234525ba224957de55c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/14/2008 00:50 AM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 05:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]

* C:\WINDOWS\System32\drivers\tdi.sys : 19,072 : 04/14/2008 00:30 AM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tdi.sys : 18,560 : 08/12/2004 08:07 AM : 6891b74ab9a016064e82a419388d0601 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tdi.sys : 19,072 : 04/14/2008 00:30 AM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]

* C:\WINDOWS\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 05:43 AM : 6471a66807f5e104e4885f5b67349397 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys : 12,040 : 08/12/2004 08:07 AM : 38d437cf2d98965f239b0abcd66dcb0f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys : 12,040 : 04/14/2008 05:43 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]

* C:\WINDOWS\System32\drivers\tdtcp.sys : 21,896 : 04/14/2008 05:43 AM : c56b6d0402371cf3700eb322ef3aaf61 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys : 21,896 : 08/12/2004 08:07 AM : ed0580af02502d00ad8c4c066b156be9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys : 21,896 : 04/14/2008 05:43 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]

* C:\WINDOWS\System32\drivers\termdd.sys : 40,840 : 04/14/2008 05:43 AM : 88155247177638048422893737429d9e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\termdd.sys : 40,840 : 08/04/2004 01:01 AM : a540a99c281d933f3d69d55e48727f47 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\termdd.sys : 40,840 : 04/14/2008 05:43 AM : 88155247177638048422893737429d9e [Pos Repl]

* C:\WINDOWS\System32\drivers\tosdvd.sys : 51,712 : 08/12/2004 07:57 AM : 699450901c5ccfd82357cbc531cedd23 [NoSig]

* C:\WINDOWS\System32\drivers\tunmp.sys : 12,288 : 04/14/2008 00:26 AM : 8f861eda21c05857eb8197300a92501c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\tunmp.sys : 12,416 : 08/12/2004 08:06 AM : 87a0e9e18c10a9e454238e3330e2a26d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tunmp.sys : 12,288 : 04/14/2008 00:26 AM : 8f861eda21c05857eb8197300a92501c [Pos Repl]

* C:\WINDOWS\System32\drivers\udfs.sys : 66,048 : 04/14/2008 00:02 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\udfs.sys : 66,176 : 08/12/2004 08:07 AM : 12f70256f140cd7d52c58c7048fde657 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\udfs.sys : 66,048 : 04/14/2008 00:02 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]

* C:\WINDOWS\System32\drivers\update.sys : 384,768 : 04/14/2008 00:09 AM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\update.sys : 209,408 : 08/12/2004 08:07 AM : aff2e5045961bbc0a602bb6f95eb1345 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\update.sys : 384,768 : 04/14/2008 00:09 AM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]

* C:\WINDOWS\System32\drivers\usb8023.sys : 12,928 : 02/11/2013 06:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/11/2013 06:43 PM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\usb8023.sys : 12,672 : 08/12/2004 08:08 AM : af090265ec388bab320f1ff7e7a7d5ea [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usb8023.sys : 12,800 : 04/14/2008 00:26 AM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/11/2013 06:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]

* C:\WINDOWS\System32\drivers\usbcamd2.sys : 25,728 : 04/14/2008 00:15 AM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbcamd2.sys : 23,936 : 08/12/2004 07:57 AM : 61018ba9df6b63e51d9753c980e73ec2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbcamd2.sys : 25,728 : 04/14/2008 00:15 AM : ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl]

* C:\WINDOWS\System32\drivers\usbcamd.sys : 25,600 : 04/14/2008 00:15 AM : 1c1a47b40c23358245aa8d0443b6935e [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbcamd.sys : 23,808 : 08/12/2004 07:57 AM : 2654eecc6fb13603ebddcd5c8ea943d1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbcamd.sys : 25,600 : 04/14/2008 00:15 AM : 1c1a47b40c23358245aa8d0443b6935e [Pos Repl]

* C:\WINDOWS\System32\drivers\usbccgp.sys : 32,128 : 04/14/2008 00:15 AM : 173f317ce0db8e21322e71b7e60a27e8 [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\usbccgp.sys : 32,128 : 04/14/2008 00:15 AM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,128 : 04/14/2008 00:15 AM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]

* C:\WINDOWS\System32\drivers\usbd.sys : 4,736 : 08/12/2004 08:08 AM : 596eb39b50d6ebd9b734dc4ae0544693 [NoSig]

* C:\WINDOWS\System32\drivers\usbehci.sys : 30,208 : 04/14/2008 00:15 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbehci.sys : 26,624 : 08/12/2004 08:08 AM : 15e993ba2f6946b2bfbbfcd30398621e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbehci.sys : 30,208 : 04/14/2008 00:15 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]

* C:\WINDOWS\System32\drivers\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys : 57,600 : 08/12/2004 08:08 AM : c72f40947f92cea56a8fb532edf025f1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]

* C:\WINDOWS\System32\drivers\usbintel.sys : 15,872 : 04/14/2008 00:15 AM : 290913dc4f1125e5a82de52579a44c43 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys : 16,000 : 08/12/2004 08:06 AM : 2853fd4c4489e0f8bfcf78efcdb7e998 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbintel.sys : 15,872 : 04/14/2008 00:15 AM : 290913dc4f1125e5a82de52579a44c43 [Pos Repl]

* C:\WINDOWS\System32\drivers\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbport.sys : 142,976 : 08/12/2004 08:08 AM : 2034ca78f9c6e787b4b76d81ac888351 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]

* C:\WINDOWS\System32\drivers\USBSTOR.sys : 26,368 : 04/14/2008 00:15 AM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys : 26,496 : 08/03/2004 11:08 PM : 6cd7b22193718f1d17a47a1cd6d37e75 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbstor.sys : 26,368 : 04/14/2008 00:15 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]

* C:\WINDOWS\System32\drivers\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys : 20,480 : 08/12/2004 08:08 AM : f8fd1400092e23c8f2f31406ef06167b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]

* C:\WINDOWS\System32\drivers\vga.sys : 20,992 : 04/14/2008 00:14 AM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\vga.sys : 20,992 : 08/12/2004 08:08 AM : 8a60edd72b4ea5aea8202daf0e427925 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\vga.sys : 20,992 : 04/14/2008 00:14 AM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]

* C:\WINDOWS\System32\drivers\videoprt.sys : 81,664 : 04/14/2008 00:14 AM : e28726b72c46821a28830e077d39a55b [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\videoprt.sys : 79,744 : 08/12/2004 08:08 AM : d5a9d123f5ed7c9965a481bd20cf66d8 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\videoprt.sys : 81,664 : 04/14/2008 00:14 AM : e28726b72c46821a28830e077d39a55b [Pos Repl]

* C:\WINDOWS\System32\drivers\volsnap.sys : 52,352 : 04/14/2008 00:11 AM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys : 52,352 : 08/12/2004 08:08 AM : ee4660083deba849ff6c485d944b379b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\volsnap.sys : 52,352 : 04/14/2008 00:11 AM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]

* C:\WINDOWS\System32\drivers\wanarp.sys : 34,560 : 04/14/2008 00:27 AM : e20b95baedb550f32dd489265c1da1f6 [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\wanarp.sys : 34,560 : 08/12/2004 08:08 AM : 984ef0b9788abf89974cfed4bfbaacbc [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wanarp.sys : 34,560 : 04/14/2008 00:27 AM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]

* C:\WINDOWS\System32\drivers\wdmaud.sys : 83,072 : 04/14/2008 00:47 AM : 6768acf64b18196494413695f0c3a00f [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys : 83,072 : 04/14/2008 00:47 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 00:47 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl]

* C:\WINDOWS\System32\drivers\wmilib.sys : 4,352 : 08/12/2004 08:09 AM : 2f31b7f954bed437f2c75026c65caf7b [NoSig]
+-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 08/12/2004 08:09 AM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]

* C:\WINDOWS\System32\drivers\ws2ifsl.sys : 12,032 : 08/12/2004 08:10 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 08/12/2004 08:10 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 08/15/2013 09:35:16 PM
Execution time: 0 hours(s), 6 minute(s), and 48 seconds(s)
==================================================================================================

sorry, thats huge and likely useless.

IE6 is not exactly stable, but it is working. Combofix asked to be updated when I ran it, so I allowed the update and it worked. Updated Malwarebytes and ran a complete scan but still nothing found. I have a very healthy, sick computer.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 PM

Posted 16 August 2013 - 12:45 PM

Many of the Operating files are not signed.

Try to install Internet Explorer Version 7.
Go to this page.
http://www.microsoft.com/en-ca/download/internet-explorer-7-details.aspx

Look at the Install instructions.

Use this option: To copy the download to your computer for installation at a later time, click Save or Save this program to disk.

Close all running programs, secutiry software etc... then run the installer.

The installation will create a restore point. If something goes wrong you will be able to revert to IE 6.


Keep me posted.

#11 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 16 August 2013 - 10:19 PM

Well that worked!  It took 3 tries, since IE6 kept hanging up, but I got it installed.  After reboot I actually got asked to download some updates for my windows, I haven't been able to do that for 2 weeks.  So I am currently downloading all the updates and will install them and reboot.  Then I'll try Combofix again, and will post a log if I can.



#12 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 16 August 2013 - 11:18 PM

Nope! Geez this is frustrating.  Tried Combofix, and it hangs after 2 minutes like always.  Updates didn't download, and svchost ended up grabbing 100% of the processor as usual.  Rebooted and tried to install the IE8 update I had previously downloaded, and it made it most of the way through, but I got a "did not complete" message from the installer.  I rebooted again and tried to get to the webpage MS wanted to me to look at (for IE8 install problem solving) and svchost got nasty again and killed it. 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 PM

Posted 17 August 2013 - 07:52 AM

Download this Process Explorer tool.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
RUN IT AND TRY to find the Process / file tied to Svchost that is draining your CPU.
Instructions on the help file.
Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors, and Windows Vista.

Keep me posted.

#14 Fixer_27

Fixer_27
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 18 August 2013 - 01:30 AM

That's a fun toy!  so, using that I was able to reduce the load svchost was putting on by moving it to a "idle" priority.  I was then able to view a webpage MS provided when IE8 install didn't work the first time.  I went there, and ran fix#50198, reset security settings. This worked, so I tried the "clean boot" they were suggesting (atricle Q310353). I went into msconfig and made the changes MS wanted, and I discovered that I already was using a selective startup. Weird, I didn't do that.  Anyway, by doing that I got IE8 to install and am now actually downloadng updates and installing them. Change for the better!

 

===================

svchost.exe.txt from process explorer:

 

Parameters
System\CurrentControlSet\Services
nServiceMain
ServiceDll
ServiceDllUnloadOnStop
eventlog
ncacn_np
\PIPE\
DefaultRpcStackSize
AuthenticationCapabilities
ImpersonationLevel
AuthenticationLevel
CoInitializeSecurityParam
Software\Microsoft\Windows NT\CurrentVersion\Svchost
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
VS_VERSION_INFO
StringFileInfo
CompanyName
Microsoft Corporation
FileDescription
Generic Host Process for Win32 Services
FileVersion
5.1.2600.5512 (xpsp.080413-2111)
InternalName
svchost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
svchost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
VarFileInfo
Translation
!This program cannot be run in DOS mode.
5Rich
.text
`.data
.rsrc
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
RPCRT4.dll
QQV
PWj
WQP
SvchostPushServiceGlobals
ServiceMain
Y@PVPVh
VWh@@
SVW
SVW3
PSh
tQj
VVVV
t6PV
t!VV
QSV3
ucj
jWX
Wht@
jdj
QQSVWd
QSV
u-SS
uLV
FFf
!FFf
F$Pj
f9>t f
FFf9>u
tof
tSf
FFf9>u
ShP$
VWh
QRPh
uRS
taj
u:Vj
VVj
PSj
PSSj
PSSj
unj
GPW
FFf
FFf
PWWj
WWj
SVW
HHt
jWX]
SVW
QRPhh2
VWj
VWj
NETAPI32.dll
ole32.dll
Netbios
CoInitializeEx
CoInitializeSecurity
ADVAPI32.dll
KERNEL32.dll
ntdll.dll
RPCRT4.dll
RegQueryValueExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
HeapFree
GetLastError
WideCharToMultiByte
lstrlenW
LocalFree
GetCurrentProcess
GetCurrentThread
GetProcAddress
LoadLibraryExW
LeaveCriticalSection
HeapAlloc
EnterCriticalSection
LCMapStringW
FreeLibrary
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpiW
ExitProcess
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
lstrcmpW
DelayLoadFailureHook
NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
wcscat
wcscpy
RtlAllocateHeap
RtlCompareUnicodeString
RtlInitUnicodeString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtClose
RtlSubAuthorityCountSid
RtlGetDaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetAce
RtlImageNtHeader
wcslen
RtlUnhandledExceptionFilter
RtlCopySid
RpcServerUnregisterIfEx
RpcMgmtWaitServerListen
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIf
I_RpcMapWin32Status
RpcMgmtStopServerListening
RSDS
svchost.pdb

=========================================================

wuauclt.exe.txt from process explorer

 

Error: %#08x. wuauclt datastore: failed to spawn COM server
Error: %#08x. wuauclt datastore: failed to load wuaueng
wuaueng.dll
Error: %#08x. wuauclt datastore: failed to open event %ls
Error: 0x%08x. wuauclt handler: failed to spawn COM server
Error: 0x%08x. wuauclt handler: failed to load wuaueng
(null)
@/DetectNow
/ReportNow
/RunHandlerComServer
/RunStoreAsComServer
/ShowSettingsDialog
/ResetAuthorization
/ResetEulas
/ShowWU
/ShowWindowsUpdate
/CloseWindowsUpdate
/SelfUpdateManaged
/SelfUpdateUnmanaged
/UpdateNow
/ShowWUAutoScan
/ShowFeaturedUpdates
/ShowOptions
/ShowFeaturedOptInDialog
/DemoUI
wuauclt.exe failed to get proc address for UI export object with error %#lx
Failed to load %s with error %X
wucltui.dll
wucltux.dll
call RunAUClientUI on wucltui.dll/wucltux.dll
Ntdll.dll
WuSqm %ls session datapoint (id:%d) is incremented with dword %d.
Private
Global
wuauclt.exe is exiting with code 0x%08X
Launched Client UI process
wuauclt.exe launched with command line %s
kernel32.dll
Perf,
TraceTestThreads
TraceTestMain
Trace
ARP
Inv
OfflSnc
WuRedir
Shutdwn
Cmpress
DnldMgr
EEHndlr
Handler
Parser
COMAPI
Driver
CDM
DtaStor
WUWeb
WUApp
CPL
CltUI
AUClnt
Agent
Service
Setup
Report
Misc
<unavailable>
True
False
Yes
<NULL>
Columns
GlobalFlags
LogDir
Level
Flags
LogFile
Global\WindowsUpdateTracingMutex
%WINDIR%
WindowsUpdate.log
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Windows
Microsoft
shell32.dll
FATAL:
WARNING:
|| START || 
<<|| SUBMITTED ||
>>||  RESUMED  ||
||  END  || 
= Module: %s
= Module: <failed with %d>
= Process: %s
= Process: <failed with %d>
===========  Logging initialized (build: %s, tz: %s)  ===========
Performance warning: CTraceCategory::WriteToFile had to allocate memory
Performance warning: CTraceCategory::TraceLine had to allocate memory
wups2.dll
wups.dll
Registering proxy/stubs.
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup\
CacheFile
0123456789abcdef
GetProcAddress for GetNativeSystemInfo failed with error %#lx
kernel32
Successfully set WOW64 file system redirection state to Disabled
Successfully reverted WOW64 file system redirection state.
%hs %ls page "%ls", hr=%X
<home>
Microsoft.WindowsUpdate
wupdmgr.exe
Failed to cocreate IShellWindows, error = 0x%08lX
Failed to obtain window doc for window %d, error = 0x%08lX
Failed to obtain folder view for window %d, error = 0x%08lX
Failed to obtain folder IPersist for window %d, error = 0x%08lX
Window %d is NOT a WU window
Done enumerating windows
Quit for window %d failed: 0x%08lX
Window %d is a WU window.  Attempting to close
Failed to obtain class ID for window %d, error = 0x%08lX
Got NULL disp interface for window %d
Got %d instead of VT_DISPATCH for window %d
Failed to obtain IWebBrowserApp for window %d, error = 0x%08lX
Failed to enumerate window %d, error = 0x%08lX
Failed to allocate shell window array
Found %d explorer windows
Failed to obtain shell window count, error = 0x%08lX
Failed to acquire enumerator, error = 0x%08lX
Failed to coinitialize, error = 0x%08lX
Failed to acquire service provider, error = 0x%08lX
Closing WU explorer windows
PostMessage() failed, hr=%#lx
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\VolatileData
WUAppNotificationWindows
JustSelfUpdatedManaged
JustSelfUpdatedUnmanaged
WUAppAutoScan
IconClickTime
InteractiveResults
WUAppShowInstallResults
WUAppShowFeaturedUpdatesChosenUpdate
WUAppSqmSessionGuid
ReadWUAppNotificationWindowHandles() failed to set the registry type with error %#lx
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\
RegisterWithAU
ClientApplicationID
%c%02hd%02hd
%04hd-%02hd-%02hd%c%02hd:%02hd:%02hd:%03hd
Volume{
UNC\
VS_VERSION_INFO
StringFileInfo
CompanyName
Microsoft Corporation
FileDescription
Windows Update
FileVersion
7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)
InternalName
wuauclt.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
wuauclt.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
VarFileInfo
Translation
<<<Obsolete>>
SubC
XCopyright
1999-2005 Microsoft Corporation
Windows Updat
!This program cannot be run in DOS mode.
Rich2
.text
`.data
.rsrc
@.reloc
WinSqmEventEnabled
WinSqmEventWrite
EEE
```hhh
xppwpp
SHGetFolderPathW
0123456789abcdef
HeapSetInformation
GetNativeSystemInfo
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Failed to open
Opened
@Qm6t
Vh`D
FrY
RSDS
wuauclt.pdb
Vhp
qWWhX
} Vhp
QQSVj
QVW3
Phl
VVVP
QSVW3
QVj
Phl
XVSh
XVh
tDV9=4
t)WVh4
VPh8
Wj2_t>
0VWj
tOh(
Why
j\hH
SVW
wOf;
YQPSh
uLP
SVW
URPQQh`J@
UVWS
SVWj
8csm
8csm
SVW
UQPXY]Y[
,SVW3
tOj
tSWh
NVW
SSSj
SSSj
dSWWh
tPh
QWWh
PVh
VWWh
SVW
VRP
w1Ht
QVP
SVP
sJf
SVW
j^Pf
SVWh
QQVW3
SVW3
tJW
WSSSS
PVS
RVP
SVWj
SVW
Wj RPf
RPf
PPj
PPj
PPj
Ehd)@
)Whx)@
Yf;M
Yf;M
tMh
tOh
XhH*@
QSVWh
SVj
Phl+@
|aSjD[S
PVVVVVVV
SWj
PhH2@
Phh1@
SWP
WWP
SWP
WWP
WWP
vLVVh
PhX3@
AAJu
VWh$4@
WPh
PWW
StP
tIV
ts9E
tnV2
j/Zf
AAf9
AAf
FFJu
SVW
AACCN
IIO
QVW
E PV
u$VV
QSVW
WSS
WSS
SPW
QQV
SVW3
SSSS
NNH;
t$Cj
QSVW3
QVW
v%j\Yf;
VtE
t"Ht
SVW
WPh
j\Yf
j\Yf
j\Yf
j\Xf
j\YFf
ugf
QWP
uxf
VQS
tKh
j\Yf
VWW
VWW
>\uCV
VWW
VWW
WWV
WWQ
WWVR
PVVV
SVW
BBf
Pht;@
SVW
mFVP
PPV
WVS3
FreeLibrary
GetProcAddress
OpenEventW
InterlockedCompareExchange
LoadLibraryW
GetCommandLineW
HeapAlloc
HeapFree
GetProcessHeap
CompareStringW
GetModuleHandleW
GetSystemInfo
KERNEL32.dll
_vsnwprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
memset
memcpy
memmove
malloc
free
?terminate@@YAXXZ
_controlfp
_unlock
__dllonexit
_lock
_onexit
RtlUnwind
ntdll.dll
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx
ole32.dll
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetUserNameW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
CopySid
IsValidSid
CheckTokenMembership
DuplicateTokenEx
GetTokenInformation
FreeSid
AllocateAndInitializeSid
ADVAPI32.dll
InterlockedExchange
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CloseHandle
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
SetLastError
GetLastError
GetSystemTime
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
FlushFileBuffers
WriteFile
WideCharToMultiByte
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
CreateProcessW
lstrlenW
ExpandEnvironmentStringsW
GetFileAttributesW
CreateDirectoryW
CreateFileW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetSystemDirectoryW
LoadLibraryExW
GetDriveTypeW
GetVolumePathNameW
GetFileType
PostMessageW
IsWindow
USER32.dll
CoTaskMemFree
OLEAUT32.dll
StrChrW
StrRChrW
PathIsRootW
PathIsUNCW
PathStripToRootW
PathIsRelativeW
SHLWAPI.dll
HMXB
S;uD
z?aUY
zc%C1
NKeb
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright © Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="6.0.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.windowsupdate.wuauclt"
type="win32"/>
<application  xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware  xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="x86"
publicKeyToken="6595b64144ccf1df"
language="*"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
3 3(30383@3H3P3X3`3h3p3x3
161?1F1L1Y1_1j1s1y1
404C4V4i4|4
7'7:7D7I7N7d7i7r7w7
8 8T8\8e8k8s8
9'9-959;9H9P9V9
00S0`0l0t0|0
1 1(101<1E1J1P1Z1c1n1|1
1L2X2g2p2
4+474O4T4h4s4y4
<><U<e<l<
>/?[?b?i?p?w?~?
3S3X3^3f3o3
5,6B6H6j6u6
8,9W9i9v9
<!<'<,<@<F<O<V<p<
=K=S=f=m=z=
>,?=?J?S?y?
3.3>3M3i3n3
4G5L5U5v5
;5=<=K=U=f>
Xzg
"Copyright © 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Timestamping PCA0
BJq
ipfx'f
mdmJT
%M9wt
lnz
N+"\hE
"Copyright © 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
exH
wTQ:
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Timestamping PCA0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:85D3-305C-5BCF1%0#
Microsoft Time-Stamp Service0
bMF/
YhN
3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
,http://www.microsoft.com/pki/certs/tspca.crt0
>gbT
"hFL
z?*[FS
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
Washington1
Redmond1
Microsoft Corporation1
MOPR1.0,
%Microsoft Windows Component Publisher0
A1pq
t0r0p
4http://crl.microsoft.com/pki/crl/products/WinPCA.crl
4http://www.microsoft.com/pki/crl/products/WinPCA.crl0R
F0D0B
6http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0
oPH
AD|kt
H2xP
com1
microsoft1-0+
$Microsoft Root Certificate Authority0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
FtirS
qDFd>
)gCw
com1
microsoft1-0+
$Microsoft Root Certificate Authority
LsX
I0G0E
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
H0F0D
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
y0w0u
QIES
YoM
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA
*http://update.microsoft.com/windowsupdate 0
qnr&
uaov
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Timestamping PCA
YaXP
&TzC
`7SuG

====================================================

 

 

I have a screen cap of process explorer showing svchost at work, should I post that?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 PM

Posted 18 August 2013 - 09:35 AM

You did good.

How is the computer's performance?

Any issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users