Solved Problem with AVG not removing unknown rootkit

F

Foxiffer

Posts: 39   +0
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Fox Ellis :: HPDC5750 [administrator]
Protection: Enabled
9/14/2012 5:38:42 PM
mbam-log-2012-09-14 (17-38-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256072
Time elapsed: 10 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 149
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Detected: 10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolba...i=98861&a=rh6BLQVCVAb7e0ixj0mfKQ&n=2010101901 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 19
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 118
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa Narvaez\My Documents\Downloads\FLVPlayer_v3.exe (PUP.Adware.Installcore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fox Ellis\Local Settings\Temp\is324156961\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa Narvaez\Local Settings\Temp\ICReinstall_FLVPlayer_v3.exe (PUP.Adware.Installcore) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\030FB70A.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0308E3AA (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0308EA32 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03091C10.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\030928F1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03092AF4.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03092C9A.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-14 18:25:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-60LSA5 rev.10.01E03
Running: wo2ryh1c.exe; Driver: C:\DOCUME~1\FOXELL~1\LOCALS~1\Temp\pwdyipog.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AA252E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AA252E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AA252E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AA252E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-12 8AA252E2
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Fox Ellis at 18:45:07 on 2012-09-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2312 [GMT -7:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\MASTER ITUNES\iTunes 10.6\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\fox ellis\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "d:\master itunes\itunes 10.6\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...QBDAEkAQQA5ADAAKwAyAA"&"prod=94"&"ver=9.0.872
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\fox ellis\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\fox ellis\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343914799140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55380F71-DB74-49F2-86C3-F830E6329366} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7E4E2B85-3B1B-4058-99ED-039D17EB7474} : NameServer = 192.168.0.1
TCP: Interfaces\{F036F97B-198F-4149-AE78-4C76949467EE} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMScheduler;MBAMScheduler;c:\documents and settings\fox ellis\desktop\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432]
R2 MBAMService;MBAMService;c:\documents and settings\fox ellis\desktop\malwarebytes' anti-malware\mbamservice.exe [2012-9-14 676936]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-8-5 935008]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-14 22856]
R3 swvspser;Sierra VSP using Ethernet;c:\windows\system32\drivers\swvspser.sys [2009-8-13 30080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-8 250056]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-15 00:33:01 -------- d-----w- c:\documents and settings\fox ellis\application data\Malwarebytes
2012-09-15 00:32:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-15 00:32:50 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-10 01:14:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-10 01:13:55 0 ----a-w- c:\windows\system32\REN8E.tmp
2012-09-10 01:13:55 0 ----a-w- c:\windows\system32\REN8D.tmp
2012-08-17 02:09:11 0 ----a-w- c:\windows\system32\RENCA5.tmp
2012-08-17 02:09:11 0 ----a-w- c:\windows\system32\RENCA4.tmp
2012-08-17 01:59:34 263186 -c--a-w- C:\Minecraft.exe
2012-08-17 01:56:03 0 ----a-w- c:\windows\system32\REN2C.tmp
2012-08-17 01:56:03 0 ----a-w- c:\windows\system32\REN2B.tmp
2012-08-17 01:55:23 0 ----a-w- c:\windows\system32\REN11.tmp
2012-08-17 01:55:23 0 ----a-w- c:\windows\system32\REN10.tmp
2012-08-17 01:46:20 -------- dc----w- C:\rhino_jdk7
.
==================== Find3M ====================
.
2012-09-10 01:14:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-10 01:14:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-10 01:14:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 22:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-15 01:06:41 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 01:06:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-08 21:37:43 0 ----a-w- c:\windows\system32\REND45.tmp
2012-08-08 21:37:43 0 ----a-w- c:\windows\system32\REND44.tmp
2012-08-08 21:27:03 910128 -c--a-w- C:\jre-6u33-windows-i586-iftw.exe
2012-08-08 21:14:27 0 ----a-w- c:\windows\system32\REND01.tmp
2012-08-08 21:14:27 0 ----a-w- c:\windows\system32\REND00.tmp
2012-08-08 21:07:27 88210392 -c--a-w- C:\jdk-7u3-windows-i586.exe
2012-08-08 20:44:04 0 ----a-w- c:\windows\system32\RENCF3.tmp
2012-08-08 20:44:04 0 ----a-w- c:\windows\system32\RENCF2.tmp
2012-08-08 20:44:04 0 ----a-w- c:\windows\system32\RENCF1.tmp
2012-08-08 20:43:24 16824096 -c--a-w- C:\jre-6u15-windows-i586-s.exe
2012-08-06 22:00:35 0 ----a-w- c:\windows\system32\RENC27.tmp
2012-08-06 22:00:35 0 ----a-w- c:\windows\system32\RENC26.tmp
2012-08-06 21:53:56 893936 -c--a-w- C:\JavaSetup7u5.exe
2012-08-06 21:52:42 0 ----a-w- c:\windows\system32\RENC05.tmp
2012-08-06 21:52:42 0 ----a-w- c:\windows\system32\RENC04.tmp
2012-07-26 10:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-06-22 23:32:30 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-60LSA5 rev.10.01E03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA3B4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aa4293c]; MOV EAX, [0x8aa42ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8ABBBAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000072[0x8AB31F18]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8ABBC940]
\Driver\atapi[0x8AB0B830] -> IRP_MJ_CREATE -> 0x8AA3B4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA3B2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:46:53.98 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2010 8:33:00 PM
System Uptime: 9/14/2012 6:34:13 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 0A64h
Processor: AMD Athlon(tm) 64 Processor 3500+ | XU1 PROCESSOR | 2194/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 6.336 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 802.722 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2B255CD7&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2B255CD7&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2B255CD7&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2B255CD7&0
Service: i8042prt
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: MTP Device
Device ID: ROOT\WPD\0000
Manufacturer: (Standard MTP-Compliant Device)
Name: MTP Device
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP583: 7/8/2012 5:08:13 AM - System Checkpoint
RP584: 7/9/2012 6:18:59 AM - System Checkpoint
RP585: 7/10/2012 6:31:28 AM - System Checkpoint
RP586: 7/11/2012 7:25:28 AM - System Checkpoint
RP587: 7/12/2012 3:00:16 AM - Software Distribution Service 3.0
RP588: 7/13/2012 3:48:32 AM - System Checkpoint
RP589: 7/14/2012 5:29:40 AM - System Checkpoint
RP590: 7/15/2012 5:41:36 AM - System Checkpoint
RP591: 7/16/2012 6:41:37 AM - System Checkpoint
RP592: 7/17/2012 7:28:04 AM - System Checkpoint
RP593: 7/18/2012 7:43:22 AM - System Checkpoint
RP594: 7/19/2012 8:44:56 AM - System Checkpoint
RP595: 7/20/2012 9:30:36 AM - System Checkpoint
RP596: 7/21/2012 10:23:28 AM - System Checkpoint
RP597: 7/22/2012 12:32:50 PM - System Checkpoint
RP598: 7/23/2012 12:57:43 PM - System Checkpoint
RP599: 7/24/2012 1:04:53 PM - System Checkpoint
RP600: 7/25/2012 1:54:38 PM - System Checkpoint
RP601: 7/27/2012 1:50:47 AM - System Checkpoint
RP602: 7/28/2012 3:27:25 PM - System Checkpoint
RP603: 7/29/2012 4:06:05 PM - System Checkpoint
RP604: 7/30/2012 6:24:02 PM - System Checkpoint
RP605: 7/31/2012 7:17:30 PM - System Checkpoint
RP606: 8/1/2012 10:25:31 PM - System Checkpoint
RP607: 8/2/2012 10:27:08 PM - System Checkpoint
RP608: 8/3/2012 9:45:36 PM - Unsigned driver install
RP609: 8/3/2012 9:51:10 PM - Unsigned driver install
RP610: 8/4/2012 2:49:10 PM - Installed AVG 2012
RP611: 8/4/2012 2:51:05 PM - Removed AVG 9.0
RP612: 8/4/2012 3:06:37 PM - Installed AVG 2012
RP613: 8/4/2012 11:50:35 PM - Installed Java(TM) 7 Update 5
RP614: 8/4/2012 11:51:39 PM - Removed JavaFX 2.1.0
RP615: 8/4/2012 11:51:50 PM - Installed JavaFX 2.1.1
RP616: 8/5/2012 12:02:02 AM - Software Distribution Service 3.0
RP617: 8/6/2012 2:52:20 PM - Installed Java(TM) 7 Update 4
RP618: 8/6/2012 3:00:31 PM - Removed Java(TM) 7 Update 4
RP619: 8/6/2012 3:00:47 PM - Installed Java(TM) 7 Update 5
RP620: 8/7/2012 8:40:44 PM - System Checkpoint
RP621: 8/8/2012 1:33:31 PM - Removed Java(TM) 6 Update 24
RP622: 8/8/2012 1:34:17 PM - Removed Java(TM) 6 Update 24
RP623: 8/8/2012 1:37:52 PM - Removed Java(TM) 7 Update 4
RP624: 8/8/2012 1:38:07 PM - Installed Java(TM) 7 Update 4
RP625: 8/8/2012 1:43:44 PM - Installed Java(TM) 6 Update 15
RP626: 8/8/2012 2:14:24 PM - Removed Java(TM) 7 Update 5
RP627: 8/8/2012 2:14:44 PM - Installed Java(TM) 7 Update 5
RP628: 8/8/2012 2:29:42 PM - Removed Java(TM) 6 Update 24
RP629: 8/8/2012 2:37:41 PM - Removed Java(TM) 7 Update 5
RP630: 8/8/2012 2:37:56 PM - Installed Java(TM) 7 Update 5
RP631: 8/9/2012 3:59:15 PM - System Checkpoint
RP632: 8/10/2012 9:55:15 PM - System Checkpoint
RP633: 8/11/2012 1:12:59 PM - Installed DVD Decoder Pak for Windows XP
RP634: 8/12/2012 2:32:16 PM - System Checkpoint
RP635: 8/13/2012 3:09:30 PM - System Checkpoint
RP636: 8/14/2012 2:29:06 PM - Removed Java(TM) 6 Update 24
RP637: 8/15/2012 8:09:49 PM - Software Distribution Service 3.0
RP638: 8/16/2012 12:47:06 AM - Software Distribution Service 3.0
RP639: 8/16/2012 6:55:17 PM - Removed Java(TM) 7 Update 4
RP640: 8/16/2012 6:55:39 PM - Installed Java(TM) 7 Update 4
RP641: 8/16/2012 7:09:07 PM - Removed Java(TM) 7 Update 5
RP642: 8/16/2012 7:09:23 PM - Installed Java(TM) 7 Update 5
RP643: 8/17/2012 7:28:04 PM - System Checkpoint
RP644: 8/18/2012 7:39:59 PM - System Checkpoint
RP645: 8/22/2012 5:14:11 PM - System Checkpoint
RP646: 8/23/2012 9:17:31 PM - System Checkpoint
RP647: 8/24/2012 9:43:31 PM - System Checkpoint
RP648: 8/26/2012 10:05:53 AM - System Checkpoint
RP649: 8/28/2012 12:48:24 AM - System Checkpoint
RP650: 8/30/2012 11:19:13 PM - System Checkpoint
RP651: 9/1/2012 2:42:35 PM - System Checkpoint
RP652: 9/6/2012 6:34:21 PM - System Checkpoint
RP653: 9/7/2012 11:59:40 PM - System Checkpoint
RP654: 9/9/2012 10:12:16 AM - System Checkpoint
RP655: 9/9/2012 6:13:46 PM - Removed Java(TM) 7 Update 5
RP656: 9/9/2012 6:14:14 PM - Installed Java 7 Update 7
RP657: 9/11/2012 2:04:25 PM - System Checkpoint
RP658: 9/13/2012 9:33:14 AM - Software Distribution Service 3.0
RP659: 9/14/2012 4:59:40 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Animaniacs Game Pack
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
AVG 2012
Bonjour
Canon MP Navigator EX 3.0
Canon MP270 series MP Drivers
Canon MP270 series User Registration
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
ConverterLite 1.0.1
DirectX 9 Runtime
DVD Decoder Pak for Windows XP
DVDVideoSoftTB Toolbar
Free File Viewer 2011
Free Screen Video Recorder version 2.5.24.706
Free Studio version 5.2.1
Free YouTube to MP3 Converter version 3.11.26.706
Freeze.com NetAssistant
Google Chrome
Google SketchUp 8
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
InstallIQ Updater
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 15
Java(TM) 6 Update 24
Java(TM) 7 Update 4
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel Viewer 97
Microsoft Office 97 Animated Cursors
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 97
Microsoft Word Viewer 97
Microsoft Works 4.5
Microsoft Works Calendar 1.0
Microsoft Works Setup Launcher
Microsoft XML Parser
Microsoft XNA Framework Redistributable 4.0
MorphVOX Junior
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetAssistant
QuickTime
QuickTime for Windows (32-bit)
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Sierra Wireless USB MUX Driver Package
Skins
Steam
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/9/2012 12:30:26 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/12/2012 7:45:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
9/12/2012 7:44:49 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
9/12/2012 7:44:49 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
9/12/2012 7:44:15 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
9/12/2012 6:30:45 PM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe" -Embedding
9/11/2012 9:02:17 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/11/2012 8:38:08 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/11/2012 8:32:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Ok I clicked on the link and it toke me to a page with a bunch of code on it thats all. first line on page is this "PKÀ !>Xÿ–‘Îeula.txt¥VËŽÛ6ÝÈ?\d•ŠÓtS¤;LÛDôpH*“鎖I›ˆ,"eÇ»ùíô7ú)ù’ÞKÍL<“¢@ÑÕXäå¹çœ{D +§PK& ç+%ƒt.+X©ž?{þì½öÓûÏgÈõ "
 
Ran the scan. Found rootkit. Cure. Continue. Need to reboot. Got stuck on "please select the operating system to start"
 
Since my computer has been infected I have never been able to successfully reboot. When those programs say to reboot. It gets frozen and then I need to hold the power button on my tower down to re start. After I do that though it starts up correctly.
 
There are two logs first one.

20:18:02.0000 3512 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:18:04.0000 3512 ============================================================
20:18:04.0000 3512 Current date / time: 2012/09/14 20:18:04.0000
20:18:04.0000 3512 SystemInfo:
20:18:04.0000 3512
20:18:04.0000 3512 OS Version: 5.1.2600 ServicePack: 3.0
20:18:04.0000 3512 Product type: Workstation
20:18:04.0000 3512 ComputerName: HPDC5750
20:18:04.0000 3512 UserName: Fox Ellis
20:18:04.0000 3512 Windows directory: C:\WINDOWS
20:18:04.0000 3512 System windows directory: C:\WINDOWS
20:18:04.0000 3512 Processor architecture: Intel x86
20:18:04.0000 3512 Number of processors: 1
20:18:04.0000 3512 Page size: 0x1000
20:18:04.0000 3512 Boot type: Normal boot
20:18:04.0000 3512 ============================================================
20:18:05.0531 3512 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:18:05.0531 3512 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:18:05.0531 3512 ============================================================
20:18:05.0531 3512 \Device\Harddisk0\DR0:
20:18:05.0531 3512 MBR partitions:
20:18:05.0531 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C64BF
20:18:05.0531 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x8B47FC3
20:18:05.0531 3512 \Device\Harddisk1\DR3:
20:18:05.0531 3512 MBR partitions:
20:18:05.0531 3512 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
20:18:05.0531 3512 ============================================================
20:18:05.0578 3512 C: <-> \Device\Harddisk0\DR0\Partition2
20:18:06.0000 3512 D: <-> \Device\Harddisk1\DR3\Partition1
20:18:06.0000 3512 ============================================================
20:18:06.0000 3512 Initialize success
20:18:06.0000 3512 ============================================================
20:19:15.0796 2580 ============================================================
20:19:15.0796 2580 Scan started
20:19:15.0796 2580 Mode: Manual;
20:19:15.0796 2580 ============================================================
20:19:17.0406 2580 ================ Scan system memory ========================
20:19:17.0406 2580 System memory - ok
20:19:17.0421 2580 ================ Scan services =============================
20:19:17.0515 2580 Abiosdsk - ok
20:19:17.0531 2580 abp480n5 - ok
20:19:17.0562 2580 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:19:17.0562 2580 ACPI - ok
20:19:17.0578 2580 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:19:17.0578 2580 ACPIEC - ok
20:19:17.0609 2580 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:19:17.0609 2580 AdobeFlashPlayerUpdateSvc - ok
20:19:17.0625 2580 adpu160m - ok
20:19:17.0656 2580 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:19:17.0656 2580 aec - ok
20:19:17.0703 2580 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:19:17.0703 2580 AFD - ok
20:19:17.0703 2580 Aha154x - ok
20:19:17.0718 2580 aic78u2 - ok
20:19:17.0718 2580 aic78xx - ok
20:19:17.0750 2580 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:19:17.0750 2580 Alerter - ok
20:19:17.0765 2580 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:19:17.0781 2580 ALG - ok
20:19:17.0781 2580 AliIde - ok
20:19:17.0796 2580 amsint - ok
20:19:17.0859 2580 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:19:17.0859 2580 Apple Mobile Device - ok
20:19:17.0890 2580 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:19:17.0890 2580 AppMgmt - ok
20:19:17.0890 2580 asc - ok
20:19:17.0906 2580 asc3350p - ok
20:19:17.0906 2580 asc3550 - ok
20:19:18.0000 2580 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:19:18.0000 2580 aspnet_state - ok
20:19:18.0031 2580 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:19:18.0031 2580 AsyncMac - ok
20:19:18.0062 2580 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:19:18.0062 2580 atapi - ok
20:19:18.0078 2580 Atdisk - ok
20:19:18.0125 2580 [ DFACFD2BB58E645396782688777E189C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:19:18.0125 2580 Ati HotKey Poller - ok
20:19:18.0234 2580 [ 22B3F8A98DD99AE2938B196096D4F1BC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:19:18.0250 2580 ati2mtag - ok
20:19:18.0281 2580 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:19:18.0281 2580 Atmarpc - ok
20:19:18.0296 2580 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:19:18.0296 2580 AudioSrv - ok
20:19:18.0312 2580 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:19:18.0312 2580 audstub - ok
20:19:18.0343 2580 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:19:18.0343 2580 Avgfwdx - ok
20:19:18.0359 2580 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:19:18.0359 2580 Avgfwfd - ok
20:19:18.0500 2580 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
20:19:18.0515 2580 avgfws - ok
20:19:18.0656 2580 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
20:19:18.0687 2580 AVGIDSAgent - ok
20:19:18.0718 2580 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:19:18.0718 2580 AVGIDSDriver - ok
20:19:18.0750 2580 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
20:19:18.0750 2580 AVGIDSFilter - ok
20:19:18.0781 2580 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:19:18.0781 2580 AVGIDSHX - ok
20:19:18.0796 2580 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:19:18.0796 2580 AVGIDSShim - ok
20:19:18.0828 2580 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:19:18.0828 2580 Avgldx86 - ok
20:19:18.0843 2580 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:19:18.0843 2580 Avgmfx86 - ok
20:19:18.0859 2580 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:19:18.0859 2580 Avgrkx86 - ok
20:19:18.0890 2580 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:19:18.0890 2580 Avgtdix - ok
20:19:18.0937 2580 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:19:18.0937 2580 avgwd - ok
20:19:18.0984 2580 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:19:18.0984 2580 b57w2k - ok
20:19:19.0000 2580 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:19:19.0000 2580 Beep - ok
20:19:19.0046 2580 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:19:19.0062 2580 BITS - ok
20:19:19.0109 2580 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:19:19.0125 2580 Bonjour Service - ok
20:19:19.0156 2580 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
20:19:19.0156 2580 Browser - ok
20:19:19.0171 2580 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:19:19.0171 2580 cbidf2k - ok
20:19:19.0203 2580 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:19:19.0203 2580 CCDECODE - ok
20:19:19.0203 2580 cd20xrnt - ok
20:19:19.0218 2580 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:19:19.0234 2580 Cdaudio - ok
20:19:19.0234 2580 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:19:19.0250 2580 Cdfs - ok
20:19:19.0265 2580 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:19:19.0265 2580 Cdrom - ok
20:19:19.0281 2580 Changer - ok
20:19:19.0296 2580 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:19:19.0296 2580 CiSvc - ok
20:19:19.0328 2580 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:19:19.0328 2580 ClipSrv - ok
20:19:19.0375 2580 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:19:19.0406 2580 clr_optimization_v2.0.50727_32 - ok
20:19:19.0437 2580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:19:19.0484 2580 clr_optimization_v4.0.30319_32 - ok
20:19:19.0500 2580 CmdIde - ok
20:19:19.0500 2580 COMSysApp - ok
20:19:19.0515 2580 Cpqarray - ok
20:19:19.0546 2580 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:19:19.0546 2580 CryptSvc - ok
20:19:19.0562 2580 dac2w2k - ok
20:19:19.0562 2580 dac960nt - ok
20:19:19.0609 2580 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:19:19.0609 2580 DcomLaunch - ok
20:19:19.0625 2580 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:19:19.0625 2580 Dhcp - ok
20:19:19.0656 2580 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:19:19.0656 2580 Disk - ok
20:19:19.0656 2580 dmadmin - ok
20:19:19.0703 2580 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:19:19.0750 2580 dmboot - ok
20:19:19.0765 2580 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:19:19.0781 2580 dmio - ok
20:19:19.0781 2580 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:19:19.0781 2580 dmload - ok
20:19:19.0828 2580 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:19:19.0828 2580 dmserver - ok
20:19:19.0843 2580 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:19:19.0843 2580 DMusic - ok
20:19:19.0875 2580 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:19:19.0875 2580 Dnscache - ok
20:19:19.0890 2580 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:19:19.0890 2580 Dot3svc - ok
20:19:19.0906 2580 dpti2o - ok
20:19:19.0906 2580 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:19:19.0921 2580 drmkaud - ok
20:19:19.0937 2580 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:19:19.0937 2580 EapHost - ok
20:19:19.0937 2580 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:19:19.0937 2580 ERSvc - ok
20:19:19.0968 2580 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:19:19.0968 2580 Eventlog - ok
20:19:20.0015 2580 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:19:20.0015 2580 EventSystem - ok
20:19:20.0031 2580 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:19:20.0031 2580 Fastfat - ok
20:19:20.0062 2580 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:19:20.0062 2580 FastUserSwitchingCompatibility - ok
20:19:20.0093 2580 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:19:20.0093 2580 Fdc - ok
20:19:20.0109 2580 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:19:20.0109 2580 Fips - ok
20:19:20.0109 2580 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:19:20.0109 2580 Flpydisk - ok
20:19:20.0140 2580 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:19:20.0140 2580 FltMgr - ok
20:19:20.0203 2580 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:19:20.0203 2580 FontCache3.0.0.0 - ok
20:19:20.0218 2580 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:19:20.0218 2580 Fs_Rec - ok
20:19:20.0250 2580 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:19:20.0265 2580 Ftdisk - ok
20:19:20.0296 2580 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:19:20.0296 2580 GEARAspiWDM - ok
20:19:20.0328 2580 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:19:20.0328 2580 Gpc - ok
20:19:20.0343 2580 gupdate - ok
20:19:20.0359 2580 gupdatem - ok
20:19:20.0390 2580 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:19:20.0390 2580 gusvc - ok
20:19:20.0421 2580 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:19:20.0421 2580 HDAudBus - ok
20:19:20.0453 2580 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:19:20.0453 2580 helpsvc - ok
20:19:20.0484 2580 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:19:20.0484 2580 HidServ - ok
20:19:20.0515 2580 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:19:20.0515 2580 hidusb - ok
20:19:20.0546 2580 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:19:20.0546 2580 hkmsvc - ok
20:19:20.0546 2580 hpn - ok
20:19:20.0578 2580 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:19:20.0593 2580 HTTP - ok
20:19:20.0609 2580 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:19:20.0625 2580 HTTPFilter - ok
20:19:20.0625 2580 i2omgmt - ok
20:19:20.0640 2580 i2omp - ok
20:19:20.0656 2580 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:19:20.0656 2580 i8042prt - ok
20:19:20.0718 2580 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:19:20.0765 2580 idsvc - ok
20:19:20.0796 2580 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:19:20.0796 2580 Imapi - ok
20:19:20.0812 2580 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:19:20.0812 2580 ImapiService - ok
20:19:20.0828 2580 ini910u - ok
20:19:20.0984 2580 [ 06B0E8D608AB69643B14A1F95F7FEAB3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:19:21.0015 2580 IntcAzAudAddService - ok
20:19:21.0015 2580 IntelIde - ok
20:19:21.0046 2580 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:19:21.0046 2580 Ip6Fw - ok
20:19:21.0062 2580 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:19:21.0062 2580 IpFilterDriver - ok
20:19:21.0078 2580 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:19:21.0078 2580 IpInIp - ok
20:19:21.0109 2580 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:19:21.0109 2580 IpNat - ok
20:19:21.0156 2580 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:19:21.0156 2580 iPod Service - ok
20:19:21.0187 2580 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:19:21.0187 2580 IPSec - ok
20:19:21.0203 2580 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:19:21.0218 2580 IRENUM - ok
20:19:21.0234 2580 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:19:21.0234 2580 isapnp - ok
20:19:21.0328 2580 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:19:21.0328 2580 JavaQuickStarterService - ok
20:19:21.0343 2580 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:19:21.0343 2580 Kbdclass - ok
20:19:21.0359 2580 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:19:21.0359 2580 kbdhid - ok
20:19:21.0390 2580 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:19:21.0390 2580 kmixer - ok
20:19:21.0421 2580 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:19:21.0421 2580 KSecDD - ok
20:19:21.0453 2580 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:19:21.0468 2580 LanmanServer - ok
20:19:21.0484 2580 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:19:21.0500 2580 lanmanworkstation - ok
20:19:21.0500 2580 lbrtfdc - ok
20:19:21.0546 2580 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:19:21.0546 2580 LmHosts - ok
20:19:21.0578 2580 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:19:21.0578 2580 MBAMProtector - ok
20:19:21.0656 2580 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:19:21.0671 2580 MBAMScheduler - ok
20:19:21.0718 2580 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
20:19:21.0718 2580 MBAMService - ok
20:19:21.0750 2580 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:19:21.0750 2580 Messenger - ok
20:19:21.0765 2580 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:19:21.0765 2580 mnmdd - ok
20:19:21.0796 2580 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:19:21.0796 2580 mnmsrvc - ok
20:19:21.0812 2580 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:19:21.0812 2580 Modem - ok
20:19:21.0843 2580 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:19:21.0843 2580 Mouclass - ok
20:19:21.0843 2580 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:19:21.0843 2580 mouhid - ok
20:19:21.0875 2580 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:19:21.0875 2580 MountMgr - ok
20:19:21.0875 2580 mraid35x - ok
20:19:21.0890 2580 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:19:21.0890 2580 MRxDAV - ok
20:19:21.0937 2580 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:19:21.0937 2580 MRxSmb - ok
20:19:21.0968 2580 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:19:21.0968 2580 MSDTC - ok
20:19:22.0000 2580 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:19:22.0000 2580 Msfs - ok
20:19:22.0000 2580 MSIServer - ok
20:19:22.0015 2580 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:19:22.0015 2580 MSKSSRV - ok
20:19:22.0031 2580 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:19:22.0031 2580 MSPCLOCK - ok
20:19:22.0062 2580 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:19:22.0062 2580 MSPQM - ok
20:19:22.0062 2580 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:19:22.0062 2580 mssmbios - ok
20:19:22.0093 2580 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:19:22.0093 2580 MSTEE - ok
20:19:22.0125 2580 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:19:22.0125 2580 Mup - ok
20:19:22.0140 2580 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:19:22.0140 2580 NABTSFEC - ok
20:19:22.0187 2580 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:19:22.0187 2580 napagent - ok
20:19:22.0218 2580 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:19:22.0218 2580 NDIS - ok
20:19:22.0250 2580 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:19:22.0250 2580 NdisIP - ok
20:19:22.0265 2580 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:19:22.0265 2580 NdisTapi - ok
20:19:22.0281 2580 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:19:22.0281 2580 Ndisuio - ok
20:19:22.0296 2580 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:19:22.0312 2580 NdisWan - ok
20:19:22.0328 2580 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:19:22.0328 2580 NDProxy - ok
20:19:22.0343 2580 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:19:22.0343 2580 NetBIOS - ok
20:19:22.0375 2580 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:19:22.0375 2580 NetBT - ok
20:19:22.0406 2580 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:19:22.0406 2580 NetDDE - ok
20:19:22.0421 2580 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:19:22.0421 2580 NetDDEdsdm - ok
20:19:22.0453 2580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:19:22.0453 2580 Netlogon - ok
20:19:22.0484 2580 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:19:22.0484 2580 Netman - ok
20:19:22.0515 2580 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:19:22.0515 2580 NetTcpPortSharing - ok
20:19:22.0562 2580 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:19:22.0562 2580 Nla - ok
20:19:22.0578 2580 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:19:22.0578 2580 Npfs - ok
20:19:22.0625 2580 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:19:22.0656 2580 Ntfs - ok
20:19:22.0671 2580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:19:22.0671 2580 NtLmSsp - ok
20:19:22.0703 2580 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:19:22.0703 2580 NtmsSvc - ok
20:19:22.0718 2580 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:19:22.0718 2580 Null - ok
20:19:22.0734 2580 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:19:22.0734 2580 NwlnkFlt - ok
20:19:22.0765 2580 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:19:22.0765 2580 NwlnkFwd - ok
20:19:22.0812 2580 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:19:22.0812 2580 ose - ok
20:19:22.0843 2580 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:19:22.0843 2580 Parport - ok
20:19:22.0859 2580 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:19:22.0859 2580 PartMgr - ok
20:19:22.0875 2580 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:19:22.0875 2580 ParVdm - ok
20:19:22.0890 2580 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:19:22.0890 2580 PCI - ok
20:19:22.0906 2580 PCIDump - ok
20:19:22.0921 2580 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:19:22.0921 2580 PCIIde - ok
20:19:22.0937 2580 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:19:22.0953 2580 Pcmcia - ok
20:19:22.0953 2580 PDCOMP - ok
20:19:22.0968 2580 PDFRAME - ok
20:19:22.0968 2580 PDRELI - ok
20:19:22.0984 2580 PDRFRAME - ok
20:19:23.0000 2580 perc2 - ok
20:19:23.0000 2580 perc2hib - ok
20:19:23.0046 2580 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:19:23.0046 2580 PlugPlay - ok
20:19:23.0062 2580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:19:23.0062 2580 PolicyAgent - ok
20:19:23.0078 2580 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:19:23.0093 2580 PptpMiniport - ok
20:19:23.0109 2580 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:19:23.0109 2580 Processor - ok
20:19:23.0125 2580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:19:23.0125 2580 ProtectedStorage - ok
20:19:23.0140 2580 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:19:23.0140 2580 PSched - ok
20:19:23.0156 2580 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:19:23.0156 2580 Ptilink - ok
20:19:23.0171 2580 ql1080 - ok
20:19:23.0171 2580 Ql10wnt - ok
20:19:23.0187 2580 ql12160 - ok
20:19:23.0187 2580 ql1240 - ok
20:19:23.0203 2580 ql1280 - ok
20:19:23.0218 2580 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:19:23.0218 2580 RasAcd - ok
20:19:23.0234 2580 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:19:23.0250 2580 RasAuto - ok
20:19:23.0250 2580 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:19:23.0250 2580 Rasl2tp - ok
20:19:23.0281 2580 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:19:23.0281 2580 RasMan - ok
20:19:23.0281 2580 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:19:23.0281 2580 RasPppoe - ok
20:19:23.0296 2580 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:19:23.0296 2580 Raspti - ok
20:19:23.0328 2580 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:19:23.0328 2580 Rdbss - ok
20:19:23.0328 2580 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:19:23.0328 2580 RDPCDD - ok
20:19:23.0375 2580 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:19:23.0375 2580 rdpdr - ok
20:19:23.0421 2580 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:19:23.0421 2580 RDPWD - ok
20:19:23.0468 2580 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:19:23.0468 2580 RDSessMgr - ok
20:19:23.0484 2580 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:19:23.0484 2580 redbook - ok
20:19:23.0531 2580 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:19:23.0531 2580 RemoteAccess - ok
20:19:23.0578 2580 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:19:23.0578 2580 RemoteRegistry - ok
20:19:23.0609 2580 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:19:23.0609 2580 RpcLocator - ok
20:19:23.0640 2580 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:19:23.0656 2580 RpcSs - ok
20:19:23.0671 2580 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:19:23.0671 2580 RSVP - ok
20:19:23.0703 2580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:19:23.0703 2580 SamSs - ok
20:19:23.0718 2580 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:19:23.0734 2580 SCardSvr - ok
20:19:23.0765 2580 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:19:23.0765 2580 Schedule - ok
20:19:23.0781 2580 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:19:23.0781 2580 Secdrv - ok
20:19:23.0796 2580 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:19:23.0796 2580 seclogon - ok
20:19:23.0812 2580 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:19:23.0812 2580 SENS - ok
20:19:23.0843 2580 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:19:23.0843 2580 serenum - ok
20:19:23.0859 2580 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:19:23.0859 2580 Serial - ok
20:19:23.0890 2580 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:19:23.0890 2580 Sfloppy - ok
20:19:23.0921 2580 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:19:23.0937 2580 SharedAccess - ok
20:19:23.0953 2580 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:19:23.0953 2580 ShellHWDetection - ok
20:19:23.0953 2580 Simbad - ok
20:19:23.0984 2580 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:19:23.0984 2580 SLIP - ok
20:19:24.0000 2580 Sparrow - ok
20:19:24.0031 2580 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:19:24.0031 2580 splitter - ok
20:19:24.0031 2580 Spooler - ok
20:19:24.0062 2580 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:19:24.0062 2580 sr - ok
20:19:24.0109 2580 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:19:24.0109 2580 srservice - ok
20:19:24.0140 2580 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:19:24.0156 2580 Srv - ok
20:19:24.0171 2580 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:19:24.0171 2580 SSDPSRV - ok
20:19:24.0187 2580 Steam Client Service - ok
20:19:24.0218 2580 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:19:24.0234 2580 stisvc - ok
20:19:24.0250 2580 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:19:24.0250 2580 streamip - ok
20:19:24.0281 2580 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:19:24.0281 2580 swenum - ok
20:19:24.0312 2580 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:19:24.0312 2580 swmidi - ok
20:19:24.0343 2580 [ 3D4776AB6520240AE06D277AC45BF836 ] swmsflt C:\WINDOWS\system32\DRIVERS\swmsflt.sys
20:19:24.0343 2580 swmsflt - ok
20:19:24.0375 2580 [ AF88AE62B84D016EB5BDC12DDF1005A3 ] SWMX00 C:\WINDOWS\system32\DRIVERS\swmx00.sys
20:19:24.0375 2580 SWMX00 - ok
20:19:24.0406 2580 [ 24BCE62E4DA07C6488E3A7FF37A6B6AE ] SWNC5E00 C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
20:19:24.0406 2580 SWNC5E00 - ok
20:19:24.0421 2580 SwPrv - ok
20:19:24.0437 2580 [ 30FB94A196DD48E5E36BC0FC431C1389 ] swvspser C:\WINDOWS\system32\DRIVERS\swvspser.sys
20:19:24.0437 2580 swvspser - ok
20:19:24.0453 2580 symc810 - ok
20:19:24.0453 2580 symc8xx - ok
20:19:24.0468 2580 sym_hi - ok
20:19:24.0484 2580 sym_u3 - ok
20:19:24.0515 2580 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:19:24.0515 2580 sysaudio - ok
20:19:24.0546 2580 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:19:24.0546 2580 SysmonLog - ok
20:19:24.0593 2580 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:19:24.0593 2580 TapiSrv - ok
20:19:24.0625 2580 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:19:24.0656 2580 Tcpip - ok
20:19:24.0671 2580 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:19:24.0671 2580 TDPIPE - ok
20:19:24.0687 2580 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:19:24.0687 2580 TDTCP - ok
20:19:24.0703 2580 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:19:24.0703 2580 TermDD - ok
20:19:24.0734 2580 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:19:24.0734 2580 TermService - ok
20:19:24.0750 2580 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:19:24.0750 2580 Themes - ok
20:19:24.0812 2580 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:19:24.0812 2580 TlntSvr - ok
20:19:24.0828 2580 TosIde - ok
20:19:24.0843 2580 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:19:24.0843 2580 TrkWks - ok
20:19:24.0875 2580 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:19:24.0875 2580 Udfs - ok
20:19:24.0890 2580 ultra - ok
20:19:24.0906 2580 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:19:24.0921 2580 Update - ok
20:19:24.0937 2580 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:19:24.0953 2580 upnphost - ok
20:19:24.0968 2580 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:19:24.0968 2580 UPS - ok
20:19:24.0984 2580 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:19:24.0984 2580 USBAAPL - ok
20:19:25.0000 2580 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:19:25.0000 2580 usbaudio - ok
20:19:25.0015 2580 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:19:25.0031 2580 usbccgp - ok
20:19:25.0046 2580 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:19:25.0046 2580 usbehci - ok
20:19:25.0062 2580 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:19:25.0078 2580 usbhub - ok
20:19:25.0093 2580 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:19:25.0093 2580 usbohci - ok
20:19:25.0125 2580 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:19:25.0125 2580 usbprint - ok
20:19:25.0156 2580 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:19:25.0156 2580 usbscan - ok
20:19:25.0171 2580 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:19:25.0171 2580 USBSTOR - ok
20:19:25.0203 2580 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:19:25.0203 2580 usbvideo - ok
20:19:25.0234 2580 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:19:25.0234 2580 VgaSave - ok
20:19:25.0250 2580 ViaIde - ok
20:19:25.0265 2580 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:19:25.0265 2580 VolSnap - ok
20:19:25.0296 2580 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:19:25.0296 2580 VSS - ok
20:19:25.0390 2580 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
20:19:25.0390 2580 vToolbarUpdater11.2.0 - ok
20:19:25.0406 2580 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:19:25.0421 2580 W32Time - ok
20:19:25.0421 2580 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:19:25.0437 2580 Wanarp - ok
20:19:25.0437 2580 WDICA - ok
20:19:25.0453 2580 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:19:25.0468 2580 wdmaud - ok
20:19:25.0484 2580 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:19:25.0484 2580 WebClient - ok
20:19:25.0531 2580 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:19:25.0531 2580 winmgmt - ok
20:19:25.0609 2580 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:19:25.0609 2580 WmdmPmSN - ok
20:19:25.0640 2580 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:19:25.0640 2580 Wmi - ok
20:19:25.0656 2580 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:19:25.0656 2580 WmiAcpi - ok
20:19:25.0671 2580 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:19:25.0671 2580 WmiApSrv - ok
20:19:25.0750 2580 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:19:25.0781 2580 WMPNetworkSvc - ok
20:19:25.0812 2580 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:19:25.0812 2580 WpdUsb - ok
20:19:25.0875 2580 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:19:25.0921 2580 WPFFontCache_v0400 - ok
20:19:25.0937 2580 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:19:25.0953 2580 wscsvc - ok
20:19:25.0968 2580 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:19:25.0968 2580 WSTCODEC - ok
20:19:25.0984 2580 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:19:25.0984 2580 wuauserv - ok
20:19:26.0000 2580 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:19:26.0000 2580 WudfPf - ok
20:19:26.0031 2580 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:19:26.0031 2580 WudfRd - ok
20:19:26.0046 2580 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:19:26.0062 2580 WudfSvc - ok
20:19:26.0093 2580 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:19:26.0093 2580 WZCSVC - ok
20:19:26.0125 2580 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:19:26.0125 2580 xmlprov - ok
20:19:26.0171 2580 ================ Scan global ===============================
20:19:26.0187 2580 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:19:26.0218 2580 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:19:26.0234 2580 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:19:26.0250 2580 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:19:26.0265 2580 [Global] - ok
20:19:26.0265 2580 ================ Scan MBR ==================================
20:19:26.0281 2580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:19:26.0281 2580 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:19:26.0296 2580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:19:26.0296 2580 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:19:26.0312 2580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
20:19:26.0312 2580 \Device\Harddisk1\DR3 - ok
20:19:26.0328 2580 ================ Scan VBR ==================================
20:19:26.0328 2580 [ E01D555C09D11CCBFA8B5B4692DFCD40 ] \Device\Harddisk0\DR0\Partition1
20:19:26.0328 2580 \Device\Harddisk0\DR0\Partition1 - ok
20:19:26.0343 2580 [ 2FC9CE3071CC39C3EAC1DCEFCBE9705E ] \Device\Harddisk0\DR0\Partition2
20:19:26.0343 2580 \Device\Harddisk0\DR0\Partition2 - ok
20:19:26.0359 2580 [ E570A0774CF6F29F6C560648026311F9 ] \Device\Harddisk1\DR3\Partition1
20:19:26.0359 2580 \Device\Harddisk1\DR3\Partition1 - ok
20:19:26.0359 2580 ============================================================
20:19:26.0359 2580 Scan finished
20:19:26.0359 2580 ============================================================
20:19:26.0375 0436 Detected object count: 1
20:19:26.0375 0436 Actual detected object count: 1
20:20:16.0828 0436 \Device\Harddisk0\DR0\# - copied to quarantine
20:20:16.0828 0436 \Device\Harddisk0\DR0 - copied to quarantine
20:20:16.0875 0436 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:20:16.0875 0436 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:20:16.0875 0436 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:20:16.0890 0436 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:20:16.0890 0436 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:20:16.0890 0436 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:20:16.0906 0436 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:20:16.0937 0436 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:20:16.0937 0436 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:20:16.0937 0436 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:20:16.0937 0436 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:20:16.0937 0436 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:20:16.0937 0436 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:20:16.0953 0436 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:20:16.0953 0436 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:20:16.0953 0436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:20:16.0953 0436 \Device\Harddisk0\DR0 - ok
20:20:16.0968 0436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:20:34.0062 2152 Deinitialize success
 
Second log.

20:29:30.0968 2840 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:29:32.0968 2840 ============================================================
20:29:32.0968 2840 Current date / time: 2012/09/14 20:29:32.0968
20:29:32.0968 2840 SystemInfo:
20:29:32.0968 2840
20:29:32.0968 2840 OS Version: 5.1.2600 ServicePack: 3.0
20:29:32.0968 2840 Product type: Workstation
20:29:32.0968 2840 ComputerName: HPDC5750
20:29:32.0968 2840 UserName: Fox Ellis
20:29:32.0968 2840 Windows directory: C:\WINDOWS
20:29:32.0968 2840 System windows directory: C:\WINDOWS
20:29:32.0968 2840 Processor architecture: Intel x86
20:29:32.0968 2840 Number of processors: 1
20:29:32.0968 2840 Page size: 0x1000
20:29:32.0968 2840 Boot type: Normal boot
20:29:32.0968 2840 ============================================================
20:29:34.0218 2840 BG loaded
20:29:34.0765 2840 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:29:34.0765 2840 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:29:34.0781 2840 ============================================================
20:29:34.0781 2840 \Device\Harddisk0\DR0:
20:29:34.0781 2840 MBR partitions:
20:29:34.0781 2840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C64BF
20:29:34.0781 2840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x8B47FC3
20:29:34.0781 2840 \Device\Harddisk1\DR3:
20:29:34.0812 2840 MBR partitions:
20:29:34.0812 2840 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
20:29:34.0812 2840 ============================================================
20:29:34.0843 2840 C: <-> \Device\Harddisk0\DR0\Partition2
20:29:34.0859 2840 D: <-> \Device\Harddisk1\DR3\Partition1
20:29:34.0875 2840 ============================================================
20:29:34.0875 2840 Initialize success
20:29:34.0875 2840 ============================================================
20:29:49.0187 2404 Deinitialize success
 
Very good :)

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
There is a rk quarantine folder that is on my deskyop with this debug log in it. if it helps. still have not been able to get past prescan. I kept the name the same and also changed the name to both winlogon.exe and .com.

[00:00:0032] ***** Global Init *****
[00:00:0032] Has crashed before : Yes
[00:00:0032] Create mutex : RogueKiller
[00:00:0032] Mutex Created : 0xa8
[00:00:0032] Fill lists
[00:00:0047] OS Language : English
[00:00:0047] Take Privileges
[00:00:0047] Modify Token
[00:00:0063] Set priority to HIGH
[00:00:0063] Getting Operating System
[00:00:0063] Os Getted : Windows XP (5.1.2600 Service Pack 3) 32 bits version
[00:00:0063] ***** Global Init OK *****
[00:00:0063] ***** GUI Init *****
[00:00:0094] Get build number
[00:00:0094] build number : RogueKiller (by Tigzy) -- v8.0.3
[00:00:0204] ***** GUI Init OK *****
[00:00:0204] ***** PreScan *****
[00:00:0204] Clear ListViews
[00:00:0204] Clear Objects
[00:00:0204] Enum Windows
[00:00:0219] [Check Window] Eula - Please read
[00:00:0219] [Check Window] Debug log sending
[00:00:0219] [Check Window] S/PDIF IN/OUT Settings
[00:00:0219] [Check Window] Set Device Type
[00:00:0219] [Check Window] Mixer ToolBox
[00:00:0219] [Check Window] Connector Settings
[00:00:0219] [Check Window] UpdaterService
[00:00:0219] [Check Window] CiceroUIWndFrame
[00:00:0219] [Check Window] TF_FloatingLangBar_WndTitle
[00:00:0219] [Check Window] Start Menu
[00:00:0235] [Check Window] CiceroUIWndFrame
[00:00:0235] [Check Window] RogueKiller (by Tigzy) -- v8.0.3
[00:00:0235] [Check Window] Reminder
[00:00:0235] [Check Window] Connections Tray
[00:00:0235] [Check Window] Power Meter
[00:00:0235] [Check Window] MS_WebcheckMonitor
[00:00:0235] [Check Window] Malwarebytes Anti-Malware
[00:00:0235] [Check Window] Ffvcheckforupdates
[00:00:0235] [Check Window] ATI video bios poller client
[00:00:0235] [Check Window] ATI video bios poller
[00:00:0235] [Check Window] Realtek HD Audio Manager
[00:00:0235] [Check Window] BackMain_Form
[00:00:0235] [Check Window] Save EQ
[00:00:0250] [Check Window] DeleteEQ
[00:00:0250] [Check Window] Load EQ Preset
[00:00:0250] [Check Window] TOOLBOX
[00:00:0250] [Check Window] Advance Setting
[00:00:0250] [Check Window] Dolby Home Threater
[00:00:0250] [Check Window] Realtek HD Audio Manager
[00:00:0250] [Check Window] AvgTrayMainWnd
[00:00:0250] [Check Window] {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F}
[00:00:0250] [Check Window] WinAMRestoreWnd
[00:00:0250] [Check Window] HelperMsgListenerWnd
[00:00:0250] [Check Window] DDE Server Window
[00:00:0250] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.3d893c.0
[00:00:0250] [Check Window] AMD:CCC-AEMCapturingWindow
[00:00:0250] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0266] [Check Window] VProtector
[00:00:0266] [Check Window] DTS Connect
[00:00:0266] [Check Window] GDI+ Window
[00:00:0266] [Check Window] Program Manager
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] MogueKiller (by Tigzy) -- v8.0.3
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] M
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] M
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] M
[00:00:0282] [Check Window] Default IME
[00:00:0297] [Check Window] Default IME
[00:00:0297] [Check Window] Default IME
[00:00:0297] [Check Window] Default IME
[00:00:0297] [Check Window] M
[00:00:0297] [Check Window] Default IME
[00:00:0297] [Check Processes] Service PID : 1588
[00:00:0313] [Check Processes] [0][_0] [System Process] :
[00:00:0313] [Check Processes] [4][_0] System :
[00:00:0329] [Check Processes] [916][_4] smss.exe : C:\WINDOWS\System32\smss.exe
[00:00:0329] [Check Processes] [952][_940] avgrsx.exe : C:\Program Files\AVG\AVG2012\avgrsx.exe
[00:00:0329] PE32
[00:00:0329] Get sections OK ; Section table : 0x1e0 -- 0x400
[00:00:0329] Nb sections : 5
[00:00:0329] Parsing section : [6] .text
[00:00:0329] Parsing section at 0x400
[00:00:0344] Parsing section : [7] .rdata
[00:00:0344] Parsing section at 0x90a00
[00:00:0344] Parsing section : [6] .data
[00:00:0344] Parsing section at 0xa8600
[00:00:0344] Parsing section : [6] .rsrc
[00:00:0344] Parsing section at 0xa9c00
[00:00:0344] Parsing section : [7] .reloc
[00:00:0344] Parsing section at 0xaa400
[00:00:0360] [Check Processes] [988][_952] avgcsrvx.exe : C:\Program Files\AVG\AVG2012\avgcsrvx.exe
[00:00:0360] PE32
[00:00:0360] Get sections OK ; Section table : 0x1d8 -- 0x400
[00:00:0360] Nb sections : 5
[00:00:0360] Parsing section : [6] .text
[00:00:0360] Parsing section at 0x400
[00:00:0360] Parsing section : [7] .rdata
[00:00:0360] Parsing section at 0x41c00
[00:00:0360] Parsing section : [6] .data
[00:00:0360] Parsing section at 0x4a200
[00:00:0360] Parsing section : [6] .rsrc
[00:00:0360] Parsing section at 0x4ac00
[00:00:0360] Parsing section : [7] .reloc
[00:00:0360] Parsing section at 0x4b400
[00:00:0360] [Check Processes] [1500][_916] csrss.exe : C:\WINDOWS\system32\csrss.exe
[00:00:0360] [Check Processes] [1540][_916] winlogon.exe : C:\WINDOWS\system32\winlogon.exe
[00:00:0375] [Check Processes] [1588][_1540] services.exe : C:\WINDOWS\system32\services.exe
[00:00:0375] [Check Processes] [1600][_1540] lsass.exe : C:\WINDOWS\system32\lsass.exe
[00:00:0375] [Check Processes] [1832][_1588] ati2evxx.exe : C:\WINDOWS\system32\ati2evxx.exe
[00:00:0375] PE32
[00:00:0375] Get sections OK ; Section table : 0x1e0 -- 0x1000
[00:00:0375] Nb sections : 4
[00:00:0375] Parsing section : [6] .text
[00:00:0375] Parsing section at 0x1000
[00:00:0375] Parsing section : [7] .rdata
[00:00:0375] Parsing section at 0x69000
[00:00:0375] Parsing section : [6] .data
[00:00:0375] Parsing section at 0x8f000
[00:00:0375] Parsing section : [6] .rsrc
[00:00:0375] Parsing section at 0x91000
[00:00:0391] [Check Processes] [1852][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0391] [Check Processes] [1912][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0391] [Check Processes] [216][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0391] [Check Processes] [264][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0391] [Check Processes] [300][_1540] ati2evxx.exe : C:\WINDOWS\system32\ati2evxx.exe
[00:00:0391] PE32
[00:00:0391] Get sections OK ; Section table : 0x1e0 -- 0x1000
[00:00:0391] Nb sections : 4
[00:00:0391] Parsing section : [6] .text
[00:00:0391] Parsing section at 0x1000
[00:00:0391] Parsing section : [7] .rdata
[00:00:0391] Parsing section at 0x69000
[00:00:0391] Parsing section : [6] .data
[00:00:0391] Parsing section at 0x8f000
[00:00:0391] Parsing section : [6] .rsrc
[00:00:0407] Parsing section at 0x91000
[00:00:0407] [Check Processes] [672][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0407] [Check Processes] [900][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0407] [Check Processes] [1180][_1588] AppleMobileDeviceService.exe : C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[00:00:0407] PE32
[00:00:0407] Get sections OK ; Section table : 0x1e8 -- 0x1000
[00:00:0407] Nb sections : 5
[00:00:0407] Parsing section : [6] .text
[00:00:0407] Parsing section at 0x1000
[00:00:0407] Parsing section : [7] .rdata
[00:00:0407] Parsing section at 0x5000
[00:00:0407] Parsing section : [6] .data
[00:00:0407] Parsing section at 0x9000
[00:00:0407] Parsing section : [6] .rsrc
[00:00:0407] Parsing section at 0xa000
[00:00:0407] Parsing section : [7] .reloc
[00:00:0407] Parsing section at 0xb000
[00:00:0407] [Check Processes] [1212][_1588] avgfws.exe : C:\Program Files\AVG\AVG2012\avgfws.exe
[00:00:0407] PE32
[00:00:0407] Get sections OK ; Section table : 0x210 -- 0x400
[00:00:0407] Nb sections : 5
[00:00:0407] Parsing section : [6] .text
[00:00:0407] Parsing section at 0x400
[00:00:0438] Parsing section : [7] .rdata
[00:00:0438] Parsing section at 0x1b2600
[00:00:0438] Parsing section : [6] .data
[00:00:0438] Parsing section at 0x1f6a00
[00:00:0438] Parsing section : [6] .rsrc
[00:00:0438] Parsing section at 0x200000
[00:00:0438] Parsing section : [7] .reloc
[00:00:0438] Parsing section at 0x215a00
[00:00:0454] [Check Processes] [1264][_1588] avgwdsvc.exe : C:\Program Files\AVG\AVG2012\avgwdsvc.exe
[00:00:0454] PE32
[00:00:0454] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:00:0454] Nb sections : 5
[00:00:0454] Parsing section : [6] .text
[00:00:0454] Parsing section at 0x400
[00:00:0454] Parsing section : [7] .rdata
[00:00:0454] Parsing section at 0x20e00
[00:00:0454] Parsing section : [6] .data
[00:00:0454] Parsing section at 0x29800
[00:00:0454] Parsing section : [6] .rsrc
[00:00:0454] Parsing section at 0x29c00
[00:00:0454] Parsing section : [7] .reloc
[00:00:0454] Parsing section at 0x2a400
[00:00:0469] [Check Processes] [1300][_1588] mDNSResponder.exe : C:\Program Files\Bonjour\mDNSResponder.exe
[00:00:0469] PE32
[00:00:0469] Get sections OK ; Section table : 0x1d8 -- 0x400
[00:00:0469] Nb sections : 5
[00:00:0469] Parsing section : [6] .text
[00:00:0469] Parsing section at 0x400
[00:00:0469] Parsing section : [7] .rdata
[00:00:0469] Parsing section at 0x44800
[00:00:0469] Parsing section : [6] .data
[00:00:0469] Parsing section at 0x58800
[00:00:0469] Parsing section : [6] .rsrc
[00:00:0469] Parsing section at 0x59a00
[00:00:0469] Parsing section : [7] .reloc
[00:00:0469] Parsing section at 0x5a400
[00:00:0469] [Check Processes] [328][_1588] jqs.exe : C:\Program Files\Java\jre7\bin\jqs.exe
[00:00:0469] PE32
[00:00:0469] Get sections OK ; Section table : 0x1e8 -- 0x400
[00:00:0469] Nb sections : 5
[00:00:0469] Parsing section : [6] .text
[00:00:0469] Parsing section at 0x400
[00:00:0485] Parsing section : [7] .rdata
[00:00:0485] Parsing section at 0x17000
[00:00:0485] Parsing section : [6] .data
[00:00:0485] Parsing section at 0x22200
[00:00:0485] Parsing section : [6] .rsrc
[00:00:0485] Parsing section at 0x23400
[00:00:0485] Parsing section : [7] .reloc
[00:00:0485] Parsing section at 0x23c00
[00:00:0485] [Check Processes] [432][_1588] mbamscheduler.exe : C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
[00:00:0485] PE32
[00:00:0485] Get sections OK ; Section table : 0x200 -- 0x400
[00:00:0485] Nb sections : 5
[00:00:0485] Parsing section : [6] .text
[00:00:0485] Parsing section at 0x400
[00:00:0485] Parsing section : [7] .rdata
[00:00:0485] Parsing section at 0x46e00
[00:00:0485] Parsing section : [6] .data
[00:00:0485] Parsing section at 0x56800
[00:00:0485] Parsing section : [6] .rsrc
[00:00:0485] Parsing section at 0x59e00
[00:00:0485] Parsing section : [7] .reloc
[00:00:0485] Parsing section at 0x5a400
[00:00:0485] [Check Processes] _KILLING_ [432] mbamscheduler.exe {}
[00:00:0485] [KILL] [432] mbamscheduler.exe -> KILLED [TermProc]
[00:00:0500] [Check Processes] [568][_1588] mbamservice.exe : C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
[00:00:0500] PE32
[00:00:0500] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:00:0500] Nb sections : 5
[00:00:0500] Parsing section : [6] .text
[00:00:0500] Parsing section at 0x400
[00:00:0500] Parsing section : [7] .rdata
[00:00:0500] Parsing section at 0x7c400
[00:00:0500] Parsing section : [6] .data
[00:00:0500] Parsing section at 0x97200
[00:00:0500] Parsing section : [6] .rsrc
[00:00:0500] Parsing section at 0x9aa00
[00:00:0500] Parsing section : [7] .reloc
[00:00:0500] Parsing section at 0x9b000
[00:00:0500] [Check Processes] _KILLING_ [568] mbamservice.exe {}
[00:00:0500] [KILL] [568] mbamservice.exe -> KILLED [TermProc]
[00:00:0516] [Check Processes] [1464][_1588] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:00:0516] [Check Processes] [1748][_1264] avgnsx.exe : C:\Program Files\AVG\AVG2012\avgnsx.exe
[00:00:0516] PE32
[00:00:0516] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:00:0516] Nb sections : 6
[00:00:0516] Parsing section : [6] .text
[00:00:0516] Parsing section at 0x400
[00:00:0516] Parsing section : [7] .rdata
[00:00:0516] Parsing section at 0xf4800
[00:00:0532] Parsing section : [6] .data
[00:00:0532] Parsing section at 0x11ce00
[00:00:0532] Parsing section : [5] .tls
[00:00:0532] Parsing section at 0x11e000
[00:00:0532] Parsing section : [6] .rsrc
[00:00:0532] Parsing section at 0x11e200
[00:00:0532] Parsing section : [7] .reloc
[00:00:0532] Parsing section at 0x11ea00
[00:00:0532] [Check Processes] [1948][_1264] avgemcx.exe : C:\Program Files\AVG\AVG2012\avgemcx.exe
[00:00:0532] PE32
[00:00:0532] Get sections OK ; Section table : 0x210 -- 0x400
[00:00:0532] Nb sections : 5
[00:00:0532] Parsing section : [6] .text
[00:00:0532] Parsing section at 0x400
[00:00:0547] Parsing section : [7] .rdata
[00:00:0547] Parsing section at 0xa3a00
[00:00:0547] Parsing section : [6] .data
[00:00:0547] Parsing section at 0xc9400
[00:00:0547] Parsing section : [6] .rsrc
[00:00:0547] Parsing section at 0xc9c00
[00:00:0547] Parsing section : [7] .reloc
[00:00:0547] Parsing section at 0xdf600
[00:00:0563] [Check Processes] [176][_1588] ToolbarUpdater.exe : C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
[00:00:0563] PE32
[00:00:0563] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:00:0563] Nb sections : 5
[00:00:0563] Parsing section : [6] .text
[00:00:0563] Parsing section at 0x400
[00:00:0563] Parsing section : [7] .rdata
[00:00:0563] Parsing section at 0xb3800
[00:00:0563] Parsing section : [6] .data
[00:00:0563] Parsing section at 0xd6c00
[00:00:0563] Parsing section : [6] .rsrc
[00:00:0563] Parsing section at 0xd9a00
[00:00:0563] Parsing section : [7] .reloc
[00:00:0563] Parsing section at 0xda000
[00:00:0579] [Check Processes] [740][_1588] avgidsagent.exe : C:\Program Files\AVG\AVG2012\avgidsagent.exe
[00:00:0579] PE32
[00:00:0579] Get sections OK ; Section table : 0x208 -- 0x400
[00:00:0579] Nb sections : 5
[00:00:0579] Parsing section : [6] .text
[00:00:0579] Parsing section at 0x400
[00:00:0610] Parsing section : [7] .rdata
[00:00:0610] Parsing section at 0x372a00
[00:00:0625] Parsing section : [6] .data
[00:00:0625] Parsing section at 0x43fe00
[00:00:0625] Parsing section : [6] .rsrc
[00:00:0625] Parsing section at 0x462e00
[00:00:0625] Parsing section : [7] .reloc
[00:00:0625] Parsing section at 0x478800
[00:00:0672] [Check Processes] [1652][_216] wuauclt.exe : C:\WINDOWS\system32\wuauclt.exe
[00:00:0672] [Check Processes] [2436][_568] mbamgui.exe : C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
[00:00:0672] PE32
[00:00:0672] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:00:0672] Nb sections : 5
[00:00:0672] Parsing section : [6] .text
[00:00:0672] Parsing section at 0x400
[00:00:0672] Parsing section : [7] .rdata
[00:00:0672] Parsing section at 0x52200
[00:00:0672] Parsing section : [6] .data
[00:00:0672] Parsing section at 0x63c00
[00:00:0672] Parsing section : [6] .rsrc
[00:00:0688] Parsing section at 0x67200
[00:00:0688] Parsing section : [7] .reloc
[00:00:0688] Parsing section at 0xb3000
[00:00:0688] [Check Processes] _KILLING_ [2436] mbamgui.exe {}
[00:00:0969] [KILL] [2436] mbamgui.exe -> KILLED [TermProc]
[00:00:0969] [Check Processes] [2480][_216] FFVCheckForUpdates.exe : C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
[00:00:0969] PE32
[00:00:0969] Get sections OK ; Section table : 0x2f8 -- 0x600
[00:00:0969] Nb sections : 8
[00:00:0969] Parsing section : [6] .text
[00:00:0969] Parsing section at 0x600
[00:00:0969] Parsing section : [6] .data
[00:00:0969] Parsing section at 0xefc00
[00:00:0969] Parsing section : [5] .tls
[00:00:0969] Parsing section at 0x10ae00
[00:00:0969] Parsing section : [7] .rdata
[00:00:0969] Parsing section at 0x10b000
[00:00:0969] Parsing section : [7] .idata
[00:00:0969] Parsing section at 0x10b200
[00:00:0985] Parsing section : [7] .edata
[00:00:0985] Parsing section at 0x10de00
[00:00:0985] Parsing section : [6] .rsrc
[00:00:0985] Parsing section at 0x134600
[00:00:0985] Parsing section : [7] .reloc
[00:00:0985] Parsing section at 0x16f600
[00:01:0000] [Check Processes] [2528][_2456] explorer.exe : C:\WINDOWS\explorer.exe
[00:01:0000] [Check DLLs] Explorer.EXE : C:\WINDOWS\Explorer.EXE
[00:01:0000] [Check DLLs] ntdll.dll : C:\WINDOWS\system32\ntdll.dll
[00:01:0000] [Check DLLs] kernel32.dll : C:\WINDOWS\system32\kernel32.dll
[00:01:0000] [Check DLLs] ADVAPI32.dll : C:\WINDOWS\system32\ADVAPI32.dll
[00:01:0000] [Check DLLs] RPCRT4.dll : C:\WINDOWS\system32\RPCRT4.dll
[00:01:0000] [Check DLLs] Secur32.dll : C:\WINDOWS\system32\Secur32.dll
[00:01:0000] [Check DLLs] BROWSEUI.dll : C:\WINDOWS\system32\BROWSEUI.dll
[00:01:0000] [Check DLLs] GDI32.dll : C:\WINDOWS\system32\GDI32.dll
[00:01:0000] [Check DLLs] USER32.dll : C:\WINDOWS\system32\USER32.dll
[00:01:0000] [Check DLLs] msvcrt.dll : C:\WINDOWS\system32\msvcrt.dll
[00:01:0000] [Check DLLs] ole32.dll : C:\WINDOWS\system32\ole32.dll
[00:01:0000] [Check DLLs] SHLWAPI.dll : C:\WINDOWS\system32\SHLWAPI.dll
[00:01:0000] [Check DLLs] OLEAUT32.dll : C:\WINDOWS\system32\OLEAUT32.dll
[00:01:0000] [Check DLLs] SHDOCVW.dll : C:\WINDOWS\system32\SHDOCVW.dll
[00:01:0000] [Check DLLs] CRYPT32.dll : C:\WINDOWS\system32\CRYPT32.dll
[00:01:0000] [Check DLLs] MSASN1.dll : C:\WINDOWS\system32\MSASN1.dll
[00:01:0000] [Check DLLs] CRYPTUI.dll : C:\WINDOWS\system32\CRYPTUI.dll
[00:01:0000] [Check DLLs] NETAPI32.dll : C:\WINDOWS\system32\NETAPI32.dll
[00:01:0000] [Check DLLs] VERSION.dll : C:\WINDOWS\system32\VERSION.dll
[00:01:0000] [Check DLLs] WININET.dll : C:\WINDOWS\system32\WININET.dll
[00:01:0000] [Check DLLs] Normaliz.dll : C:\WINDOWS\system32\Normaliz.dll
[00:01:0016] [Check DLLs] urlmon.dll : C:\WINDOWS\system32\urlmon.dll
[00:01:0016] [Check DLLs] iertutil.dll : C:\WINDOWS\system32\iertutil.dll
[00:01:0016] [Check DLLs] WINTRUST.dll : C:\WINDOWS\system32\WINTRUST.dll
[00:01:0016] [Check DLLs] IMAGEHLP.dll : C:\WINDOWS\system32\IMAGEHLP.dll
[00:01:0016] [Check DLLs] WLDAP32.dll : C:\WINDOWS\system32\WLDAP32.dll
[00:01:0016] [Check DLLs] SHELL32.dll : C:\WINDOWS\system32\SHELL32.dll
[00:01:0016] [Check DLLs] UxTheme.dll : C:\WINDOWS\system32\UxTheme.dll
[00:01:0016] [Check DLLs] ShimEng.dll : C:\WINDOWS\system32\ShimEng.dll
[00:01:0016] [Check DLLs] AcGenral.DLL : C:\WINDOWS\AppPatch\AcGenral.DLL
[00:01:0016] [Check DLLs] WINMM.dll : C:\WINDOWS\system32\WINMM.dll
[00:01:0016] [Check DLLs] MSACM32.dll : C:\WINDOWS\system32\MSACM32.dll
[00:01:0016] [Check DLLs] USERENV.dll : C:\WINDOWS\system32\USERENV.dll
[00:01:0016] [Check DLLs] IMM32.DLL : C:\WINDOWS\system32\IMM32.DLL
[00:01:0016] [Check DLLs] LPK.DLL : C:\WINDOWS\system32\LPK.DLL
[00:01:0016] [Check DLLs] USP10.dll : C:\WINDOWS\system32\USP10.dll
[00:01:0016] [Check DLLs] comctl32.dll : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[00:01:0016] [Check DLLs] comctl32.dll : C:\WINDOWS\system32\comctl32.dll
[00:01:0016] [Check DLLs] msctfime.ime : C:\WINDOWS\system32\msctfime.ime
[00:01:0016] [Check DLLs] appHelp.dll : C:\WINDOWS\system32\appHelp.dll
[00:01:0016] [Check DLLs] CLBCATQ.DLL : C:\WINDOWS\system32\CLBCATQ.DLL
[00:01:0016] [Check DLLs] COMRes.dll : C:\WINDOWS\system32\COMRes.dll
[00:01:0016] [Check DLLs] cscui.dll : C:\WINDOWS\System32\cscui.dll
[00:01:0016] [Check DLLs] CSCDLL.dll : C:\WINDOWS\System32\CSCDLL.dll
[00:01:0016] [Check DLLs] themeui.dll : C:\WINDOWS\system32\themeui.dll
[00:01:0016] [Check DLLs] MSIMG32.dll : C:\WINDOWS\system32\MSIMG32.dll
[00:01:0016] [Check DLLs] xpsp2res.dll : C:\WINDOWS\system32\xpsp2res.dll
[00:01:0016] [Check DLLs] ACTXPRXY.DLL : C:\WINDOWS\system32\ACTXPRXY.DLL
[00:01:0016] [Check DLLs] msutb.dll : C:\WINDOWS\system32\msutb.dll
[00:01:0032] [Check DLLs] MSCTF.dll : C:\WINDOWS\system32\MSCTF.dll
[00:01:0032] [Check DLLs] SAMLIB.dll : C:\WINDOWS\system32\SAMLIB.dll
[00:01:0032] [Check DLLs] LINKINFO.dll : C:\WINDOWS\system32\LINKINFO.dll
[00:01:0032] [Check DLLs] ntshrui.dll : C:\WINDOWS\system32\ntshrui.dll
[00:01:0032] [Check DLLs] ATL.DLL : C:\WINDOWS\system32\ATL.DLL
[00:01:0032] [Check DLLs] SETUPAPI.dll : C:\WINDOWS\system32\SETUPAPI.dll
[00:01:0032] [Check DLLs] ieframe.dll : C:\WINDOWS\system32\ieframe.dll
[00:01:0032] [Check DLLs] WINSTA.dll : C:\WINDOWS\system32\WINSTA.dll
[00:01:0032] [Check DLLs] NETSHELL.dll : C:\WINDOWS\system32\NETSHELL.dll
[00:01:0032] [Check DLLs] credui.dll : C:\WINDOWS\system32\credui.dll
[00:01:0032] [Check DLLs] dot3api.dll : C:\WINDOWS\system32\dot3api.dll
[00:01:0032] [Check DLLs] rtutils.dll : C:\WINDOWS\system32\rtutils.dll
[00:01:0032] [Check DLLs] dot3dlg.dll : C:\WINDOWS\system32\dot3dlg.dll
[00:01:0032] [Check DLLs] OneX.DLL : C:\WINDOWS\system32\OneX.DLL
[00:01:0032] [Check DLLs] WTSAPI32.dll : C:\WINDOWS\system32\WTSAPI32.dll
[00:01:0032] [Check DLLs] eappcfg.dll : C:\WINDOWS\system32\eappcfg.dll
[00:01:0032] [Check DLLs] MSVCP60.dll : C:\WINDOWS\system32\MSVCP60.dll
[00:01:0032] [Check DLLs] eappprxy.dll : C:\WINDOWS\system32\eappprxy.dll
[00:01:0032] [Check DLLs] iphlpapi.dll : C:\WINDOWS\system32\iphlpapi.dll
[00:01:0032] [Check DLLs] WS2_32.dll : C:\WINDOWS\system32\WS2_32.dll
[00:01:0032] [Check DLLs] WS2HELP.dll : C:\WINDOWS\system32\WS2HELP.dll
[00:01:0032] [Check DLLs] webcheck.dll : C:\WINDOWS\system32\webcheck.dll
[00:01:0032] [Check DLLs] MLANG.dll : C:\WINDOWS\system32\MLANG.dll
[00:01:0032] [Check DLLs] stobject.dll : C:\WINDOWS\system32\stobject.dll
[00:01:0032] [Check DLLs] BatMeter.dll : C:\WINDOWS\system32\BatMeter.dll
[00:01:0032] [Check DLLs] POWRPROF.dll : C:\WINDOWS\system32\POWRPROF.dll
[00:01:0032] [Check DLLs] msi.dll : C:\WINDOWS\system32\msi.dll
[00:01:0032] [Check DLLs] WPDShServiceObj.dll : C:\WINDOWS\system32\WPDShServiceObj.dll
[00:01:0032] [Check DLLs] WINHTTP.dll : C:\WINDOWS\system32\WINHTTP.dll
[00:01:0032] [Check DLLs] wdmaud.drv : C:\WINDOWS\system32\wdmaud.drv
[00:01:0047] [Check DLLs] mydocs.dll : C:\WINDOWS\system32\mydocs.dll
[00:01:0047] [Check DLLs] PortableDeviceTypes.dll : C:\WINDOWS\system32\PortableDeviceTypes.dll
[00:01:0047] [Check DLLs] PortableDeviceApi.dll : C:\WINDOWS\system32\PortableDeviceApi.dll
[00:01:0047] [Check DLLs] msacm32.drv : C:\WINDOWS\system32\msacm32.drv
[00:01:0047] [Check DLLs] midimap.dll : C:\WINDOWS\system32\midimap.dll
[00:01:0047] [Check DLLs] MPR.dll : C:\WINDOWS\system32\MPR.dll
[00:01:0047] [Check DLLs] drprov.dll : C:\WINDOWS\System32\drprov.dll
[00:01:0047] [Check DLLs] ntlanman.dll : C:\WINDOWS\System32\ntlanman.dll
[00:01:0047] [Check DLLs] NETUI0.dll : C:\WINDOWS\System32\NETUI0.dll
[00:01:0047] [Check DLLs] NETUI1.dll : C:\WINDOWS\System32\NETUI1.dll
[00:01:0047] [Check DLLs] NETRAP.dll : C:\WINDOWS\System32\NETRAP.dll
[00:01:0047] [Check DLLs] davclnt.dll : C:\WINDOWS\System32\davclnt.dll
[00:01:0047] [Check DLLs] rsaenh.dll : C:\WINDOWS\system32\rsaenh.dll
[00:01:0047] [Check DLLs] PDFShell.dll : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
[00:01:0047] [Check DLLs] MSVCP90.dll : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
[00:01:0047] [Check DLLs] MSVCR90.dll : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
[00:01:0047] [Check DLLs] mbamext.dll : C:\Documents and Settings\Fox Ellis\Desktop\Malwarebytes' Anti-Malware\mbamext.dll
[00:01:0047] [Check Processes] [3280][_1588] alg.exe : C:\WINDOWS\system32\alg.exe
[00:01:0047] [Check Processes] [1492][_2528] RTHDCPL.exe : C:\WINDOWS\RTHDCPL.exe
[00:01:0063] [Check Processes] [812][_2528] iTunesHelper.exe : D:\MASTER ITUNES\iTunes 10.6\iTunesHelper.exe
[00:01:0063] PE32
[00:01:0063] Get sections OK ; Section table : 0x1e0 -- 0x400
[00:01:0063] Nb sections : 5
[00:01:0063] Parsing section : [6] .text
[00:01:0063] Parsing section at 0x400
[00:01:0063] Parsing section : [7] .rdata
[00:01:0063] Parsing section at 0x6c00
[00:01:0063] Parsing section : [6] .data
[00:01:0063] Parsing section at 0x9000
[00:01:0063] Parsing section : [6] .rsrc
[00:01:0063] Parsing section at 0x9e00
[00:01:0063] Parsing section : [7] .reloc
[00:01:0063] Parsing section at 0x64600
[00:01:0063] [Check Processes] [2384][_2528] avgtray.exe : C:\Program Files\AVG\AVG2012\avgtray.exe
[00:01:0079] PE32
[00:01:0079] Get sections OK ; Section table : 0x200 -- 0x400
[00:01:0079] Nb sections : 5
[00:01:0079] Parsing section : [6] .text
[00:01:0079] Parsing section at 0x400
[00:01:0094] Parsing section : [7] .rdata
[00:01:0094] Parsing section at 0x1c6000
[00:01:0094] Parsing section : [6] .data
[00:01:0094] Parsing section at 0x22be00
[00:01:0094] Parsing section : [6] .rsrc
[00:01:0094] Parsing section at 0x233000
[00:01:0094] Parsing section : [7] .reloc
[00:01:0094] Parsing section at 0x24ec00
[00:01:0125] [Check Processes] [2604][_2528] vprot.exe : C:\Program Files\AVG Secure Search\vprot.exe
[00:01:0125] PE32
[00:01:0125] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:01:0125] Nb sections : 5
[00:01:0125] Parsing section : [6] .text
[00:01:0125] Parsing section at 0x400
[00:01:0125] Parsing section : [7] .rdata
[00:01:0125] Parsing section at 0xd2a00
[00:01:0125] Parsing section : [6] .data
[00:01:0125] Parsing section at 0xffe00
[00:01:0125] Parsing section : [6] .rsrc
[00:01:0125] Parsing section at 0x102e00
[00:01:0125] Parsing section : [7] .reloc
[00:01:0125] Parsing section at 0x103a00
[00:01:0141] [Check Processes] [2960][_2528] Updater.exe : C:\Program Files\Ask.com\Updater\Updater.exe
[00:01:0141] PE32
[00:01:0141] Get sections OK ; Section table : 0x208 -- 0x400
[00:01:0141] Nb sections : 5
[00:01:0141] Parsing section : [6] .text
[00:01:0141] Parsing section at 0x400
[00:01:0157] Parsing section : [7] .rdata
[00:01:0157] Parsing section at 0xbc000
[00:01:0157] Parsing section : [6] .data
[00:01:0157] Parsing section at 0xdfe00
[00:01:0157] Parsing section : [6] .rsrc
[00:01:0157] Parsing section at 0xe3600
[00:01:0157] Parsing section : [7] .reloc
[00:01:0157] Parsing section at 0x172e00
[00:01:0172] [Check Processes] [3028][_2528] jusched.exe : C:\Program Files\Common Files\Java\Java Update\jusched.exe
[00:01:0172] [Check Processes] [3292][_2528] ctfmon.exe : C:\WINDOWS\system32\ctfmon.exe
[00:01:0172] [Check Processes] [3348][_2528] GoogleToolbarNotifier.exe : C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[00:01:0172] PE32
[00:01:0172] Get sections OK ; Section table : 0x1d0 -- 0x400
[00:01:0172] Nb sections : 4
[00:01:0172] Parsing section : [6] .text
[00:01:0172] Parsing section at 0x400
[00:01:0172] Parsing section : [7] .rdata
[00:01:0172] Parsing section at 0xc00
[00:01:0172] Parsing section : [6] .data
[00:01:0172] Parsing section at 0x1000
[00:01:0172] Parsing section : [6] .rsrc
[00:01:0172] Parsing section at 0x1200
[00:01:0172] [Check Processes] [3664][_2528] OSA.EXE : C:\Program Files\Microsoft Office\Office\OSA.EXE
[00:01:0188] PE32
[00:01:0188] Get sections OK ; Section table : 0x178 -- 0x400
[00:01:0188] Nb sections : 4
[00:01:0188] Parsing section : [6] .text
[00:01:0188] Parsing section at 0x400
[00:01:0188] Parsing section : [6] .data
[00:01:0188] Parsing section at 0x5200
[00:01:0188] Parsing section : [6] .rsrc
[00:01:0188] Parsing section at 0x5400
[00:01:0188] Parsing section : [7] .reloc
[00:01:0188] Parsing section at 0xc400
[00:01:0188] [Check Processes] [3840][_4088] MOM.exe : c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[00:01:0188] PE32
[00:01:0188] Get sections OK ; Section table : 0x178 -- 0x1000
[00:01:0188] Nb sections : 3
[00:01:0188] Parsing section : [6] .text
[00:01:0188] Parsing section at 0x1000
[00:01:0188] Parsing section : [6] .rsrc
[00:01:0188] Parsing section at 0x3000
[00:01:0188] Parsing section : [7] .reloc
[00:01:0188] Parsing section at 0xb000
[00:01:0188] [Check Processes] [2164][_1748] avgcsrvx.exe : C:\Program Files\AVG\AVG2012\avgcsrvx.exe
[00:01:0188] PE32
[00:01:0188] Get sections OK ; Section table : 0x1d8 -- 0x400
[00:01:0188] Nb sections : 5
[00:01:0188] Parsing section : [6] .text
[00:01:0188] Parsing section at 0x400
[00:01:0188] Parsing section : [7] .rdata
[00:01:0188] Parsing section at 0x41c00
[00:01:0188] Parsing section : [6] .data
[00:01:0188] Parsing section at 0x4a200
[00:01:0188] Parsing section : [6] .rsrc
[00:01:0188] Parsing section at 0x4ac00
[00:01:0188] Parsing section : [7] .reloc
[00:01:0188] Parsing section at 0x4b400
[00:01:0204] [Check Processes] [3860][_1588] iPodService.exe : C:\Program Files\iPod\bin\iPodService.exe
[00:01:0204] PE32
[00:01:0204] Get sections OK ; Section table : 0x1e8 -- 0x400
[00:01:0204] Nb sections : 5
[00:01:0204] Parsing section : [6] .text
[00:01:0204] Parsing section at 0x400
[00:01:0204] Parsing section : [7] .rdata
[00:01:0204] Parsing section at 0x49a00
[00:01:0204] Parsing section : [6] .data
[00:01:0204] Parsing section at 0x5d600
[00:01:0204] Parsing section : [6] .rsrc
[00:01:0204] Parsing section at 0x60400
[00:01:0204] Parsing section : [7] .reloc
[00:01:0204] Parsing section at 0xc0e00
[00:01:0219] [Check Processes] [3684][_3840] CCC.exe : c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[00:01:0219] PE32
[00:01:0219] Get sections OK ; Section table : 0x178 -- 0x1000
[00:01:0219] Nb sections : 3
[00:01:0219] Parsing section : [6] .text
[00:01:0219] Parsing section at 0x1000
[00:01:0219] Parsing section : [6] .rsrc
[00:01:0219] Parsing section at 0x3000
[00:01:0219] Parsing section : [7] .reloc
[00:01:0219] Parsing section at 0xb000
 
I can see your not on any more but ill post this last thing today. I could not get the roguekiller to scan but I got the aswMBR log.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 22:40:25
-----------------------------
22:40:25.296 OS Version: Windows 5.1.2600 Service Pack 3
22:40:25.296 Number of processors: 1 586 0x5F02
22:40:25.296 ComputerName: HPDC5750 UserName:
22:40:25.578 Initialize success
22:51:59.218 AVAST engine defs: 12091400
23:06:39.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:06:39.265 Disk 0 Vendor: WDC_WD800JD-60LSA5 10.01E03 Size: 76319MB BusType: 3
23:06:39.281 Disk 0 MBR read successfully
23:06:39.281 Disk 0 MBR scan
23:06:39.328 Disk 0 Windows XP default MBR code
23:06:39.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 5004 MB offset 63
23:06:39.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 71311 MB offset 10249470
23:06:39.343 Disk 0 scanning sectors +156296385
23:06:39.421 Disk 0 scanning C:\WINDOWS\system32\drivers
23:06:45.734 Service scanning
23:07:02.468 Modules scanning
23:07:05.046 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
23:07:06.437 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
23:07:06.953 Disk 0 trace - called modules:
23:07:06.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:07:06.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab2cab8]
23:07:06.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000073[0x8ab31f18]
23:07:06.968 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab7c940]
23:07:07.296 AVAST engine scan C:\WINDOWS
23:07:11.984 AVAST engine scan C:\WINDOWS\system32
23:10:01.437 AVAST engine scan C:\WINDOWS\system32\drivers
23:10:10.890 AVAST engine scan C:\Documents and Settings\Fox Ellis
23:23:27.968 AVAST engine scan C:\Documents and Settings\All Users
23:25:50.890 Scan finished successfully
23:32:34.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Fox Ellis\Desktop\MBR.dat"
23:32:34.781 The log file has been saved successfully to "C:\Documents and Settings\Fox Ellis\Desktop\aswMBR.txt"
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.
 
Here is the rkill log. it also said I could run my antivirus to check for infection, should I do that? Sorry the log is in three parts.

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/15/2012 04:15:53 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1512) [WD-HEUR]
* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1748) [WD-HEUR]
* C:\WINDOWS\RTHDCPL.EXE (PID: 2736) [WD-HEUR]
* C:\WINDOWS\System32\alg.exe (PID: 2984) [WD-HEUR]
4 proccesses terminated!
Possibly Patched Files.
* C:\WINDOWS\system32\services.exe
* C:\WINDOWS\system32\lsass.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\Explorer.EXE
* C:\WINDOWS\system32\ctfmon.exe
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled
 
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\appmgmts.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\appmgmts.dll : 167,936 : 08/21/2008 00:00 AM : d8849f77c0b66226335a59d26cb4edc6 [Pos Repl]
* C:\WINDOWS\System32\browser.dll [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\sp3gdr\browser.dll : 78,336 : 07/06/2012 00:58 AM : cfd4e51402da9838b5a04ae680af54a0 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\sp3qfe\browser.dll : 78,336 : 07/06/2012 00:58 AM : fc6d1d80588d371f0321e15a75b2f8f2 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\browser.dll : 77,824 : 08/21/2008 00:00 AM : a06ce3399d16db864f55faeb1f1927a9 [Pos Repl]
* C:\WINDOWS\System32\clipsrv.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\clipsrv.exe : 33,280 : 08/21/2008 00:00 AM : 34cbe729f38138217f9c80212a2a0c82 [Pos Repl]
* C:\WINDOWS\System32\comctl32.dll [NoSig]
+-> C:\WINDOWS\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL : 921,088 : 08/21/2008 00:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\comctl32.dll : 617,472 : 08/23/2010 00:12 AM : 93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921,088 : 08/21/2008 00:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1,054,208 : 08/21/2008 00:00 AM : bd38d1ebe24a46bd3eda059560afba12 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll : 1,054,208 : 08/23/2010 00:12 AM : 736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]
* C:\WINDOWS\System32\comres.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\comres.dll : 792,064 : 08/21/2008 00:00 AM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
* C:\WINDOWS\System32\cryptsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\cryptsvc.dll : 62,464 : 08/21/2008 00:00 AM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]
* C:\WINDOWS\System32\csrss.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\csrss.exe : 6,144 : 08/21/2008 00:00 AM : 44f275c64738ea2056e3d9580c23b60f [Pos Repl]
* C:\WINDOWS\System32\ctfmon.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\ctfmon.exe : 15,360 : 08/21/2008 00:00 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
* C:\WINDOWS\System32\d3d8.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\d3d8.dll : 1,179,648 : 08/21/2008 00:00 AM : f099b129022170f2df9e1c0185c9bcfb [Pos Repl]
* C:\WINDOWS\System32\d3d8thk.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\d3d8thk.dll : 8,192 : 08/21/2008 00:00 AM : 31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]
* C:\WINDOWS\System32\d3d9.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\d3d9.dll : 1,689,088 : 08/21/2008 00:00 AM : 0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]
* C:\WINDOWS\System32\ddraw.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ddraw.dll : 279,552 : 08/21/2008 00:00 AM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
* C:\WINDOWS\System32\dllhost.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\dllhost.exe : 5,120 : 08/21/2008 00:00 AM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]
* C:\WINDOWS\System32\drivers\acpiec.sys [NoSig]
* C:\WINDOWS\System32\drivers\acpi.sys [NoSig]
* C:\WINDOWS\System32\drivers\aec.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\aec.sys : 142,592 : 04/13/2008 11:09 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
* C:\WINDOWS\System32\drivers\afd.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys : 138,496 : 02/16/2011 00:25 AM : 8d499b1276012eb907e7a9e0f4d8fda4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/16/2008 00:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/17/2011 00:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys : 138,496 : 06/20/2008 00:48 AM : d6ee6014241d034e63c49a50cb2b442a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys : 138,496 : 08/14/2008 00:34 AM : 4d43e74f2a1239d53929b82600f1971c [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 11:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]
* C:\WINDOWS\System32\drivers\amdk6.sys [NoSig]
* C:\WINDOWS\System32\drivers\amdk7.sys [NoSig]
* C:\WINDOWS\System32\drivers\arp1394.sys [NoSig]
* C:\WINDOWS\System32\drivers\asyncmac.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\asyncmac.sys : 14,336 : 08/21/2008 11:00 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
* C:\WINDOWS\System32\drivers\atapi.sys [NoSig]
* C:\WINDOWS\System32\drivers\audstub.sys [NoSig]
* C:\WINDOWS\System32\drivers\beep.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 08/21/2008 11:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
* C:\WINDOWS\System32\drivers\bridge.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\bridge.sys : 71,552 : 08/21/2008 11:00 AM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]
* C:\WINDOWS\System32\drivers\bthport.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 00:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 11:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 11:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
* C:\WINDOWS\System32\drivers\cbidf2k.sys [NoSig]
* C:\WINDOWS\System32\drivers\cdaudio.sys [NoSig]
* C:\WINDOWS\System32\drivers\cdfs.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\cdfs.sys : 63,744 : 08/21/2008 11:00 AM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
* C:\WINDOWS\System32\drivers\cdrom.sys [NoSig]
* C:\WINDOWS\System32\drivers\classpnp.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\classpnp.sys : 49,536 : 08/21/2008 11:00 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
* C:\WINDOWS\System32\drivers\cpqdap01.sys [NoSig]
* C:\WINDOWS\System32\drivers\crusoe.sys [NoSig]
* C:\WINDOWS\System32\drivers\diskdump.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\diskdump.sys : 14,208 : 08/21/2008 11:00 AM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
* C:\WINDOWS\System32\drivers\disk.sys [NoSig]
* C:\WINDOWS\System32\drivers\dmboot.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmboot.sys : 799,744 : 08/21/2008 11:00 AM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]
* C:\WINDOWS\System32\drivers\dmio.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmio.sys : 153,344 : 08/21/2008 11:00 AM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
* C:\WINDOWS\System32\drivers\dmload.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 08/21/2008 11:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
* C:\WINDOWS\System32\drivers\DMusic.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmusic.sys : 52,864 : 04/14/2008 11:15 AM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
* C:\WINDOWS\System32\drivers\drmkaud.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 11:15 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
* C:\WINDOWS\System32\drivers\drmk.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/14/2008 11:15 AM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
* C:\WINDOWS\System32\drivers\dxapi.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 08/21/2008 11:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
* C:\WINDOWS\System32\drivers\dxg.sys [NoSig]
* C:\WINDOWS\System32\drivers\dxgthk.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 08/21/2008 11:00 AM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]
* C:\WINDOWS\System32\drivers\fastfat.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\fastfat.sys : 143,744 : 08/21/2008 11:00 AM : 38d332a6d56af32635675f132548343e [Pos Repl]
* C:\WINDOWS\System32\drivers\fdc.sys [NoSig]
* C:\WINDOWS\System32\drivers\fips.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\fips.sys : 44,544 : 08/21/2008 11:00 AM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
* C:\WINDOWS\System32\drivers\flpydisk.sys [NoSig]
* C:\WINDOWS\System32\drivers\fltMgr.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\fltmgr.sys : 129,792 : 08/21/2008 11:00 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
* C:\WINDOWS\System32\drivers\fs_rec.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 08/21/2008 11:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]
* C:\WINDOWS\System32\drivers\fsvga.sys [NoSig]
* C:\WINDOWS\System32\drivers\ftdisk.sys [NoSig]
* C:\WINDOWS\System32\drivers\hidclass.sys [NoSig]
* C:\WINDOWS\System32\drivers\hidparse.sys [NoSig]
* C:\WINDOWS\System32\drivers\hidusb.sys [NoSig]
* C:\WINDOWS\System32\drivers\http.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/20/2009 00:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
* C:\WINDOWS\System32\drivers\i8042prt.sys [NoSig]
* C:\WINDOWS\System32\drivers\imapi.sys [NoSig]
* C:\WINDOWS\System32\drivers\intelppm.sys [NoSig]
* C:\WINDOWS\System32\drivers\ip6fw.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ip6fw.sys : 36,608 : 08/21/2008 11:00 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipfltdrv.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 08/21/2008 11:00 AM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipinip.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipinip.sys : 20,864 : 08/21/2008 11:00 AM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipnat.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipnat.sys : 152,832 : 08/21/2008 11:00 AM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]
* C:\WINDOWS\System32\drivers\ipsec.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipsec.sys : 75,264 : 08/21/2008 11:00 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
* C:\WINDOWS\System32\drivers\irenum.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\irenum.sys : 11,264 : 08/21/2008 11:00 AM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]
* C:\WINDOWS\System32\drivers\isapnp.sys [NoSig]
* C:\WINDOWS\System32\drivers\kbdclass.sys [NoSig]
* C:\WINDOWS\System32\drivers\kmixer.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 11:15 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
* C:\WINDOWS\System32\drivers\ksecdd.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 00:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
+-> C:\WINDOWS\I386\KSECDD.SYS : 92,288 : 08/21/2008 00:00 AM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 11:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl]
* C:\WINDOWS\System32\drivers\ks.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/14/2008 11:46 AM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mcd.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 08/21/2008 11:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
* C:\WINDOWS\System32\drivers\mf.sys [NoSig]
* C:\WINDOWS\System32\drivers\mnmdd.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 08/21/2008 11:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
* C:\WINDOWS\System32\drivers\modem.sys [NoSig]
* C:\WINDOWS\System32\drivers\mouclass.sys [NoSig]
* C:\WINDOWS\System32\drivers\mouhid.sys [NoSig]
* C:\WINDOWS\System32\drivers\mountmgr.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mountmgr.sys : 42,368 : 08/21/2008 11:00 AM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]
* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 92,544 : 08/21/2008 11:00 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
* C:\WINDOWS\System32\drivers\mrxdav.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mrxdav.sys : 180,608 : 08/21/2008 11:00 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]
* C:\WINDOWS\System32\drivers\mrxsmb.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys : 457,472 : 02/17/2011 00:19 AM : fb7dfd15d760ad339837a470f0e780d3 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys : 457,856 : 04/29/2011 00:47 AM : 8dd801e28eb76fda2a38907882a0036f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/15/2011 00:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys : 457,216 : 02/24/2010 00:57 AM : d09b9f0b9960dd41e73127b7814c115f [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 11:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 11:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
* C:\WINDOWS\System32\drivers\msfs.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\msfs.sys : 19,072 : 08/21/2008 11:00 AM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]
* C:\WINDOWS\System32\drivers\msgpc.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\msgpc.sys : 35,072 : 08/21/2008 11:00 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
* C:\WINDOWS\System32\drivers\MSKSSRV.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mskssrv.sys : 7,552 : 04/14/2008 11:09 AM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
* C:\WINDOWS\System32\drivers\MSPCLOCK.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mspclock.sys : 5,376 : 04/14/2008 11:09 AM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
* C:\WINDOWS\System32\drivers\MSPQM.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\mspqm.sys : 4,992 : 04/14/2008 11:09 AM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
* C:\WINDOWS\System32\drivers\mssmbios.sys [NoSig]
* C:\WINDOWS\System32\drivers\mup.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/21/2011 00:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 11:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndis.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ndis.sys : 182,656 : 08/21/2008 11:00 AM : 1df7f42665c94b825322fae71721130d [Pos Repl]
* C:\WINDOWS\System32\drivers\ndistapi.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/08/2011 00:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 11:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndisuio.sys [NoSig]
* C:\WINDOWS\System32\drivers\ndiswan.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ndiswan.sys : 91,520 : 08/21/2008 11:00 AM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
* C:\WINDOWS\System32\drivers\ndproxy.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40,960 : 11/02/2010 10:55 PM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/02/2010 11:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl]
* C:\WINDOWS\System32\drivers\netbios.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\netbios.sys : 34,688 : 08/21/2008 11:00 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
* C:\WINDOWS\System32\drivers\netbt.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\netbt.sys : 162,816 : 08/21/2008 11:00 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
* C:\WINDOWS\System32\drivers\nic1394.sys [NoSig]
* C:\WINDOWS\System32\drivers\nikedrv.sys [NoSig]
* C:\WINDOWS\System32\drivers\nmnt.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nmnt.sys : 40,320 : 08/21/2008 11:00 AM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
* C:\WINDOWS\System32\drivers\npfs.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\npfs.sys : 30,848 : 08/21/2008 11:00 AM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]
* C:\WINDOWS\System32\drivers\ntfs.sys [NoSig]
+-> C:\WINDOWS\I386\NTFS.SYS : 574,976 : 08/21/2008 00:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntfs.sys : 574,976 : 08/21/2008 11:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
* C:\WINDOWS\System32\drivers\null.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 08/21/2008 11:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkflt.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 08/21/2008 11:00 AM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkfwd.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 08/21/2008 11:00 AM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkipx.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkipx.sys : 88,320 : 08/21/2008 11:00 AM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnknb.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 08/21/2008 11:00 AM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkspx.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 08/21/2008 11:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwrdr.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwrdr.sys : 163,584 : 08/21/2008 11:00 AM : 36b9b950e3d2e100970a48d8bad86740 [Pos Repl]
* C:\WINDOWS\System32\drivers\oprghdlr.sys [NoSig]
* C:\WINDOWS\System32\drivers\p3.sys [NoSig]
* C:\WINDOWS\System32\drivers\parport.sys [NoSig]
* C:\WINDOWS\System32\drivers\partmgr.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\partmgr.sys : 19,712 : 08/21/2008 11:00 AM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]
* C:\WINDOWS\System32\drivers\parvdm.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 08/21/2008 11:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
* C:\WINDOWS\System32\drivers\pciidex.sys [NoSig]
* C:\WINDOWS\System32\drivers\pci.sys [NoSig]
* C:\WINDOWS\System32\drivers\pcmcia.sys [NoSig]
* C:\WINDOWS\System32\drivers\portcls.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/14/2008 11:49 AM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
* C:\WINDOWS\System32\drivers\processr.sys [NoSig]
* C:\WINDOWS\System32\drivers\psched.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\psched.sys : 69,120 : 08/21/2008 11:00 AM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]
* C:\WINDOWS\System32\drivers\ptilink.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 08/21/2008 11:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
* C:\WINDOWS\System32\drivers\rasacd.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 08/21/2008 11:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
* C:\WINDOWS\System32\drivers\rasl2tp.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasl2tp.sys : 51,328 : 08/21/2008 11:00 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
* C:\WINDOWS\System32\drivers\raspppoe.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspppoe.sys : 41,472 : 08/21/2008 11:00 AM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]
* C:\WINDOWS\System32\drivers\raspptp.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspptp.sys : 48,384 : 08/21/2008 11:00 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
* C:\WINDOWS\System32\drivers\raspti.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 08/21/2008 11:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
* C:\WINDOWS\System32\drivers\rawwan.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 08/21/2008 11:00 AM : 01524cd237223b18adbb48f70083f101 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdbss.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdbss.sys : 175,744 : 08/21/2008 11:00 AM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpcdd.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 08/21/2008 11:00 AM : 4912d5b403614ce99c28420f75353332 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpdr.sys [NoSig]
* C:\WINDOWS\System32\drivers\rdpwd.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys : 139,656 : 06/24/2011 10:09 AM : 3348e61a78ba4f79c795aad6565d3b6f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys : 139,784 : 01/09/2012 10:19 AM : 2d293b720c206473a05950ce007db12a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2685939\SP3QFE\rdpwd.sys : 139,656 : 05/02/2012 10:45 AM : 997c59b9955f911ec460241dd9e01b04 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\af1dca7ba584ed594c74473813ba498b\SP3GDR\rdpwd.sys : 139,784 : 07/04/2012 00:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\af1dca7ba584ed594c74473813ba498b\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 00:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,656 : 05/02/2012 11:46 AM : 6589db6e5969f8eee594cf71171c5028 [Pos Repl]
* C:\WINDOWS\System32\drivers\redbook.sys [NoSig]
* C:\WINDOWS\System32\drivers\rmcast.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/08/2008 10:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 11:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]
* C:\WINDOWS\System32\drivers\rndismp.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rndismp.sys : 30,592 : 08/21/2008 11:00 AM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]
* C:\WINDOWS\System32\drivers\rootmdm.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 08/21/2008 11:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
* C:\WINDOWS\System32\drivers\scsiport.sys [NoSig]
* C:\WINDOWS\System32\drivers\sdbus.sys [NoSig]
* C:\WINDOWS\System32\drivers\serenum.sys [NoSig]
* C:\WINDOWS\System32\drivers\serial.sys [NoSig]
* C:\WINDOWS\System32\drivers\sffdisk.sys [NoSig]
* C:\WINDOWS\System32\drivers\sffp_sd.sys [NoSig]
* C:\WINDOWS\System32\drivers\sfloppy.sys [NoSig]
* C:\WINDOWS\System32\drivers\smclib.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 08/21/2008 11:00 AM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]
* C:\WINDOWS\System32\drivers\sonydcam.sys [NoSig]
* C:\WINDOWS\System32\drivers\splitter.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\splitter.sys : 6,272 : 04/14/2008 11:15 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
* C:\WINDOWS\System32\drivers\sr.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\sr.sys : 73,472 : 08/21/2008 11:00 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]
* C:\WINDOWS\System32\drivers\srv.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/26/2010 10:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/17/2011 10:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB982214\SP3QFE\srv.sys : 354,304 : 06/21/2010 10:18 AM : 422e4508508015c7d12f40bf9763f158 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 11:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]
* C:\WINDOWS\System32\drivers\stream.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/14/2008 11:15 AM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
* C:\WINDOWS\System32\drivers\swenum.sys [NoSig]
* C:\WINDOWS\System32\drivers\swmidi.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 11:15 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
* C:\WINDOWS\System32\drivers\sysaudio.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 11:45 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
* C:\WINDOWS\System32\drivers\tape.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\tape.sys : 14,976 : 08/21/2008 11:00 AM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
* C:\WINDOWS\System32\drivers\tcpip6.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 10:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 10:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 10:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 11:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]
* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 10:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 10:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 11:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
* C:\WINDOWS\System32\drivers\tdi.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\tdi.sys : 19,072 : 08/21/2008 11:00 AM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
* C:\WINDOWS\System32\drivers\tdpipe.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\tdpipe.sys : 12,040 : 08/21/2008 11:00 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]
* C:\WINDOWS\System32\drivers\tdtcp.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\tdtcp.sys : 21,896 : 08/21/2008 11:00 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]
* C:\WINDOWS\System32\drivers\termdd.sys [NoSig]
* C:\WINDOWS\System32\drivers\tosdvd.sys [NoSig]
* C:\WINDOWS\System32\drivers\tunmp.sys [NoSig]
* C:\WINDOWS\System32\drivers\udfs.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\udfs.sys : 66,048 : 08/21/2008 11:00 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
* C:\WINDOWS\System32\drivers\update.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\update.sys : 384,768 : 08/21/2008 11:00 AM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
* C:\WINDOWS\System32\drivers\usb8023.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,800 : 08/21/2008 11:00 AM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
* C:\WINDOWS\System32\drivers\usbcamd2.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbcamd.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbccgp.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbd.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbehci.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbhub.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbintel.sys [NoSig]
* C:\WINDOWS\System32\drivers\usbport.sys [NoSig]
* C:\WINDOWS\System32\drivers\USBSTOR.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\usbstor.sys : 26,368 : 04/14/2008 11:15 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\USBSTOR.SYS : 26,368 : 04/14/2008 00:15 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
* C:\WINDOWS\System32\drivers\vga.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\vga.sys : 20,992 : 08/21/2008 11:00 AM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
* C:\WINDOWS\System32\drivers\videoprt.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\videoprt.sys : 81,664 : 08/21/2008 11:00 AM : e28726b72c46821a28830e077d39a55b [Pos Repl]
* C:\WINDOWS\System32\drivers\volsnap.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\volsnap.sys : 52,352 : 08/21/2008 11:00 AM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
* C:\WINDOWS\System32\drivers\wanarp.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\wanarp.sys : 34,560 : 08/21/2008 11:00 AM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
* C:\WINDOWS\System32\drivers\wdmaud.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 11:47 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
* C:\WINDOWS\System32\drivers\wmilib.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 08/21/2008 11:00 AM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
* C:\WINDOWS\System32\drivers\ws2ifsl.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 08/21/2008 11:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
* C:\WINDOWS\System32\dsound.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\dsound.dll : 367,616 : 08/21/2008 11:00 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
* C:\WINDOWS\System32\dssenh.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\dssenh.dll : 138,752 : 08/21/2008 11:00 AM : fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]
* C:\WINDOWS\System32\es.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll : 253,952 : 07/07/2008 01:23 PM : f17f6226bdc0cd5f0bef0daf84d29bec [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\es.dll : 253,952 : 07/07/2008 01:26 PM : d4991d98f2db73c60d042f1aef79efae [Pos Repl]
* C:\WINDOWS\System32\eventlog.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\eventlog.dll : 56,320 : 08/21/2008 01:00 AM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
* C:\WINDOWS\System32\hid.dll [NoSig]
* C:\WINDOWS\System32\hnetcfg.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\hnetcfg.dll : 344,064 : 08/21/2008 01:00 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]
* C:\WINDOWS\System32\imm32.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\imm32.dll : 110,080 : 08/21/2008 01:00 AM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]
* C:\WINDOWS\System32\ipsecsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipsecsvc.dll : 183,808 : 08/21/2008 01:00 AM : 332760fba1655fcfd35bd6f4fd871300 [Pos Repl]
* C:\WINDOWS\System32\kernel32.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll : 991,744 : 03/21/2009 01:59 AM : da11d9d6ecbdf0f93436a4b7c13f7bec [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\kernel32.dll : 989,696 : 03/21/2009 01:06 AM : b921fb870c9ac0d509b2ccabbbbe95f3 [Pos Repl]
* C:\WINDOWS\System32\ksuser.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ksuser.dll : 4,096 : 04/14/2008 01:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
* C:\WINDOWS\System32\linkinfo.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\linkinfo.dll : 19,968 : 08/21/2008 01:00 AM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
* C:\WINDOWS\System32\lpk.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\lpk.dll : 22,016 : 08/21/2008 01:00 AM : 012df358cebaa23acb26d82077820817 [Pos Repl]
* C:\WINDOWS\System32\lsass.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\lsass.exe : 13,312 : 08/21/2008 01:00 AM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
* C:\WINDOWS\System32\mfc40u.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll : 953,856 : 09/18/2010 01:18 AM : 842900dedbc8e3e8dbcccb298fd88f65 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/17/2010 11:53 PM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]
* C:\WINDOWS\System32\midimap.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\midimap.dll : 18,944 : 08/21/2008 11:00 AM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]
* C:\WINDOWS\System32\msgsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\msgsvc.dll : 33,792 : 08/21/2008 11:00 AM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
* C:\WINDOWS\System32\mshtml.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2360131\SP3QFE\mshtml.dll : 3,074,560 : 09/09/2010 01:25 AM : 575fbcb3e2c6e848f0386f38aaf0e4ed [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll : 5,958,656 : 09/09/2010 10:57 PM : 8a03cc037e6b7d1796192815231b0c3f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll : 5,960,704 : 11/05/2010 05:27 PM : 864e69f32656a7121444ba0193d7b64b [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll : 5,962,240 : 12/20/2010 03:58 PM : 2a2c070ec691ce410533a1da7aa3cd86 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll : 5,964,800 : 02/22/2011 03:27 PM : 3422847aa07e37076a87d0b7d5044dc6 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll : 5,967,360 : 05/30/2011 03:17 PM : d0b1db576941cb0b6669b8752ffac79a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll : 5,971,456 : 07/25/2011 03:15 AM : bce7ccebad6c8955d2b4c3b246bd0e57 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll : 5,972,992 : 10/03/2011 03:34 AM : 1240a6b7b470bed0aa6c9fec7ab0ea26 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll : 5,978,624 : 11/04/2011 03:19 AM : 699421e2e1313c18671a703953cae14b [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll : 5,980,160 : 12/17/2011 03:45 AM : 49b88a833eca99efbffc5aae5cc998ed [Pos Repl]
 
+-> C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll : 5,980,672 : 03/01/2012 03:58 AM : 5dbb0c997ad276bce9d30cd609bdbf67 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll : 6,009,344 : 05/11/2012 03:41 AM : 55f148b94246a77fb4ac33346671cac8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll : 5,953,024 : 05/06/2010 03:36 AM : 9be28f749a7fe7f8f177c6aa2e9da609 [Pos Repl]
+-> C:\WINDOWS\ie8\mshtml.dll : 3,066,880 : 08/21/2008 00:00 AM : a706e122b398fe1ab85cb9b75d044223 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll : 5,950,976 : 05/06/2010 11:41 AM : c7b7a88cc7d7aba5c395145bf92f46f7 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll : 5,957,120 : 09/09/2010 10:58 PM : de41132da8e5a3cd57201c6f2175ec05 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll : 5,959,168 : 11/05/2010 05:26 PM : d7cca87057901c87ed8cc40ddcc7fa1b [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll : 5,961,216 : 12/20/2010 03:59 PM : 1edcec5d649dbac37ed9ffb5a14ceb0c [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2530548-IE8\mshtml.dll : 5,962,240 : 02/22/2011 03:06 PM : c2ef2335f1b6c2be20a67d9098f6c9a1 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2559049-IE8\mshtml.dll : 5,964,800 : 05/30/2011 03:19 PM : 22ba5235ea846eda87f68a1dcc2bfcf9 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2586448-IE8\mshtml.dll : 5,969,920 : 07/25/2011 03:17 AM : 23b3c8e9f3f280180573569253ce98ab [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2618444-IE8\mshtml.dll : 5,971,456 : 10/03/2011 03:35 AM : 4963cb503600fc3bcbdbfba51fba1fac [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2647516-IE8\mshtml.dll : 5,978,112 : 11/04/2011 03:20 AM : dd8d655e1881b70a5259a23a6018a6c2 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2675157-IE8\mshtml.dll : 5,979,136 : 12/17/2011 03:46 AM : a9259cd226283cd4f798c00909754a94 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2699988-IE8\mshtml.dll : 5,978,624 : 03/01/2012 03:01 AM : dade53318d8e5335ee2e1745f1c3fc4d [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll : 5,937,152 : 03/08/2009 03:41 AM : d469a0eba2ef5c6bee8065b7e3196e5e [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3GDR\mshtml.dll : 6,008,320 : 07/02/2012 00:49 AM : 13d2e016b784730a98f24d6e5beed22f [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3QFE\mshtml.dll : 6,010,368 : 07/02/2012 00:48 AM : df599ac52b62de001e42d36f92b45e68 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3GDR\mshtml.dll : 5,957,120 : 09/09/2010 10:58 PM : de41132da8e5a3cd57201c6f2175ec05 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3QFE\mshtml.dll : 5,958,656 : 09/09/2010 10:57 PM : 8a03cc037e6b7d1796192815231b0c3f [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll : 5,950,976 : 05/06/2010 10:41 AM : c7b7a88cc7d7aba5c395145bf92f46f7 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll : 5,953,024 : 05/06/2010 10:36 AM : 9be28f749a7fe7f8f177c6aa2e9da609 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mshtml.dll : 6,007,808 : 05/11/2012 03:42 AM : 886b62a906b3967cbbf0fd2c833a30bf [Pos Repl]
* C:\WINDOWS\System32\msimg32.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\msimg32.dll : 4,608 : 08/21/2008 03:00 AM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
* C:\WINDOWS\System32\mspmsnsv.dll [NoSig]
+-> C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll : 25,088 : 01/28/2005 01:44 PM : 140ef97b64f560fd78643cae2cdad838 [Pos Repl]
+-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll : 25,088 : 01/28/2005 01:44 PM : 140ef97b64f560fd78643cae2cdad838 [Pos Repl]
+-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll : 52,224 : 08/21/2008 03:00 AM : c7e39ea41233e9f5b86c8da3a9f1e4a8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mspmsnsv.dll : 27,136 : 10/18/2006 09:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl]
* C:\WINDOWS\System32\msprivs.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\msprivs.dll : 48,128 : 08/21/2008 09:00 AM : c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]
* C:\WINDOWS\System32\msvcrt.dll [NoSig]
+-> C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL : 322,560 : 08/21/2008 00:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\msvcrt.dll : 343,040 : 08/21/2008 09:00 AM : 355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322,560 : 08/21/2008 09:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll : 343,040 : 08/21/2008 09:00 AM : d7075e95aa599ee77b7a89d39296bd3d [Pos Repl]
* C:\WINDOWS\System32\mswsock.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll : 245,248 : 06/20/2008 03:43 AM : fcee5fcb99f7c724593365c706d28388 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll : 245,248 : 06/20/2008 03:43 AM : fcee5fcb99f7c724593365c706d28388 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mswsock.dll : 245,248 : 06/20/2008 09:02 AM : 943337d786a56729263071623bbb9de5 [Pos Repl]
* C:\WINDOWS\System32\netlogon.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\netlogon.dll : 407,040 : 08/21/2008 09:00 AM : 1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]
* C:\WINDOWS\System32\netman.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\netman.dll : 198,144 : 08/21/2008 09:00 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
* C:\WINDOWS\System32\ntkrnlpa.exe [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe : 2,069,376 : 12/09/2010 06:39 PM : f67cd97282e0abfaf91a9a1359b16f2d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe : 2,069,376 : 10/25/2011 06:52 AM : db19fff0c805664cb95062c027b11fe9 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe : 2,069,120 : 04/11/2012 06:42 AM : 063a0f8a90d8e2b802e5243fe9aabcf3 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe : 2,069,120 : 05/04/2012 06:41 AM : 8e99a0ce02c1beda6c0935a4dde9ceaa [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe : 2,066,176 : 02/06/2009 06:30 AM : 607352b9cb3d708c67f6039097801b5a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe : 2,066,944 : 04/28/2010 06:14 AM : 756362706de8bc92f11e197c98a73844 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2,069,120 : 05/04/2012 09:32 AM : 5dd80d56af1cefbff4f25951069b55bb [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntkrnlpa.exe : 2,069,120 : 05/04/2012 09:32 AM : 5dd80d56af1cefbff4f25951069b55bb [Pos Repl]
* C:\WINDOWS\System32\ntmssvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ntmssvc.dll : 435,200 : 08/21/2008 09:00 AM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
* C:\WINDOWS\System32\ntoskrnl.exe [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe : 2,192,768 : 12/09/2010 06:43 AM : a531bbd3de13121c1380ed7dc99082db [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe : 2,192,768 : 10/25/2011 06:34 AM : f512c662874d7545e5bd8005e6800a44 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe : 2,192,640 : 04/11/2012 06:22 AM : 8d061bb825bc606c2b1c6f7452d1baaa [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe : 2,192,640 : 05/04/2012 06:20 AM : 099a0f80a563ebe935f4a9750f96c219 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe : 2,189,184 : 02/07/2009 06:35 PM : efe8eace83eaad5849a7a548fb75b584 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe : 2,190,080 : 04/27/2010 06:50 AM : a2abbec40cdb57454645d06b7ebd22f5 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2,192,640 : 05/04/2012 09:12 AM : ddf0cb8cd3c6007cdf4ad8f0409ed930 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntoskrnl.exe : 2,192,640 : 05/04/2012 09:12 AM : ddf0cb8cd3c6007cdf4ad8f0409ed930 [Pos Repl]
* C:\WINDOWS\System32\oakley.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB974392\SP3QFE\oakley.dll : 270,336 : 10/13/2009 06:38 AM : 7eadba6d371c60cca9e4db57c28c8045 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\oakley.dll : 270,336 : 10/13/2009 09:30 AM : c5ff8682eada5b3b27a865f1c3ef9270 [Pos Repl]
* C:\WINDOWS\System32\ole32.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll : 1,289,216 : 11/01/2011 06:05 AM : 7d9dde1ab4b00ddb173f5a16e9206517 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll : 1,289,216 : 07/16/2010 06:04 AM : 8d51fb47062f2a1a9efeccef338a4c46 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ole32.dll : 1,288,704 : 11/01/2011 09:07 AM : 6bad1bed9872e62049e487fb91ae2f3a [Pos Repl]
* C:\WINDOWS\System32\olepro32.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\olepro32.dll : 84,992 : 08/21/2008 09:00 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
* C:\WINDOWS\System32\perfctrs.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\perfctrs.dll : 39,936 : 08/21/2008 09:00 AM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
* C:\WINDOWS\System32\powrprof.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\powrprof.dll : 17,408 : 08/21/2008 09:00 AM : 50a166237a0fa771261275a405646cc0 [Pos Repl]
* C:\WINDOWS\System32\psbase.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\psbase.dll : 96,768 : 08/21/2008 09:00 AM : 22d89d84e8e081cda529dbf8c0255a38 [Pos Repl]
* C:\WINDOWS\System32\pstorsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\pstorsvc.dll : 34,304 : 08/21/2008 09:00 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]
* C:\WINDOWS\System32\qmgr.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\qmgr.dll : 409,088 : 08/21/2008 09:00 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
* C:\WINDOWS\System32\rasadhlp.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasadhlp.dll : 7,680 : 08/21/2008 09:00 AM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
* C:\WINDOWS\System32\regsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\regsvc.dll : 59,904 : 08/21/2008 09:00 AM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
* C:\WINDOWS\System32\rpcss.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll : 401,408 : 02/09/2009 06:56 AM : 9222562d44021b988b9f9f62207fb6f2 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rpcss.dll : 401,408 : 02/09/2009 09:10 AM : 6b27a5c03dfb94b4245739065431322c [Pos Repl]
* C:\WINDOWS\System32\scecli.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\scecli.dll : 181,248 : 08/21/2008 09:00 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
* C:\WINDOWS\System32\schannel.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2541763\SP3QFE\schannel.dll : 151,552 : 04/29/2011 06:23 AM : 6fd5eec3703d7770c9029e774acc2294 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll : 152,064 : 11/16/2011 06:20 AM : d444009f7cd704c89f7f9e62396ed4f1 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2655992\SP3QFE\schannel.dll : 153,088 : 06/03/2012 09:31 PM : 26f1193092b9ac2586deb38dd1cbb25c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll : 147,456 : 06/25/2009 09:41 AM : e513ba8bc33fd00f35d69659b478b1df [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB980436\SP3QFE\schannel.dll : 149,504 : 06/30/2010 09:23 AM : e04b6497b6407d2f444e86b30680dc5a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\schannel.dll : 152,576 : 06/03/2012 09:32 PM : 0f64207b49390c8063c36ae7cbf9c2db [Pos Repl]
* C:\WINDOWS\System32\schedsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\schedsvc.dll : 192,512 : 08/21/2008 09:00 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
* C:\WINDOWS\System32\services.exe [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe : 110,592 : 02/06/2009 09:06 AM : 020ceaaedc8eb655b6506b8c70d53bb6 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\services.exe : 110,592 : 02/06/2009 09:11 AM : 65df52f5b8b6e9bbd183505225c37315 [Pos Repl]
* C:\WINDOWS\System32\setupapi.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\setupapi.dll : 985,088 : 08/21/2008 09:00 AM : 24192246760e0e64435522e246b1d6c2 [Pos Repl]
* C:\WINDOWS\System32\sfc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\sfc.dll : 5,120 : 08/21/2008 09:00 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
* C:\WINDOWS\System32\sfcfiles.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\sfcfiles.dll : 1,614,848 : 08/21/2008 09:00 AM : 9dd07af82244867ca36681ea2d29ce79 [Pos Repl]
* C:\WINDOWS\System32\shsvcs.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll : 135,168 : 07/27/2009 03:13 PM : 888cd7b39c37e13a2419becfaaf0a28c [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\shsvcs.dll : 135,168 : 07/27/2009 04:17 PM : 99bc0b50f511924348be19c7c7313bbf [Pos Repl]
* C:\WINDOWS\System32\smss.exe [NoSig]
+-> C:\WINDOWS\I386\SYSTEM32\SMSS.EXE : 470,016 : 08/21/2008 04:00 AM : 3c3393c92a73a3006c7b706dac54a812 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\smss.exe : 50,688 : 08/21/2008 04:00 AM : 5f816c1f539266d2d4c78694239da0b5 [Pos Repl]
* C:\WINDOWS\System32\srsvc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\srsvc.dll : 171,008 : 08/21/2008 04:00 AM : 3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]
* C:\WINDOWS\System32\ssdpsrv.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ssdpsrv.dll : 71,680 : 08/21/2008 04:00 AM : 0a5679b3714edab99e357057ee88fca6 [Pos Repl]
* C:\WINDOWS\System32\svchost.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\svchost.exe : 14,336 : 08/21/2008 04:00 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
* C:\WINDOWS\System32\tapisrv.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\tapisrv.dll : 249,856 : 08/21/2008 04:00 AM : 3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]
* C:\WINDOWS\System32\termsrv.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\termsrv.dll : 295,424 : 08/21/2008 04:00 AM : ff3477c03be7201c294c35f684b3479f [Pos Repl]
* C:\WINDOWS\System32\upnphost.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\upnphost.dll : 185,856 : 08/21/2008 04:00 AM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]
* C:\WINDOWS\System32\user32.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\user32.dll : 578,560 : 08/21/2008 04:00 AM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
* C:\WINDOWS\System32\userinit.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\userinit.exe : 26,112 : 08/21/2008 04:00 AM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
* C:\WINDOWS\System32\usp10.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB981322\SP3QFE\usp10.dll : 406,016 : 04/16/2010 03:29 AM : f8894bcc961d461674002b4bae7aecc1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usp10.dll : 406,016 : 04/16/2010 04:36 AM : 9e03dc5ab51cfd0190541ce2038d819d [Pos Repl]
* C:\WINDOWS\System32\UxTheme.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218,624 : 08/21/2008 04:00 AM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]
* C:\WINDOWS\System32\version.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\version.dll : 18,944 : 08/21/2008 04:00 AM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]
* C:\WINDOWS\System32\w32time.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\w32time.dll : 175,104 : 08/21/2008 04:00 AM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]
* C:\WINDOWS\System32\wbem\wmiprvse.exe [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe : 227,840 : 02/06/2009 03:15 AM : f520ab392d58c0a1070268032d809382 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 04:10 AM : 798a9e6828997eef4517ada8a2259831 [Pos Repl]
* C:\WINDOWS\System32\wdigest.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\wdigest.dll : 54,272 : 06/25/2009 03:41 AM : d9dcec3fa1b27689fc56e34c38d3f148 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 04:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]
* C:\WINDOWS\System32\wiaservc.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\wiaservc.dll : 333,824 : 08/21/2008 04:00 AM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
* C:\WINDOWS\System32\wininet.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2360131\SP3QFE\wininet.dll : 668,672 : 09/09/2010 03:25 AM : d7275e6da8d1a8beb36468548899522c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll : 919,552 : 09/09/2010 10:57 PM : 0555e190dcd06b8998e6ddca42daeb82 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll : 919,552 : 11/05/2010 05:27 PM : 9357c4249f4810fb0e49c13387a8a77c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll : 919,552 : 12/20/2010 03:58 PM : 5504b4ecce892eb82cd2c5fa71940ac1 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll : 919,552 : 02/22/2011 03:27 PM : a9fa95f0d7f511959ac721e4843e5967 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll : 919,552 : 04/25/2011 03:09 AM : 7f4f1697001b9e9a7924d219dc215903 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll : 919,552 : 06/23/2011 03:33 AM : 509cf67ae762a38e23a5455a0053853c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll : 919,552 : 08/22/2011 04:47 PM : 19630aebbfaeb06984cab91848270aaf [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll : 919,552 : 11/04/2011 04:19 AM : 4e4716caf514717814d07113ad0425b6 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll : 919,552 : 12/17/2011 04:45 AM : 84a48e9818e8440ddbfd8eec37c8a937 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll : 919,552 : 03/01/2012 04:58 AM : 4ec67fab39f37626ad6d9895fc094abf [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll : 920,064 : 05/16/2012 04:06 AM : 553ad35768cd27959391dd5aa82cef6f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll : 919,040 : 05/06/2010 04:36 AM : c1490f68b44af8b781f52f12f564625d [Pos Repl]
+-> C:\WINDOWS\ie8\wininet.dll : 666,112 : 08/21/2008 01:00 AM : 7a4f775abb2f1c97def3e73afa2faedd [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll : 916,480 : 05/06/2010 04:41 AM : 2d9c7b010409372c34f725da5cced083 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll : 916,480 : 09/09/2010 10:58 PM : 36fe8abc59aafbe20cbe54bc372f9429 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2482017-IE8\wininet.dll : 916,480 : 11/05/2010 05:26 PM : 306a2b05ea9846278113964dc6e2c940 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2497640-IE8\wininet.dll : 916,480 : 12/20/2010 03:59 PM : 88014d62b5e3cdb0ac67948d86c926c8 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2530548-IE8\wininet.dll : 916,480 : 02/22/2011 03:06 PM : f192d49eefe297fa858b2c774ba2291d [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2559049-IE8\wininet.dll : 916,480 : 04/25/2011 03:11 AM : cc951c2212a200475a587a440e0aa804 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2586448-IE8\wininet.dll : 916,480 : 06/23/2011 03:36 AM : af4eddc6c0446fce5681b5ded52b8f0e [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll : 916,480 : 08/22/2011 04:48 PM : 1a377838b4b468e37c3eeb5baa24f925 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2647516-IE8\wininet.dll : 916,992 : 11/04/2011 04:20 AM : 552263502ea8c24d301a0c43ff90b3ed [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2675157-IE8\wininet.dll : 916,992 : 12/17/2011 04:46 AM : f362d50fbdc6e34918df41bde1770e5c [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2699988-IE8\wininet.dll : 916,992 : 03/01/2012 04:01 AM : 009e7b4c284f080608d7286484015ee5 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll : 914,944 : 03/08/2009 04:34 AM : 6ce32f7778061ccc5814d5e0f282d369 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3GDR\wininet.dll : 916,992 : 07/02/2012 10:49 AM : c4300cb4d20b1159dc77e01e8a2525ec [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\06af2d630217aa32a4f6f6b9c5c1a3ba\SP3QFE\wininet.dll : 920,064 : 07/02/2012 10:48 AM : efb2241de3aa6480521a16d0cb67b0ec [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3GDR\wininet.dll : 916,480 : 09/09/2010 10:58 PM : 36fe8abc59aafbe20cbe54bc372f9429 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3QFE\wininet.dll : 919,552 : 09/09/2010 10:57 PM : 0555e190dcd06b8998e6ddca42daeb82 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll : 916,480 : 05/06/2010 10:41 AM : 2d9c7b010409372c34f725da5cced083 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll : 919,040 : 05/06/2010 10:36 AM : c1490f68b44af8b781f52f12f564625d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wininet.dll : 916,992 : 05/16/2012 04:08 AM : 6b1774334e2975aa60596e54f5ea1430 [Pos Repl]
* C:\WINDOWS\System32\winlogon.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\winlogon.exe : 507,904 : 08/21/2008 04:00 AM : ed0ef0a136dec83df69f04118870003e [Pos Repl]
* C:\WINDOWS\System32\ws2_32.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ws2_32.dll : 82,432 : 08/21/2008 04:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
* C:\WINDOWS\System32\ws2help.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\ws2help.dll : 19,968 : 08/21/2008 04:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
* C:\WINDOWS\System32\wscntfy.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\wscntfy.exe : 13,824 : 08/21/2008 04:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
* C:\WINDOWS\System32\xmlprov.dll [NoSig]
+-> C:\WINDOWS\system32\dllcache\xmlprov.dll : 129,024 : 08/21/2008 04:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
* C:\WINDOWS\explorer.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,033,728 : 08/21/2008 04:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
Program finished at: 09/15/2012 04:18:03 PM
Execution time: 0 hours(s), 2 minute(s), and 9 seconds(s)
 
You must log in or register to reply here.

Similar threads

Tekman777
Problems with Windows Update and Defender
Replies
0
Views
488
Tekman777
Tekman777
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
782
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back