1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer running slow

Discussion in 'Virus & Other Malware Removal' started by whimsyraj, Feb 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    My computer is running so slow when it comes to opening up new programs, typing and/or surfing the internet. I've only had this computer for about 3 years. I've done AVG, Malaware, and SuperAntiSpyware scan and no threats come up. Can someone please help me? Thank you in advance!

    HiJackThis log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:56:54 PM, on 2/9/2013
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: VMware View Client Service (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

    --
    End of file - 6299 bytes

    DDS log:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
    Run at 20:07:07 on 2013-02-09
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    \??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    \??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>;*.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    dURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - c:\program files\infoatoms\ie32\InfoAtomsClientIE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{AF865D28-D71F-4AF7-AC79-9D4E6248A095} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bible.com/
    FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-12-10 21:03; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2012-12-10 21:03; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: browser.search.order.1 - Google
    FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
    FF - user.js: search.clsid - {73034C3D-ACB1-41E5-BE69-5B681F9C573C}
    FF - user.js: search.sid - 15001053100
    FF - user.js: extensions.newAddons - false
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? HTCAND32;HTC Device Driver
    R? htcnprot;HTC NDIS Protocol Driver
    R? pehslg;pehslg
    R? SASENUM;SASENUM
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? !SASCORE;SAS Core Service
    S? AVGIDSEH;AVGIDSEH
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? avgwd;AVG WatchDog
    S? HTCMonitorService;HTCMonitorService
    S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
    S? PassThru Service;Internet Pass-Through Service
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    S? wsnm;VMware View Client Service
    .
    =============== Created Last 30 ================
    .
    2013-01-22 23:42:12 -------- d-----w- c:\documents and settings\all users\application data\AVG January 2013 Campaign
    .
    ==================== Find3M ====================
    .
    2012-11-12 09:47:48 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    .
    ============= FINISH: 20:10:30.75 ===============

    Attach log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/24/2010 6:07:29 PM
    System Uptime: 2/9/2013 7:44:26 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G5611
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 74 GiB total, 4.904 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP315: 11/9/2012 5:49:02 PM - System Checkpoint
    RP316: 11/30/2012 11:41:55 PM - Removed Google Drive
    RP317: 11/30/2012 11:47:48 PM - Removed AVG 2011
    RP318: 12/9/2012 1:25:40 PM - System Checkpoint
    RP319: 12/10/2012 2:57:02 PM - System Checkpoint
    RP320: 12/10/2012 7:30:10 PM - Installed Windows XP Wdf01007.
    RP321: 12/10/2012 7:32:21 PM - Installed HTC Sync Manager.
    RP322: 12/11/2012 7:41:11 PM - System Checkpoint
    RP323: 12/12/2012 9:08:39 AM - Removed AVG 2011
    RP324: 12/13/2012 9:41:11 AM - System Checkpoint
    RP325: 12/14/2012 11:05:10 AM - System Checkpoint
    RP326: 1/15/2013 9:03:10 PM - System Checkpoint
    RP327: 1/15/2013 11:49:43 PM - Removed AVG 2011
    RP328: 1/17/2013 12:32:15 AM - System Checkpoint
    RP329: 1/17/2013 1:08:17 PM - Removed Google Drive
    RP330: 1/18/2013 8:37:30 AM - Removed AVG 2011
    RP331: 1/19/2013 10:30:10 AM - System Checkpoint
    RP332: 1/21/2013 11:24:32 AM - System Checkpoint
    RP333: 1/22/2013 12:45:54 PM - System Checkpoint
    RP334: 1/24/2013 10:45:20 PM - System Checkpoint
    RP335: 1/27/2013 10:00:52 PM - System Checkpoint
    RP336: 1/28/2013 10:54:11 PM - System Checkpoint
    RP337: 1/29/2013 11:11:37 PM - System Checkpoint
    RP338: 1/31/2013 12:41:41 AM - System Checkpoint
    RP339: 2/3/2013 1:54:46 PM - System Checkpoint
    RP340: 2/6/2013 9:02:37 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    3ivx MPEG-4 5.0.2 (remove only)
    Adobe Acrobat Elements 6.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.5
    Advanced Office Password Recovery
    Amazon Unbox Video
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    Big Fish Games: Game Manager
    BitTorrent
    Bonjour
    Broadcom Advanced Control Suite 2
    Broadcom Gigabit Integrated Controller
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Crash Analysis Tool
    Dell Driver Reset Tool
    Diner Dash 5: Boom
    DivX Setup
    Epocrates Essentials for Pocket PC
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Drive
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB939209)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB909394)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HTC Driver Installer
    HTC Sync Manager
    InfoAtoms
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 16
    JavaFX 2.1.0
    Juniper Networks Host Checker
    Juniper Networks Setup Client Activex Control
    Juniper Networks, Inc. Setup Client
    Juniper Terminal Services Client
    LucasArts' Monkey 4
    Malwarebytes' Anti-Malware
    McAfee SiteAdvisor
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 10.0.1 (x86 en-US)
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    MyPhoneExplorer
    OpenOffice.org 3.0
    OverDrive Media Console
    Picasa 3
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    S800
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Shutterfly Express Uploader
    Skype&#8482; 4.2
    SoundMAX
    SUPERAntiSpyware Free Edition
    TeamViewer 6
    Tomb Raider Chronicles
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 0.9.2
    VMware View Client
    WebEx
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile® Device Handbook
    Windows XP Hotfix - KB839210
    WinRAR archiver
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/3/2013 1:39:57 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================

    Ark.txt.file:
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-09 20:18:49
    Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Maxtor_6Y080M0 rev.YAR51HW0 74.51GB
    Running: ihwk7kpt[1].exe; Driver: C:\DOCUME~1\WINNIF~1\LOCALS~1\Temp\kfddypow.sys


    ---- System - GMER 2.0 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA564640]

    ---- Kernel code sections - GMER 2.0 ----

    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF78E5F80]
    ? C:\DOCUME~1\WINNIF~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0241EF20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0241EE00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 0241F060 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[432] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0241F160 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1348] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0240EF20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0240EE00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 0240F060 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2000] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0240F160 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
    .text

    ---- EOF - GMER 2.0 ----
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    As your system has not updated to Service Pack 3 we need to do a check on the licence before we go any further.


    • To run the tool, click on this link: MGADiag
    • In the File Download - Security Warning dialog box, click Run.
    • In the Internet Explorer - Security Warning dialog box, click Run.
    • In the Microsoft Genuine Advantage Diagnostic Tool dialog box, click Continue.
    • When the MGADIAG tool finishes, ensure it is displaying the information under the Windows tab and click Copy.
    • Come back to this thread and right click on the message box and select Paste from the pop up menu and the results will appear, then submit the message.
     
  3. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
    Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
    Windows Product ID: 76487-OEM-2211906-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {8AD53DCB-1C0C-44A4-B0DE-A8BD4847208A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please post the complete log.
     
  5. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    I thought you only wanted what was on the windows screen...sorry. Here it is:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
    Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
    Windows Product ID: 76487-OEM-2211906-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {8AD53DCB-1C0C-44A4-B0DE-A8BD4847208A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2f0d_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8AD53DCB-1C0C-44A4-B0DE-A8BD4847208A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>76487-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1645522239-2052111302-725345543</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>OptiPlex GX280 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="3"/><Date>20050209000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>560E39470184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>8C71F1EDC015D86</Val><Hash>KoY/EAS9m/QOJ7EIySe4QMMBGVo=</Hash><Pid>89409-707-0149617-65690</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1A889:Dell Inc|1A889:Microsoft Corporation
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, that is all fine so we need to find out why your system has not updated to Service Pack 3, being on Service Pack 2 leaves your system vulnerable and unsupported by Security Updates from Microsoft. Windows Update appears to be running so all is not well.

    I need you to remove a few items before running the scans below, please open Add/Remove Programs from the Control Panel and uninstall the following:
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 16
    JavaFX 2.1.0
    BitTorrent

    All the Java versions are out of date and therefore vulnerable to infection, we will install the latest version when the clean up is complete. BitTorrent allows you to download files from unknown sources and is the easiest way to get your PC infected, if you insist on keeping it please DO NOT use it until we are finished.

    There is an unknown driver in the system which needs to be checked. This file may well be legitimate but I can get no results when searching for it which is usually a bad sign.


    Please download SystemLook from one of the links below and save it to your Desktop.



    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :service
      pehslg
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.


    ================================================================

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  7. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    Here are the reports and I uninstalled all the programs you asked me to.

    System Look:
    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:45 on 10/02/2013 by xxxxxxxx
    Administrator - Elevation successful

    ========== service ==========

    pehslg
    pehslg
    (No Description)
    Current Status: Stopped
    Startup Type: Boot
    Error Control: Ignore
    Binary:
    Group: Boot Bus Extender
    SafeBoot: Minimal(Group) Network(Group)
    Dependencies:
    (none)
    Dependant Services:
    (none)

    -= EOF =-

    Adwcleaner:
    # AdwCleaner v2.112 - Logfile created 02/10/2013 at 14:45:51
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : xxxxxxxx - JUNEBUG
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\xxxxxxxxxx\My Documents\Downloads\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v10.0.1 (en-US)

    File : C:\Documents and Settings\xxxxxxxxx\Application Data\Mozilla\Firefox\Profiles\ib654cie.default\prefs.js

    [OK] File is clean.

    File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\md722ojb.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\xxxxxxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1381 octets] - [10/02/2013 14:23:46]
    AdwCleaner[S1].txt - [371 octets] - [10/02/2013 14:24:37]
    AdwCleaner[S2].txt - [1750 octets] - [10/02/2013 14:24:54]
    AdwCleaner[S3].txt - [1258 octets] - [10/02/2013 14:45:51]

    ########## EOF - C:\AdwCleaner[S3].txt - [1318 octets] ##########


    Roguekiller:
    RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : xxxxx [Admin rights]
    Mode : Scan -- Date : 02/10/2013 14:59:20
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[257] : NtTerminateProcess @ 0x805D1686 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys @ 0xAA60B640)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Maxtor 6Y080M0 +++++
    --- User ---
    [MBR] fb16bf9fda520579b36bcb84b617ac26
    [BSP] 169b9d5c07bac38b986d07330b966fa0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02102013_02d1459.txt >>
    RKreport[1]_S_02102013_02d1459.txt
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have run ADWCleaner four times and posted the last log which shows none of the deletions, please post the first one that shows what it found. Has the PC's performance improved since running it?

    SystemLook has shown some information on that suspicious service but I now need you to do another search to find its location, we can then get it checked with an online virus scanner.

    Please run SystemLook again and use this script:

    Code:
    :filefind
    *pehslg*
    ====================================================================


    Please download Farbar Service Scanner and run it on the computer with the issue.

    • Put a check mark in all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  9. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    # AdwCleaner v2.112 - Logfile created 02/10/2013 at 14:23:46
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : xxxxx- JUNEBUG
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\xxxxx\My Documents\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v10.0.1 (en-US)

    File : C:\Documents and Settings\xxxxx\Application Data\Mozilla\Firefox\Profiles\ib654cie.default\prefs.js

    [OK] File is clean.

    File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\md722ojb.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\xxxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1252 octets] - [10/02/2013 14:23:46]

    ########## EOF - C:\AdwCleaner[R1].txt - [1312 octets] ##########


    # AdwCleaner v2.112 - Logfile created 02/10/2013 at 14:24:37
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : xxxxx - JUNEBUG
    # Boot Mode : Normal
    # Running from : C:\Documents and Setting\xxxxx\My Documents\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    # AdwCleaner v2.112 - Logfile created 02/10/2013 at 14:24:54
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : xxxxx - JUNEBUG
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\xxxxx\My Documents\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v10.0.1 (en-US)

    File : C:\Documents and Settings\xxxxx\Application Data\Mozilla\Firefox\Profiles\ib654cie.default\prefs.js

    C:\Documents and Settings\xxxxx\Application Data\Mozilla\Firefox\Profiles\ib654cie.default\user.js ... Deleted !

    [OK] File is clean.

    File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\md722ojb.default\prefs.js

    C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\md722ojb.default\user.js ... Deleted !

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\xxxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1381 octets] - [10/02/2013 14:23:46]
    AdwCleaner[S1].txt - [371 octets] - [10/02/2013 14:24:37]
    AdwCleaner[S2].txt - [1621 octets] - [10/02/2013 14:24:54]

    ########## EOF - C:\AdwCleaner[S2].txt - [1681 octets] ##########

    # AdwCleaner v2.112 - Logfile created 02/10/2013 at 14:45:51
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : xxxxx - JUNEBUG
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\xxxxx\My Documents\Downloads\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v10.0.1 (en-US)

    File : C:\Documents and Settings\xxxxx\Application Data\Mozilla\Firefox\Profiles\ib654cie.default\prefs.js

    [OK] File is clean.

    File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\md722ojb.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\xxxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1381 octets] - [10/02/2013 14:23:46]
    AdwCleaner[S1].txt - [371 octets] - [10/02/2013 14:24:37]
    AdwCleaner[S2].txt - [1750 octets] - [10/02/2013 14:24:54]
    AdwCleaner[S3].txt - [1258 octets] - [10/02/2013 14:45:51]

    ########## EOF - C:\AdwCleaner[S3].txt - [1318 octets] ##########


    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:52 on 10/02/2013 by xxxxx
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*pehslg*"
    No files found.

    -= EOF =-

    Farbar Service Scanner Version: 10-02-2013
    Ran by xxxxx (administrator) on 10-02-2013 at 15:54:10
    Running from "C:\Documents and Settings\xxxxx\My Documents\Downloads"
    Microsoft Windows XP Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys
    [2004-08-04 05:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

    C:\WINDOWS\system32\Drivers\netbt.sys
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2004-08-04 05:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

    C:\WINDOWS\system32\ipnathlp.dll
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

    C:\WINDOWS\system32\netman.dll
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2010-02-24 18:00] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\srsvc.dll
    [2010-02-24 18:02] - [2004-08-04 05:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

    C:\WINDOWS\system32\Drivers\sr.sys
    [2010-02-24 18:02] - [2004-08-04 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

    C:\WINDOWS\system32\wscsvc.dll
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2010-02-24 18:00] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\wuauserv.dll
    [2010-02-24 18:02] - [2004-08-04 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

    C:\WINDOWS\system32\qmgr.dll
    [2010-02-24 18:02] - [2004-08-04 05:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

    C:\WINDOWS\system32\es.dll
    [2004-08-04 05:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

    C:\WINDOWS\system32\cryptsvc.dll
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

    C:\WINDOWS\system32\svchost.exe
    [2004-08-04 05:00] - [2004-08-04 05:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2004-08-04 05:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

    C:\WINDOWS\system32\services.exe
    [2004-08-04 05:00] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x0700000005000000010000000200000003000000040000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Everything is coming up clean, we will do one more scan and then see about updating to Service Pack 3.



    Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.

    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

    Be sure to print out and follow the instructions for performing a scan.

    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.


    • When the program opens, click the Change parameters.

      [​IMG]

    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

      [​IMG]

    • Click the Start Scan button.

      [​IMG]

    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects: and offer three options.

      [​IMG]

    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

      [​IMG]

    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
    • Copy and paste the contents of that file in your next reply.

    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
     
  11. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    17:30:34.0640 0824 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    17:30:35.0531 0824 ============================================================
    17:30:35.0531 0824 Current date / time: 2013/02/11 17:30:35.0531
    17:30:35.0531 0824 SystemInfo:
    17:30:35.0531 0824
    17:30:35.0531 0824 OS Version: 5.1.2600 ServicePack: 2.0
    17:30:35.0531 0824 Product type: Workstation
    17:30:35.0531 0824 ComputerName: JUNEBUG
    17:30:35.0531 0824 Windows directory: C:\WINDOWS
    17:30:35.0531 0824 System windows directory: C:\WINDOWS
    17:30:35.0546 0824 Processor architecture: Intel x86
    17:30:35.0546 0824 Number of processors: 2
    17:30:35.0546 0824 Page size: 0x1000
    17:30:35.0546 0824 Boot type: Normal boot
    17:30:35.0546 0824 ============================================================
    17:30:54.0437 0824 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    17:30:54.0468 0824 ============================================================
    17:30:54.0468 0824 \Device\Harddisk0\DR0:
    17:30:56.0937 0824 MBR partitions:
    17:30:56.0937 0824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    17:30:56.0937 0824 ============================================================
    17:30:58.0218 0824 C: <-> \Device\Harddisk0\DR0\Partition1
    17:30:58.0546 0824 ============================================================
    17:30:58.0546 0824 Initialize success
    17:30:58.0546 0824 ============================================================
    18:04:39.0921 1736 ============================================================
    18:04:39.0937 1736 Scan started
    18:04:39.0937 1736 Mode: Manual; SigCheck; TDLFS;
    18:04:39.0937 1736 ============================================================
    18:04:41.0859 1736 ================ Scan system memory ========================
    18:04:41.0921 1736 System memory - ok
    18:04:41.0921 1736 ================ Scan services =============================
    18:04:42.0000 1736 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    18:04:45.0625 1736 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
    18:04:45.0625 1736 !SASCORE - detected UnsignedFile.Multi.Generic (1)
    18:04:49.0625 1736 Abiosdsk - ok
    18:04:49.0625 1736 abp480n5 - ok
    18:04:50.0109 1736 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:05:21.0625 1736 ACPI - ok
    18:05:31.0187 1736 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:05:31.0609 1736 ACPIEC - ok
    18:06:09.0765 1736 adpu160m - ok
    18:06:19.0468 1736 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    18:06:19.0546 1736 ADVService ( UnsignedFile.Multi.Generic ) - warning
    18:06:19.0546 1736 ADVService - detected UnsignedFile.Multi.Generic (1)
    18:06:19.0750 1736 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    18:06:20.0406 1736 aec - ok
    18:06:20.0515 1736 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    18:06:20.0921 1736 AFD - ok
    18:06:20.0937 1736 Aha154x - ok
    18:06:21.0000 1736 aic78u2 - ok
    18:06:21.0015 1736 aic78xx - ok
    18:06:21.0562 1736 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    18:06:22.0000 1736 Alerter - ok
    18:06:26.0812 1736 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
    18:06:27.0265 1736 ALG - ok
    18:06:27.0328 1736 AliIde - ok
    18:06:27.0328 1736 amsint - ok
    18:06:29.0531 1736 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:06:29.0656 1736 Apple Mobile Device - ok
    18:06:29.0703 1736 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    18:06:30.0031 1736 AppMgmt - ok
    18:06:30.0031 1736 asc - ok
    18:06:30.0046 1736 asc3350p - ok
    18:06:30.0046 1736 asc3550 - ok
    18:06:30.0703 1736 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:06:31.0156 1736 aspnet_state - ok
    18:06:31.0359 1736 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:06:31.0703 1736 AsyncMac - ok
    18:06:31.0812 1736 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:06:31.0984 1736 atapi - ok
    18:06:31.0984 1736 Atdisk - ok
    18:06:32.0125 1736 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:06:32.0671 1736 Atmarpc - ok
    18:06:32.0734 1736 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    18:06:33.0296 1736 AudioSrv - ok
    18:06:33.0625 1736 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:06:33.0906 1736 audstub - ok
    18:06:34.0140 1736 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    18:06:34.0218 1736 AVGIDSEH - ok
    18:06:34.0625 1736 [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    18:06:34.0734 1736 Avgldx86 - ok
    18:06:34.0875 1736 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    18:06:35.0000 1736 Avgmfx86 - ok
    18:06:35.0140 1736 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    18:06:35.0234 1736 Avgrkx86 - ok
    18:06:37.0859 1736 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
    18:06:38.0140 1736 avgwd - ok
    18:06:38.0375 1736 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    18:06:38.0937 1736 b57w2k - ok
    18:06:39.0062 1736 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    18:06:39.0375 1736 Beep - ok
    18:06:39.0734 1736 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
    18:06:40.0171 1736 BITS - ok
    18:06:41.0421 1736 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:06:41.0546 1736 Bonjour Service - ok
    18:06:41.0671 1736 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
    18:06:42.0062 1736 Browser - ok
    18:06:44.0109 1736 catchme - ok
    18:06:44.0187 1736 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:06:44.0484 1736 cbidf2k - ok
    18:06:44.0484 1736 cd20xrnt - ok
    18:06:44.0578 1736 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:06:44.0937 1736 Cdaudio - ok
    18:06:45.0031 1736 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    18:06:45.0312 1736 Cdfs - ok
    18:06:45.0546 1736 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:06:45.0828 1736 Cdrom - ok
    18:06:45.0937 1736 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    18:06:46.0125 1736 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    18:06:46.0125 1736 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    18:06:46.0140 1736 Changer - ok
    18:06:46.0171 1736 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
    18:06:46.0656 1736 CiSvc - ok
    18:06:46.0953 1736 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    18:06:47.0484 1736 ClipSrv - ok
    18:06:47.0578 1736 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:06:47.0765 1736 clr_optimization_v2.0.50727_32 - ok
    18:06:48.0953 1736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:06:49.0078 1736 clr_optimization_v4.0.30319_32 - ok
    18:06:49.0156 1736 CmdIde - ok
    18:06:49.0203 1736 COMSysApp - ok
    18:06:49.0218 1736 Cpqarray - ok
    18:06:49.0453 1736 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    18:06:49.0843 1736 CryptSvc - ok
    18:06:49.0843 1736 dac2w2k - ok
    18:06:49.0843 1736 dac960nt - ok
    18:06:50.0109 1736 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    18:06:50.0546 1736 DcomLaunch - ok
    18:06:50.0687 1736 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    18:06:50.0875 1736 Dhcp - ok
    18:06:51.0609 1736 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    18:06:51.0968 1736 Disk - ok
    18:06:52.0015 1736 dmadmin - ok
    18:06:52.0609 1736 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    18:06:53.0546 1736 dmboot - ok
    18:06:53.0640 1736 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    18:06:54.0140 1736 dmio - ok
    18:06:54.0187 1736 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    18:06:54.0750 1736 dmload - ok
    18:06:54.0859 1736 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
    18:06:55.0312 1736 dmserver - ok
    18:06:55.0437 1736 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    18:06:55.0750 1736 DMusic - ok
    18:06:56.0062 1736 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    18:06:56.0406 1736 Dnscache - ok
    18:06:56.0406 1736 dpti2o - ok
    18:06:56.0578 1736 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    18:06:57.0046 1736 drmkaud - ok
    18:06:57.0109 1736 dsNcAdpt - ok
    18:06:57.0859 1736 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
    18:06:58.0171 1736 ERSvc - ok
    18:06:58.0296 1736 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
    18:06:58.0578 1736 Eventlog - ok
    18:06:59.0046 1736 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
    18:06:59.0671 1736 EventSystem - ok
    18:07:00.0062 1736 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    18:07:00.0390 1736 Fastfat - ok
    18:07:00.0593 1736 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    18:07:01.0062 1736 FastUserSwitchingCompatibility - ok
    18:07:01.0328 1736 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:07:01.0734 1736 Fdc - ok
    18:07:02.0125 1736 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    18:07:02.0468 1736 Fips - ok
    18:07:02.0546 1736 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:07:02.0843 1736 Flpydisk - ok
    18:07:03.0000 1736 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    18:07:03.0312 1736 FltMgr - ok
    18:07:03.0671 1736 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:07:03.0765 1736 FontCache3.0.0.0 - ok
    18:07:04.0140 1736 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:07:04.0593 1736 Fs_Rec - ok
    18:07:05.0296 1736 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:07:05.0687 1736 Ftdisk - ok
    18:07:07.0984 1736 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    18:07:08.0078 1736 GEARAspiWDM - ok
    18:07:08.0265 1736 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:07:08.0734 1736 Gpc - ok
    18:07:08.0968 1736 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    18:07:08.0984 1736 gupdate - ok
    18:07:09.0046 1736 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    18:07:09.0062 1736 gupdatem - ok
    18:07:09.0125 1736 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:07:09.0234 1736 gusvc - ok
    18:07:09.0375 1736 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:07:09.0843 1736 helpsvc - ok
    18:07:09.0937 1736 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
    18:07:10.0203 1736 HidServ - ok
    18:07:10.0234 1736 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:07:10.0421 1736 hidusb - ok
    18:07:10.0437 1736 hpn - ok
    18:07:10.0484 1736 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
    18:07:14.0468 1736 HTCAND32 - ok
    18:07:14.0578 1736 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    18:07:14.0640 1736 HTCMonitorService - ok
    18:07:14.0703 1736 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
    18:07:15.0000 1736 htcnprot - ok
    18:07:15.0078 1736 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    18:07:15.0234 1736 HTTP - ok
    18:07:15.0328 1736 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    18:07:15.0609 1736 HTTPFilter - ok
    18:07:15.0609 1736 i2omgmt - ok
    18:07:15.0625 1736 i2omp - ok
    18:07:15.0656 1736 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
    18:07:15.0843 1736 i8042prt - ok
    18:07:15.0921 1736 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    18:07:16.0625 1736 ialm - ok
    18:07:17.0296 1736 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:07:17.0546 1736 idsvc - ok
    18:07:17.0625 1736 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:07:17.0984 1736 Imapi - ok
    18:07:18.0109 1736 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
    18:07:18.0468 1736 ImapiService - ok
    18:07:18.0484 1736 ini910u - ok
    18:07:18.0625 1736 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:07:19.0171 1736 IntelIde - ok
    18:07:19.0250 1736 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:07:19.0546 1736 intelppm - ok
    18:07:19.0656 1736 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    18:07:19.0921 1736 Ip6Fw - ok
    18:07:19.0984 1736 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:07:20.0218 1736 IpFilterDriver - ok
    18:07:20.0328 1736 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:07:20.0609 1736 IpInIp - ok
    18:07:20.0640 1736 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:07:20.0890 1736 IpNat - ok
    18:07:21.0093 1736 [ 32CDEDD15E2D1A557CD54552AE78FF86 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:07:21.0187 1736 iPod Service - ok
    18:07:21.0312 1736 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:07:21.0578 1736 IPSec - ok
    18:07:21.0609 1736 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:07:21.0781 1736 IRENUM - ok
    18:07:21.0828 1736 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:07:22.0093 1736 isapnp - ok
    18:07:22.0109 1736 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:07:22.0593 1736 Kbdclass - ok
    18:07:22.0656 1736 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:07:23.0062 1736 kbdhid - ok
    18:07:23.0109 1736 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    18:07:23.0468 1736 kmixer - ok
    18:07:23.0500 1736 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    18:07:23.0671 1736 KSecDD - ok
    18:07:23.0765 1736 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    18:07:24.0046 1736 lanmanserver - ok
    18:07:24.0093 1736 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    18:07:24.0265 1736 lanmanworkstation - ok
    18:07:24.0281 1736 lbrtfdc - ok
    18:07:24.0375 1736 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    18:07:24.0875 1736 LmHosts - ok
    18:07:24.0921 1736 [ A27B4649E4CC03A93EAFF8641D255267 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    18:07:24.0984 1736 McAfee SiteAdvisor Service - ok
    18:07:25.0015 1736 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    18:07:25.0281 1736 Messenger - ok
    18:07:25.0328 1736 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    18:07:25.0593 1736 mnmdd - ok
    18:07:25.0640 1736 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    18:07:25.0968 1736 mnmsrvc - ok
    18:07:26.0000 1736 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    18:07:26.0171 1736 Modem - ok
    18:07:26.0187 1736 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:07:26.0515 1736 Mouclass - ok
    18:07:26.0593 1736 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:07:26.0859 1736 mouhid - ok
    18:07:26.0906 1736 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    18:07:27.0328 1736 MountMgr - ok
    18:07:27.0328 1736 mraid35x - ok
    18:07:27.0421 1736 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:07:27.0781 1736 MRxDAV - ok
    18:07:27.0875 1736 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:07:28.0093 1736 MRxSmb - ok
    18:07:28.0140 1736 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    18:07:28.0500 1736 MSDTC - ok
    18:07:28.0687 1736 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    18:07:29.0046 1736 Msfs - ok
    18:07:29.0062 1736 MSIServer - ok
    18:07:29.0109 1736 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:07:29.0343 1736 MSKSSRV - ok
    18:07:29.0421 1736 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:07:29.0687 1736 MSPCLOCK - ok
    18:07:29.0734 1736 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    18:07:29.0984 1736 MSPQM - ok
    18:07:30.0031 1736 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:07:30.0343 1736 mssmbios - ok
    18:07:30.0406 1736 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    18:07:30.0687 1736 Mup - ok
    18:07:30.0781 1736 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    18:07:31.0125 1736 NDIS - ok
    18:07:31.0187 1736 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:07:31.0531 1736 NdisTapi - ok
    18:07:31.0562 1736 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:07:31.0937 1736 Ndisuio - ok
    18:07:31.0968 1736 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:07:32.0265 1736 NdisWan - ok
    18:07:32.0421 1736 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    18:07:32.0703 1736 NDProxy - ok
    18:07:32.0906 1736 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:07:33.0156 1736 NetBIOS - ok
    18:07:33.0296 1736 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:07:33.0531 1736 NetBT - ok
    18:07:33.0578 1736 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
    18:07:33.0890 1736 NetDDE - ok
    18:07:33.0890 1736 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    18:07:34.0046 1736 NetDDEdsdm - ok
    18:07:34.0125 1736 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
    18:07:34.0453 1736 Netlogon - ok
    18:07:34.0718 1736 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
    18:07:34.0890 1736 Netman - ok
    18:07:35.0140 1736 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:07:35.0328 1736 NetTcpPortSharing - ok
    18:07:35.0468 1736 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
    18:07:35.0578 1736 Nla - ok
    18:07:35.0640 1736 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    18:07:35.0796 1736 Npfs - ok
    18:07:35.0984 1736 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    18:07:36.0343 1736 Ntfs - ok
    18:07:36.0390 1736 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    18:07:36.0515 1736 NtLmSsp - ok
    18:07:36.0671 1736 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    18:07:37.0015 1736 NtmsSvc - ok
    18:07:37.0125 1736 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    18:07:37.0500 1736 Null - ok
    18:07:37.0640 1736 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:07:38.0046 1736 NwlnkFlt - ok
    18:07:38.0140 1736 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:07:38.0734 1736 NwlnkFwd - ok
    18:07:39.0250 1736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:07:39.0515 1736 odserv - ok
    18:07:39.0625 1736 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:07:39.0687 1736 ose - ok
    18:07:39.0765 1736 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    18:07:40.0265 1736 Parport - ok
    18:07:40.0468 1736 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    18:07:40.0671 1736 PartMgr - ok
    18:07:40.0718 1736 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    18:07:40.0906 1736 ParVdm - ok
    18:07:41.0046 1736 [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    18:07:41.0781 1736 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
    18:07:41.0781 1736 PassThru Service - detected UnsignedFile.Multi.Generic (1)
    18:07:41.0875 1736 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    18:07:42.0281 1736 PCI - ok
    18:07:42.0296 1736 PCIDump - ok
    18:07:42.0390 1736 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
    18:07:42.0671 1736 PCIIde - ok
    18:07:42.0734 1736 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:07:43.0078 1736 Pcmcia - ok
    18:07:43.0078 1736 PDCOMP - ok
    18:07:43.0093 1736 PDFRAME - ok
    18:07:43.0093 1736 PDRELI - ok
    18:07:43.0109 1736 PDRFRAME - ok
    18:07:43.0234 1736 pehslg - ok
    18:07:43.0250 1736 perc2 - ok
    18:07:43.0250 1736 perc2hib - ok
    18:07:43.0312 1736 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
    18:07:43.0484 1736 PlugPlay - ok
    18:07:43.0500 1736 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    18:07:43.0640 1736 PolicyAgent - ok
    18:07:43.0703 1736 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:07:43.0984 1736 PptpMiniport - ok
    18:07:44.0046 1736 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    18:07:44.0171 1736 ProtectedStorage - ok
    18:07:44.0265 1736 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    18:07:44.0703 1736 PSched - ok
    18:07:44.0843 1736 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:07:45.0078 1736 Ptilink - ok
    18:07:45.0093 1736 ql1080 - ok
    18:07:45.0093 1736 Ql10wnt - ok
    18:07:45.0109 1736 ql12160 - ok
    18:07:45.0109 1736 ql1240 - ok
    18:07:45.0156 1736 ql1280 - ok
    18:07:45.0187 1736 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:07:45.0546 1736 RasAcd - ok
    18:07:45.0593 1736 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
    18:07:45.0875 1736 RasAuto - ok
    18:07:45.0906 1736 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:07:46.0140 1736 Rasl2tp - ok
    18:07:46.0281 1736 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
    18:07:46.0593 1736 RasMan - ok
    18:07:46.0640 1736 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:07:46.0953 1736 RasPppoe - ok
    18:07:46.0968 1736 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:07:47.0234 1736 Raspti - ok
    18:07:47.0296 1736 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:07:47.0640 1736 Rdbss - ok
    18:07:47.0734 1736 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:07:48.0078 1736 RDPCDD - ok
    18:07:48.0156 1736 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:07:48.0406 1736 rdpdr - ok
    18:07:48.0453 1736 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    18:07:48.0703 1736 RDPWD - ok
    18:07:48.0812 1736 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    18:07:49.0203 1736 RDSessMgr - ok
    18:07:49.0265 1736 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:07:49.0531 1736 redbook - ok
    18:07:49.0609 1736 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    18:07:49.0859 1736 RemoteAccess - ok
    18:07:49.0890 1736 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    18:07:50.0218 1736 RemoteRegistry - ok
    18:07:50.0265 1736 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
    18:07:50.0625 1736 RpcLocator - ok
    18:07:50.0828 1736 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
    18:07:50.0921 1736 RpcSs - ok
    18:07:51.0171 1736 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    18:07:51.0515 1736 RSVP - ok
    18:07:51.0546 1736 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
    18:07:51.0671 1736 SamSs - ok
    18:07:51.0843 1736 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:07:52.0000 1736 SASDIFSV - ok
    18:07:52.0156 1736 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    18:07:52.0218 1736 SASENUM - ok
    18:07:52.0234 1736 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    18:07:52.0265 1736 SASKUTIL - ok
    18:07:52.0312 1736 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    18:07:52.0562 1736 SCardSvr - ok
    18:07:52.0781 1736 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    18:07:53.0109 1736 Schedule - ok
    18:07:53.0156 1736 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:07:53.0546 1736 Secdrv - ok
    18:07:53.0578 1736 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
    18:07:53.0796 1736 seclogon - ok
    18:07:54.0265 1736 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
    18:07:54.0484 1736 senfilt - ok
    18:07:54.0515 1736 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
    18:07:54.0671 1736 SENS - ok
    18:07:54.0718 1736 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:07:55.0140 1736 serenum - ok
    18:07:55.0218 1736 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    18:07:55.0484 1736 Serial - ok
    18:07:55.0593 1736 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:07:55.0921 1736 Sfloppy - ok
    18:07:56.0015 1736 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    18:07:56.0281 1736 SharedAccess - ok
    18:07:56.0359 1736 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    18:07:56.0500 1736 ShellHWDetection - ok
    18:07:56.0515 1736 Simbad - ok
    18:07:56.0640 1736 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    18:07:56.0750 1736 smwdm - ok
    18:07:56.0750 1736 Sparrow - ok
    18:07:56.0781 1736 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    18:07:57.0109 1736 splitter - ok
    18:07:57.0140 1736 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
    18:07:57.0406 1736 Spooler - ok
    18:07:57.0421 1736 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    18:07:57.0593 1736 sr - ok
    18:07:57.0671 1736 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
    18:07:57.0890 1736 srservice - ok
    18:07:57.0937 1736 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    18:07:58.0000 1736 Srv - ok
    18:07:58.0062 1736 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    18:07:58.0171 1736 SSDPSRV - ok
    18:07:58.0218 1736 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    18:07:58.0515 1736 stisvc - ok
    18:07:58.0546 1736 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:07:58.0765 1736 swenum - ok
    18:07:58.0781 1736 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    18:07:58.0984 1736 swmidi - ok
    18:07:58.0984 1736 SwPrv - ok
    18:07:59.0000 1736 symc810 - ok
    18:07:59.0015 1736 symc8xx - ok
    18:07:59.0015 1736 sym_hi - ok
    18:07:59.0031 1736 sym_u3 - ok
    18:07:59.0062 1736 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    18:07:59.0281 1736 sysaudio - ok
    18:07:59.0312 1736 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    18:07:59.0546 1736 SysmonLog - ok
    18:07:59.0578 1736 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    18:07:59.0828 1736 TapiSrv - ok
    18:07:59.0875 1736 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:08:00.0015 1736 Tcpip - ok
    18:08:00.0046 1736 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:08:00.0265 1736 TDPIPE - ok
    18:08:00.0296 1736 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    18:08:00.0531 1736 TDTCP - ok
    18:08:00.0562 1736 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:08:00.0781 1736 TermDD - ok
    18:08:00.0812 1736 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
    18:08:01.0062 1736 TermService - ok
    18:08:01.0093 1736 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
    18:08:01.0296 1736 Themes - ok
    18:08:01.0328 1736 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    18:08:01.0484 1736 TlntSvr - ok
    18:08:01.0484 1736 TosIde - ok
    18:08:01.0500 1736 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    18:08:01.0703 1736 TrkWks - ok
    18:08:01.0734 1736 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    18:08:01.0968 1736 Udfs - ok
    18:08:01.0968 1736 ultra - ok
    18:08:02.0000 1736 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    18:08:02.0218 1736 Update - ok
    18:08:02.0234 1736 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
    18:08:02.0406 1736 upnphost - ok
    18:08:02.0437 1736 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
    18:08:02.0640 1736 UPS - ok
    18:08:02.0687 1736 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:08:02.0953 1736 usbccgp - ok
    18:08:02.0968 1736 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:08:03.0171 1736 usbehci - ok
    18:08:03.0187 1736 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:08:03.0421 1736 usbhub - ok
    18:08:03.0453 1736 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:08:03.0687 1736 usbprint - ok
    18:08:03.0718 1736 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:08:03.0953 1736 usbscan - ok
    18:08:03.0984 1736 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:08:04.0203 1736 USBSTOR - ok
    18:08:04.0234 1736 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:08:04.0437 1736 usbuhci - ok
    18:08:04.0500 1736 [ AE4DF3B7D1DB9373B08DB4ED224E26B6 ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    18:08:04.0640 1736 usb_rndisx - ok
    18:08:04.0656 1736 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    18:08:04.0859 1736 VgaSave - ok
    18:08:04.0859 1736 ViaIde - ok
    18:08:04.0906 1736 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    18:08:05.0125 1736 VolSnap - ok
    18:08:05.0171 1736 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
    18:08:05.0375 1736 VSS - ok
    18:08:05.0406 1736 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
    18:08:05.0609 1736 W32Time - ok
    18:08:05.0640 1736 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:08:05.0859 1736 Wanarp - ok
    18:08:05.0906 1736 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:08:05.0968 1736 Wdf01000 - ok
    18:08:05.0968 1736 WDICA - ok
    18:08:06.0000 1736 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    18:08:06.0234 1736 wdmaud - ok
    18:08:06.0296 1736 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
    18:08:06.0531 1736 WebClient - ok
    18:08:06.0593 1736 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:08:06.0843 1736 winmgmt - ok
    18:08:06.0890 1736 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    18:08:07.0000 1736 WmdmPmSN - ok
    18:08:07.0046 1736 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll
    18:08:07.0234 1736 Wmi - ok
    18:08:07.0265 1736 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    18:08:07.0531 1736 WmiApSrv - ok
    18:08:07.0625 1736 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    18:08:07.0734 1736 WMPNetworkSvc - ok
    18:08:07.0765 1736 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    18:08:07.0828 1736 WpdUsb - ok
    18:08:07.0906 1736 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    18:08:07.0984 1736 WPFFontCache_v0400 - ok
    18:08:08.0046 1736 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    18:08:08.0265 1736 wscsvc - ok
    18:08:08.0421 1736 [ 4CC0B7D16A516238A789C641061E9FC8 ] wsnm C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    18:08:08.0625 1736 wsnm ( UnsignedFile.Multi.Generic ) - warning
    18:08:08.0625 1736 wsnm - detected UnsignedFile.Multi.Generic (1)
    18:08:08.0656 1736 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    18:08:08.0859 1736 wuauserv - ok
    18:08:08.0875 1736 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:08:08.0937 1736 WudfPf - ok
    18:08:08.0984 1736 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:08:09.0062 1736 WudfRd - ok
    18:08:09.0078 1736 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    18:08:09.0140 1736 WudfSvc - ok
    18:08:09.0203 1736 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    18:08:09.0421 1736 WZCSVC - ok
    18:08:09.0437 1736 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    18:08:09.0656 1736 xmlprov - ok
    18:08:09.0687 1736 ================ Scan global ===============================
    18:08:09.0750 1736 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
    18:08:09.0812 1736 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
    18:08:09.0859 1736 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
    18:08:09.0875 1736 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
    18:08:09.0890 1736 [Global] - ok
    18:08:09.0890 1736 ================ Scan MBR ==================================
    18:08:09.0906 1736 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    18:08:10.0406 1736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    18:08:10.0406 1736 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    18:08:10.0406 1736 ================ Scan VBR ==================================
    18:08:10.0406 1736 [ 969D7B9F9CB7092CBC52B0C17825F837 ] \Device\Harddisk0\DR0\Partition1
    18:08:10.0406 1736 \Device\Harddisk0\DR0\Partition1 - ok
    18:08:10.0421 1736 ============================================================
    18:08:10.0421 1736 Scan finished
    18:08:10.0421 1736 ============================================================
    18:08:10.0546 1940 Detected object count: 6
    18:08:10.0546 1940 Actual detected object count: 6
    18:16:29.0203 1940 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
    18:16:29.0203 1940 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:16:29.0203 1940 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
    18:16:29.0203 1940 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:16:29.0218 1940 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
    18:16:29.0218 1940 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:16:29.0218 1940 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
    18:16:29.0218 1940 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:16:29.0218 1940 wsnm ( UnsignedFile.Multi.Generic ) - skipped by user
    18:16:29.0218 1940 wsnm ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:16:29.0218 1940 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    18:16:29.0218 1940 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    18:16:51.0718 2912 Deinitialize success
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I see signs of a rootkit infection, please run TDSSKiller again and when you see this detection:

    Device\Harddisk0\DR0 ( TDSS File System )

    select it for removal and post the log.

    All the other detected objects are ok.
     
  13. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    08:48:32.0468 3800 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    08:48:33.0312 3800 ============================================================
    08:48:33.0312 3800 Current date / time: 2013/02/12 08:48:33.0312
    08:48:33.0312 3800 SystemInfo:
    08:48:33.0312 3800
    08:48:33.0312 3800 OS Version: 5.1.2600 ServicePack: 2.0
    08:48:33.0312 3800 Product type: Workstation
    08:48:33.0312 3800 ComputerName: JUNEBUG
    08:48:33.0312 3800 UserName:
    08:48:33.0312 3800 Windows directory: C:\WINDOWS
    08:48:33.0312 3800 System windows directory: C:\WINDOWS
    08:48:33.0312 3800 Processor architecture: Intel x86
    08:48:33.0312 3800 Number of processors: 2
    08:48:33.0312 3800 Page size: 0x1000
    08:48:33.0312 3800 Boot type: Normal boot
    08:48:33.0312 3800 ============================================================
    08:48:45.0906 3800 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    08:48:46.0000 3800 ============================================================
    08:48:46.0000 3800 \Device\Harddisk0\DR0:
    08:48:46.0140 3800 MBR partitions:
    08:48:46.0140 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    08:48:46.0140 3800 ============================================================
    08:48:46.0468 3800 C: <-> \Device\Harddisk0\DR0\Partition1
    08:48:46.0562 3800 ============================================================
    08:48:46.0562 3800 Initialize success
    08:48:46.0562 3800 ============================================================
    08:49:14.0546 2708 ============================================================
    08:49:14.0546 2708 Scan started
    08:49:14.0546 2708 Mode: Manual; SigCheck; TDLFS;
    08:49:14.0546 2708 ============================================================
    08:49:17.0390 2708 ================ Scan system memory ========================
    08:49:17.0437 2708 System memory - ok
    08:49:17.0437 2708 ================ Scan services =============================
    08:49:17.0578 2708 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    08:49:22.0171 2708 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
    08:49:22.0171 2708 !SASCORE - detected UnsignedFile.Multi.Generic (1)
    08:49:22.0671 2708 Abiosdsk - ok
    08:49:22.0671 2708 abp480n5 - ok
    08:49:22.0781 2708 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    08:49:32.0953 2708 ACPI - ok
    08:49:33.0046 2708 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    08:49:33.0265 2708 ACPIEC - ok
    08:49:33.0281 2708 adpu160m - ok
    08:49:33.0390 2708 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    08:49:33.0453 2708 ADVService ( UnsignedFile.Multi.Generic ) - warning
    08:49:33.0453 2708 ADVService - detected UnsignedFile.Multi.Generic (1)
    08:49:33.0656 2708 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
    08:49:33.0890 2708 aec - ok
    08:49:33.0921 2708 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    08:49:34.0109 2708 AFD - ok
    08:49:34.0109 2708 Aha154x - ok
    08:49:34.0109 2708 aic78u2 - ok
    08:49:34.0125 2708 aic78xx - ok
    08:49:34.0156 2708 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    08:49:34.0500 2708 Alerter - ok
    08:49:34.0546 2708 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
    08:49:34.0750 2708 ALG - ok
    08:49:34.0765 2708 AliIde - ok
    08:49:34.0765 2708 amsint - ok
    08:49:34.0953 2708 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    08:49:35.0109 2708 Apple Mobile Device - ok
    08:49:35.0171 2708 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    08:49:35.0296 2708 AppMgmt - ok
    08:49:35.0312 2708 asc - ok
    08:49:35.0312 2708 asc3350p - ok
    08:49:35.0328 2708 asc3550 - ok
    08:49:35.0390 2708 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    08:49:35.0421 2708 aspnet_state - ok
    08:49:35.0453 2708 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    08:49:35.0593 2708 AsyncMac - ok
    08:49:35.0625 2708 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    08:49:35.0781 2708 atapi - ok
    08:49:35.0796 2708 Atdisk - ok
    08:49:35.0859 2708 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    08:49:36.0062 2708 Atmarpc - ok
    08:49:36.0156 2708 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    08:49:36.0375 2708 AudioSrv - ok
    08:49:36.0453 2708 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    08:49:36.0656 2708 audstub - ok
    08:49:36.0750 2708 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    08:49:36.0765 2708 AVGIDSEH - ok
    08:49:36.0906 2708 [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    08:49:36.0953 2708 Avgldx86 - ok
    08:49:36.0984 2708 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    08:49:37.0015 2708 Avgmfx86 - ok
    08:49:37.0046 2708 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    08:49:37.0078 2708 Avgrkx86 - ok
    08:49:37.0359 2708 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
    08:49:37.0390 2708 avgwd - ok
    08:49:37.0546 2708 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    08:49:37.0687 2708 b57w2k - ok
    08:49:37.0750 2708 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    08:49:37.0984 2708 Beep - ok
    08:49:38.0046 2708 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
    08:49:38.0343 2708 BITS - ok
    08:49:38.0421 2708 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    08:49:38.0453 2708 Bonjour Service - ok
    08:49:38.0484 2708 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
    08:49:38.0703 2708 Browser - ok
    08:49:38.0828 2708 catchme - ok
    08:49:38.0859 2708 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    08:49:39.0078 2708 cbidf2k - ok
    08:49:39.0078 2708 cd20xrnt - ok
    08:49:39.0093 2708 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    08:49:39.0281 2708 Cdaudio - ok
    08:49:39.0328 2708 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    08:49:39.0562 2708 Cdfs - ok
    08:49:39.0609 2708 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    08:49:39.0828 2708 Cdrom - ok
    08:49:39.0890 2708 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    08:49:39.0984 2708 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    08:49:39.0984 2708 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    08:49:39.0984 2708 Changer - ok
    08:49:40.0031 2708 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
    08:49:40.0296 2708 CiSvc - ok
    08:49:40.0312 2708 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    08:49:40.0531 2708 ClipSrv - ok
    08:49:40.0578 2708 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    08:49:40.0656 2708 clr_optimization_v2.0.50727_32 - ok
    08:49:40.0828 2708 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    08:49:40.0890 2708 clr_optimization_v4.0.30319_32 - ok
    08:49:40.0906 2708 CmdIde - ok
    08:49:40.0906 2708 COMSysApp - ok
    08:49:40.0921 2708 Cpqarray - ok
    08:49:40.0984 2708 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    08:49:41.0218 2708 CryptSvc - ok
    08:49:41.0218 2708 dac2w2k - ok
    08:49:41.0234 2708 dac960nt - ok
    08:49:41.0359 2708 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    08:49:41.0500 2708 DcomLaunch - ok
    08:49:41.0531 2708 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    08:49:41.0718 2708 Dhcp - ok
    08:49:41.0781 2708 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    08:49:42.0031 2708 Disk - ok
    08:49:42.0046 2708 dmadmin - ok
    08:49:42.0109 2708 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    08:49:42.0343 2708 dmboot - ok
    08:49:42.0390 2708 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    08:49:42.0562 2708 dmio - ok
    08:49:42.0578 2708 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    08:49:42.0781 2708 dmload - ok
    08:49:42.0812 2708 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
    08:49:42.0984 2708 dmserver - ok
    08:49:43.0093 2708 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    08:49:43.0312 2708 DMusic - ok
    08:49:43.0359 2708 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    08:49:43.0546 2708 Dnscache - ok
    08:49:43.0546 2708 dpti2o - ok
    08:49:43.0609 2708 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    08:49:43.0796 2708 drmkaud - ok
    08:49:43.0812 2708 dsNcAdpt - ok
    08:49:43.0875 2708 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
    08:49:44.0156 2708 ERSvc - ok
    08:49:44.0203 2708 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
    08:49:44.0359 2708 Eventlog - ok
    08:49:44.0484 2708 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
    08:49:44.0531 2708 EventSystem - ok
    08:49:44.0578 2708 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    08:49:44.0781 2708 Fastfat - ok
    08:49:45.0046 2708 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    08:49:45.0296 2708 FastUserSwitchingCompatibility - ok
    08:49:45.0343 2708 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    08:49:45.0500 2708 Fdc - ok
    08:49:45.0546 2708 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    08:49:45.0750 2708 Fips - ok
    08:49:45.0812 2708 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    08:49:46.0046 2708 Flpydisk - ok
    08:49:46.0078 2708 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    08:49:46.0312 2708 FltMgr - ok
    08:49:46.0484 2708 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    08:49:46.0609 2708 FontCache3.0.0.0 - ok
    08:49:46.0656 2708 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    08:49:46.0843 2708 Fs_Rec - ok
    08:49:46.0921 2708 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    08:49:47.0109 2708 Ftdisk - ok
    08:49:47.0171 2708 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    08:49:47.0234 2708 GEARAspiWDM - ok
    08:49:47.0265 2708 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    08:49:47.0468 2708 Gpc - ok
    08:49:47.0593 2708 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    08:49:47.0625 2708 gupdate - ok
    08:49:47.0671 2708 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    08:49:47.0671 2708 gupdatem - ok
    08:49:47.0812 2708 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    08:49:47.0828 2708 gusvc - ok
    08:49:48.0390 2708 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    08:49:48.0625 2708 helpsvc - ok
    08:49:48.0750 2708 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
    08:49:48.0906 2708 HidServ - ok
    08:49:49.0046 2708 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    08:49:49.0218 2708 hidusb - ok
    08:49:49.0218 2708 hpn - ok
    08:49:49.0328 2708 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
    08:49:49.0921 2708 HTCAND32 - ok
    08:49:50.0062 2708 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    08:49:50.0093 2708 HTCMonitorService - ok
    08:49:50.0156 2708 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
    08:49:50.0406 2708 htcnprot - ok
    08:49:50.0484 2708 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    08:49:50.0656 2708 HTTP - ok
    08:49:50.0750 2708 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    08:49:50.0984 2708 HTTPFilter - ok
    08:49:50.0984 2708 i2omgmt - ok
    08:49:50.0984 2708 i2omp - ok
    08:49:51.0203 2708 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
    08:49:51.0406 2708 i8042prt - ok
    08:49:51.0718 2708 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    08:49:52.0593 2708 ialm - ok
    08:49:53.0218 2708 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    08:49:53.0343 2708 idsvc - ok
    08:49:53.0375 2708 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    08:49:53.0578 2708 Imapi - ok
    08:49:53.0640 2708 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
    08:49:53.0843 2708 ImapiService - ok
    08:49:53.0859 2708 ini910u - ok
    08:49:53.0937 2708 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    08:49:54.0125 2708 IntelIde - ok
    08:49:54.0156 2708 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    08:49:54.0312 2708 intelppm - ok
    08:49:54.0406 2708 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    08:49:54.0578 2708 Ip6Fw - ok
    08:49:54.0656 2708 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    08:49:54.0843 2708 IpFilterDriver - ok
    08:49:54.0890 2708 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    08:49:55.0140 2708 IpInIp - ok
    08:49:55.0187 2708 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    08:49:55.0328 2708 IpNat - ok
    08:49:55.0546 2708 [ 32CDEDD15E2D1A557CD54552AE78FF86 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    08:49:55.0750 2708 iPod Service - ok
    08:49:55.0796 2708 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    08:49:55.0984 2708 IPSec - ok
    08:49:56.0031 2708 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    08:49:56.0187 2708 IRENUM - ok
    08:49:56.0296 2708 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    08:49:56.0468 2708 isapnp - ok
    08:49:56.0484 2708 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    08:49:56.0656 2708 Kbdclass - ok
    08:49:56.0734 2708 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    08:49:56.0906 2708 kbdhid - ok
    08:49:56.0968 2708 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    08:49:57.0140 2708 kmixer - ok
    08:49:57.0171 2708 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    08:49:57.0484 2708 KSecDD - ok
    08:49:57.0765 2708 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    08:49:57.0984 2708 lanmanserver - ok
    08:49:58.0421 2708 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    08:49:58.0546 2708 lanmanworkstation - ok
    08:49:58.0546 2708 lbrtfdc - ok
    08:49:58.0593 2708 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    08:49:58.0750 2708 LmHosts - ok
    08:49:58.0843 2708 [ A27B4649E4CC03A93EAFF8641D255267 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    08:49:58.0984 2708 McAfee SiteAdvisor Service - ok
    08:49:59.0031 2708 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    08:49:59.0218 2708 Messenger - ok
    08:49:59.0250 2708 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    08:49:59.0437 2708 mnmdd - ok
    08:49:59.0500 2708 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    08:49:59.0687 2708 mnmsrvc - ok
    08:49:59.0781 2708 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    08:49:59.0984 2708 Modem - ok
    08:50:00.0015 2708 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    08:50:00.0250 2708 Mouclass - ok
    08:50:00.0296 2708 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    08:50:00.0468 2708 mouhid - ok
    08:50:00.0515 2708 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    08:50:00.0687 2708 MountMgr - ok
    08:50:00.0703 2708 mraid35x - ok
    08:50:00.0781 2708 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    08:50:00.0953 2708 MRxDAV - ok
    08:50:01.0218 2708 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    08:50:01.0453 2708 MRxSmb - ok
    08:50:01.0562 2708 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    08:50:01.0765 2708 MSDTC - ok
    08:50:01.0828 2708 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    08:50:01.0984 2708 Msfs - ok
    08:50:01.0984 2708 MSIServer - ok
    08:50:02.0203 2708 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    08:50:02.0375 2708 MSKSSRV - ok
    08:50:02.0500 2708 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    08:50:02.0687 2708 MSPCLOCK - ok
    08:50:02.0765 2708 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    08:50:02.0921 2708 MSPQM - ok
    08:50:02.0968 2708 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    08:50:03.0140 2708 mssmbios - ok
    08:50:03.0390 2708 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    08:50:03.0593 2708 Mup - ok
    08:50:03.0750 2708 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    08:50:04.0031 2708 NDIS - ok
    08:50:04.0265 2708 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    08:50:04.0421 2708 NdisTapi - ok
    08:50:04.0593 2708 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    08:50:04.0781 2708 Ndisuio - ok
    08:50:04.0843 2708 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    08:50:05.0031 2708 NdisWan - ok
    08:50:05.0250 2708 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    08:50:05.0421 2708 NDProxy - ok
    08:50:05.0515 2708 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    08:50:05.0671 2708 NetBIOS - ok
    08:50:05.0687 2708 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    08:50:05.0859 2708 NetBT - ok
    08:50:06.0218 2708 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
    08:50:06.0421 2708 NetDDE - ok
    08:50:06.0484 2708 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    08:50:06.0625 2708 NetDDEdsdm - ok
    08:50:06.0718 2708 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
    08:50:06.0953 2708 Netlogon - ok
    08:50:07.0625 2708 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
    08:50:08.0015 2708 Netman - ok
    08:50:08.0812 2708 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    08:50:08.0921 2708 NetTcpPortSharing - ok
    08:50:10.0828 2708 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
    08:50:11.0093 2708 Nla - ok
    08:50:12.0593 2708 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    08:50:12.0812 2708 Npfs - ok
    08:50:14.0796 2708 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    08:50:15.0406 2708 Ntfs - ok
    08:50:15.0484 2708 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    08:50:15.0625 2708 NtLmSsp - ok
    08:50:16.0046 2708 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    08:50:16.0281 2708 NtmsSvc - ok
    08:50:16.0312 2708 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    08:50:16.0468 2708 Null - ok
    08:50:16.0546 2708 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    08:50:16.0703 2708 NwlnkFlt - ok
    08:50:16.0781 2708 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    08:50:17.0046 2708 NwlnkFwd - ok
    08:50:17.0375 2708 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    08:50:17.0640 2708 odserv - ok
    08:50:17.0953 2708 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    08:50:18.0046 2708 ose - ok
    08:50:18.0218 2708 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    08:50:18.0421 2708 Parport - ok
    08:50:18.0656 2708 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    08:50:18.0843 2708 PartMgr - ok
    08:50:19.0015 2708 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    08:50:19.0156 2708 ParVdm - ok
    08:50:19.0250 2708 [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    08:50:19.0515 2708 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
    08:50:19.0515 2708 PassThru Service - detected UnsignedFile.Multi.Generic (1)
    08:50:19.0562 2708 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    08:50:19.0718 2708 PCI - ok
    08:50:19.0734 2708 PCIDump - ok
    08:50:19.0750 2708 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
    08:50:19.0921 2708 PCIIde - ok
    08:50:20.0093 2708 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    08:50:20.0250 2708 Pcmcia - ok
    08:50:20.0250 2708 PDCOMP - ok
    08:50:20.0265 2708 PDFRAME - ok
    08:50:20.0265 2708 PDRELI - ok
    08:50:20.0296 2708 PDRFRAME - ok
    08:50:20.0328 2708 pehslg - ok
    08:50:20.0328 2708 perc2 - ok
    08:50:20.0343 2708 perc2hib - ok
    08:50:20.0390 2708 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
    08:50:20.0453 2708 PlugPlay - ok
    08:50:20.0484 2708 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    08:50:20.0609 2708 PolicyAgent - ok
    08:50:20.0625 2708 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    08:50:20.0812 2708 PptpMiniport - ok
    08:50:20.0828 2708 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    08:50:21.0000 2708 ProtectedStorage - ok
    08:50:21.0031 2708 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    08:50:21.0187 2708 PSched - ok
    08:50:21.0218 2708 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    08:50:21.0375 2708 Ptilink - ok
    08:50:21.0375 2708 ql1080 - ok
    08:50:21.0390 2708 Ql10wnt - ok
    08:50:21.0390 2708 ql12160 - ok
    08:50:21.0406 2708 ql1240 - ok
    08:50:21.0406 2708 ql1280 - ok
    08:50:21.0515 2708 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    08:50:21.0656 2708 RasAcd - ok
    08:50:21.0750 2708 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
    08:50:21.0921 2708 RasAuto - ok
    08:50:21.0984 2708 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    08:50:22.0125 2708 Rasl2tp - ok
    08:50:22.0203 2708 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
    08:50:22.0359 2708 RasMan - ok
    08:50:22.0421 2708 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    08:50:22.0609 2708 RasPppoe - ok
    08:50:22.0640 2708 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    08:50:22.0812 2708 Raspti - ok
    08:50:22.0906 2708 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    08:50:23.0093 2708 Rdbss - ok
    08:50:23.0156 2708 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    08:50:23.0296 2708 RDPCDD - ok
    08:50:23.0343 2708 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    08:50:23.0500 2708 rdpdr - ok
    08:50:23.0578 2708 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    08:50:23.0765 2708 RDPWD - ok
    08:50:23.0812 2708 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    08:50:24.0046 2708 RDSessMgr - ok
    08:50:24.0234 2708 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    08:50:24.0390 2708 redbook - ok
    08:50:24.0546 2708 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    08:50:24.0718 2708 RemoteAccess - ok
    08:50:24.0765 2708 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    08:50:24.0921 2708 RemoteRegistry - ok
    08:50:25.0078 2708 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
    08:50:25.0234 2708 RpcLocator - ok
    08:50:25.0359 2708 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
    08:50:25.0468 2708 RpcSs - ok
    08:50:25.0593 2708 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    08:50:25.0765 2708 RSVP - ok
    08:50:25.0781 2708 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
    08:50:25.0906 2708 SamSs - ok
    08:50:26.0046 2708 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    08:50:26.0218 2708 SASDIFSV - ok
    08:50:26.0390 2708 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    08:50:26.0421 2708 SASENUM - ok
    08:50:26.0546 2708 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    08:50:26.0671 2708 SASKUTIL - ok
    08:50:26.0812 2708 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    08:50:27.0000 2708 SCardSvr - ok
    08:50:27.0218 2708 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    08:50:27.0406 2708 Schedule - ok
    08:50:27.0437 2708 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    08:50:27.0578 2708 Secdrv - ok
    08:50:27.0593 2708 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
    08:50:27.0781 2708 seclogon - ok
    08:50:28.0375 2708 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
    08:50:28.0750 2708 senfilt - ok
    08:50:28.0812 2708 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
    08:50:29.0000 2708 SENS - ok
    08:50:29.0109 2708 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    08:50:29.0312 2708 serenum - ok
    08:50:29.0421 2708 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    08:50:29.0609 2708 Serial - ok
    08:50:29.0781 2708 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    08:50:29.0953 2708 Sfloppy - ok
    08:50:30.0296 2708 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    08:50:30.0546 2708 SharedAccess - ok
    08:50:30.0593 2708 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    08:50:30.0718 2708 ShellHWDetection - ok
    08:50:30.0734 2708 Simbad - ok
    08:50:30.0890 2708 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    08:50:30.0937 2708 smwdm - ok
    08:50:30.0937 2708 Sparrow - ok
    08:50:30.0984 2708 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    08:50:31.0187 2708 splitter - ok
    08:50:31.0234 2708 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
    08:50:31.0406 2708 Spooler - ok
    08:50:31.0421 2708 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    08:50:31.0609 2708 sr - ok
    08:50:31.0687 2708 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
    08:50:31.0796 2708 srservice - ok
    08:50:32.0078 2708 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    08:50:32.0328 2708 Srv - ok
    08:50:32.0375 2708 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    08:50:32.0500 2708 SSDPSRV - ok
    08:50:32.0609 2708 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    08:50:32.0906 2708 stisvc - ok
    08:50:32.0953 2708 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    08:50:33.0218 2708 swenum - ok
    08:50:33.0250 2708 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    08:50:33.0406 2708 swmidi - ok
    08:50:33.0406 2708 SwPrv - ok
    08:50:33.0421 2708 symc810 - ok
    08:50:33.0437 2708 symc8xx - ok
    08:50:33.0453 2708 sym_hi - ok
    08:50:33.0453 2708 sym_u3 - ok
    08:50:33.0484 2708 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    08:50:33.0703 2708 sysaudio - ok
    08:50:33.0734 2708 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    08:50:33.0953 2708 SysmonLog - ok
    08:50:34.0015 2708 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    08:50:34.0203 2708 TapiSrv - ok
    08:50:34.0265 2708 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    08:50:34.0406 2708 Tcpip - ok
    08:50:34.0437 2708 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    08:50:34.0609 2708 TDPIPE - ok
    08:50:34.0671 2708 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    08:50:34.0828 2708 TDTCP - ok
    08:50:34.0859 2708 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    08:50:35.0015 2708 TermDD - ok
    08:50:35.0062 2708 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
    08:50:35.0296 2708 TermService - ok
    08:50:35.0375 2708 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
    08:50:35.0500 2708 Themes - ok
    08:50:35.0578 2708 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    08:50:35.0703 2708 TlntSvr - ok
    08:50:35.0718 2708 TosIde - ok
    08:50:35.0734 2708 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    08:50:35.0906 2708 TrkWks - ok
    08:50:35.0937 2708 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    08:50:36.0125 2708 Udfs - ok
    08:50:36.0140 2708 ultra - ok
    08:50:36.0296 2708 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    08:50:36.0500 2708 Update - ok
    08:50:36.0531 2708 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
    08:50:36.0671 2708 upnphost - ok
    08:50:36.0687 2708 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
    08:50:36.0875 2708 UPS - ok
    08:50:36.0906 2708 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    08:50:37.0093 2708 usbccgp - ok
    08:50:37.0109 2708 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    08:50:37.0281 2708 usbehci - ok
    08:50:37.0312 2708 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    08:50:37.0515 2708 usbhub - ok
    08:50:37.0531 2708 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    08:50:37.0703 2708 usbprint - ok
    08:50:37.0765 2708 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    08:50:37.0937 2708 usbscan - ok
    08:50:37.0984 2708 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    08:50:38.0203 2708 USBSTOR - ok
    08:50:38.0312 2708 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    08:50:38.0484 2708 usbuhci - ok
    08:50:38.0656 2708 [ AE4DF3B7D1DB9373B08DB4ED224E26B6 ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    08:50:38.0812 2708 usb_rndisx - ok
    08:50:38.0859 2708 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    08:50:39.0000 2708 VgaSave - ok
    08:50:39.0015 2708 ViaIde - ok
    08:50:39.0046 2708 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    08:50:39.0234 2708 VolSnap - ok
    08:50:39.0359 2708 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
    08:50:39.0468 2708 VSS - ok
    08:50:39.0546 2708 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
    08:50:39.0734 2708 W32Time - ok
    08:50:39.0765 2708 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    08:50:39.0921 2708 Wanarp - ok
    08:50:40.0109 2708 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    08:50:40.0203 2708 Wdf01000 - ok
    08:50:40.0203 2708 WDICA - ok
    08:50:40.0234 2708 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    08:50:40.0421 2708 wdmaud - ok
    08:50:40.0515 2708 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
    08:50:40.0796 2708 WebClient - ok
    08:50:41.0171 2708 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    08:50:41.0343 2708 winmgmt - ok
    08:50:41.0468 2708 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    08:50:41.0671 2708 WmdmPmSN - ok
    08:50:41.0718 2708 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll
    08:50:41.0828 2708 Wmi - ok
    08:50:41.0890 2708 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    08:50:42.0062 2708 WmiApSrv - ok
    08:50:42.0437 2708 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    08:50:42.0593 2708 WMPNetworkSvc - ok
    08:50:42.0671 2708 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    08:50:42.0687 2708 WpdUsb - ok
    08:50:42.0781 2708 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    08:50:43.0140 2708 WPFFontCache_v0400 - ok
    08:50:43.0390 2708 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    08:50:43.0562 2708 wscsvc - ok
    08:50:44.0031 2708 [ 4CC0B7D16A516238A789C641061E9FC8 ] wsnm C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    08:50:44.0234 2708 wsnm ( UnsignedFile.Multi.Generic ) - warning
    08:50:44.0234 2708 wsnm - detected UnsignedFile.Multi.Generic (1)
    08:50:44.0265 2708 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    08:50:44.0421 2708 wuauserv - ok
    08:50:44.0437 2708 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    08:50:44.0546 2708 WudfPf - ok
    08:50:44.0578 2708 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    08:50:44.0640 2708 WudfRd - ok
    08:50:44.0656 2708 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    08:50:44.0703 2708 WudfSvc - ok
    08:50:44.0781 2708 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    08:50:44.0953 2708 WZCSVC - ok
    08:50:45.0265 2708 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    08:50:45.0437 2708 xmlprov - ok
    08:50:45.0453 2708 ================ Scan global ===============================
    08:50:45.0515 2708 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
    08:50:45.0546 2708 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
    08:50:45.0656 2708 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
    08:50:45.0687 2708 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
    08:50:45.0687 2708 [Global] - ok
    08:50:45.0687 2708 ================ Scan MBR ==================================
    08:50:45.0703 2708 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    08:50:47.0953 2708 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    08:50:47.0953 2708 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    08:50:47.0953 2708 ================ Scan VBR ==================================
    08:50:47.0968 2708 [ 969D7B9F9CB7092CBC52B0C17825F837 ] \Device\Harddisk0\DR0\Partition1
    08:50:47.0968 2708 \Device\Harddisk0\DR0\Partition1 - ok
    08:50:47.0968 2708 ============================================================
    08:50:47.0968 2708 Scan finished
    08:50:47.0968 2708 ============================================================
    08:50:48.0078 3308 Detected object count: 6
    08:50:48.0078 3308 Actual detected object count: 6
    08:51:43.0562 3308 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
    08:51:43.0562 3308 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:51:43.0562 3308 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
    08:51:43.0562 3308 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:51:43.0562 3308 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
    08:51:43.0562 3308 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:51:43.0562 3308 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
    08:51:43.0562 3308 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:51:43.0578 3308 wsnm ( UnsignedFile.Multi.Generic ) - skipped by user
    08:51:43.0578 3308 wsnm ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:51:43.0640 3308 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    08:51:43.0703 3308 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
    08:51:43.0703 3308 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
    08:51:43.0703 3308 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
    08:51:43.0718 3308 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
    08:51:43.0718 3308 \Device\Harddisk0\DR0\TDLFS - deleted
    08:51:43.0718 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
    08:51:58.0375 0376 Deinitialize success
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, that has done the job but we now need to run another scan to check for any left overs.

    The pehslg service was checked by TDSSKiller and shows as clean but with no file location, as was also shown by SystemLook so it must be an orphaned entry which we will remove after running this next scan.

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

     
  15. whimsyraj

    whimsyraj Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    9
    ComboFix 13-02-12.01 - 02/12/2013 16:55:46.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.279 [GMT -5:00]
    Running from: c:\documents and settings\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\WINDOWS
    c:\program files\InfoAtoms\IE32\InFOatomsclientie.dll
    C:\wincl32.bin
    c:\wincl32.bin\config.bin
    c:\windows\system32\SET222.tmp
    c:\windows\system32\SET226.tmp
    c:\windows\system32\SET22E.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-12 13:51 . 2013-02-12 13:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-10 16:14 . 2013-02-10 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2013-01-22 23:42 . 2013-01-23 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-16 00:40 . 2011-12-17 14:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
    [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
    [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
    .
    [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
    [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
    [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
    [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
    [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
    .
    [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
    [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
    [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
    [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
    [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
    [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
    [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
    [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll
    [-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
    [-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
    [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
    [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
    .
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
    [-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
    .
    [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
    [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
    [-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe
    .
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
    [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
    [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys
    [-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
    [-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
    .
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
    [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
    [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
    [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
    .
    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
    [-] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
    [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
    [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
    .
    [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
    [-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
    [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
    [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
    [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
    [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
    .
    [-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
    [-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
    [-] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
    [-] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
    [-] 2010-04-16 . 44A6BB3DE8FF814209A1CDFEC4BB51BD . 3065344 . . [6.00.2900.3698] . . c:\windows\ie8\mshtml.dll
    [-] 2010-04-16 . 149F37C9702F24A50741E56FBC7AE56B . 3073024 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll
    [-] 2010-02-26 . FC9771E54B65828AA8E032329CD61A79 . 3073024 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\mshtml.dll
    [-] 2010-02-26 . 9577B285B95EF8F750B2D1A7C3E05285 . 3065344 . . [6.00.2900.3676] . . c:\windows\$NtUninstallKB982381$\mshtml.dll
    [-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\mshtml.dll
    [-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
    [-] 2009-12-22 . BD1365D9400C3DB84D76AE77318E1A8D . 3063808 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\mshtml.dll
    [-] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
    [-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
    [-] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
    [-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3GDR\mshtml.dll
    [-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3QFE\mshtml.dll
    [-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\mshtml.dll
    [-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\mshtml.dll
    [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
    [-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
    [-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB978207$\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
    [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
    [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
    [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
    [-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    .
    [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
    [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
    [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
    [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
    [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
    [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
    [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
    [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
    [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
    [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
    [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
    [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
    [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
    [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
    [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
    [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
    .
    [-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll
    [-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
    [-] 2010-04-16 . B43B18FB0EB577856883E5A0708AB9EF . 667136 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
    [-] 2010-04-16 . C3052A99A24F462B418632A05328BB38 . 668672 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
    [-] 2010-04-16 . 602BB82E56758BC6E50B17741CD5F081 . 662016 . . [6.00.2900.3698] . . c:\windows\ie8\wininet.dll
    [-] 2010-04-16 . 9CE5DEF97E55E52C23201098DB755280 . 668672 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll
    [-] 2010-02-26 . 728AB52393206408EFAD838F797F435D . 662016 . . [6.00.2900.3676] . . c:\windows\$NtUninstallKB982381$\wininet.dll
    [-] 2010-02-26 . B42B5BCCDB9853F480FDBB80E5604C30 . 668672 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\wininet.dll
    [-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\wininet.dll
    [-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
    [-] 2009-12-22 . A59054653A2DA13132BE377A650971C9 . 662016 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\wininet.dll
    [-] 2009-12-22 . 3E617A36A895363FBBE6D1D0405D7E12 . 668672 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
    [-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
    [-] 2009-12-22 . BD27AF5C72D2FBFE491D3A3A8429B974 . 668672 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
    [-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3GDR\wininet.dll
    [-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\SoftwareDistribution\Download\f1062d4e51d6818acdde68ea67673088\SP3QFE\wininet.dll
    [-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\wininet.dll
    [-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\wininet.dll
    [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
    [-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
    [-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB978207$\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
    [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
    [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll
    [-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
    [-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
    [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe
    [-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
    [-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
    .
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll
    [-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
    [-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
    .
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll
    [-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
    [-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ksuser.dll
    [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
    [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
    .
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll
    [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
    [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll
    .
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msimg32.dll
    [-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\msimg32.dll
    [-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msimg32.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
    [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
    [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
    [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
    [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
    .
    [-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll
    [-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
    [-] 2009-02-09 . C06986B55981B355090DD34DE809E4BB . 714752 . . [5.1.2600.3520] . . c:\windows\system32\ntdll.dll
    [-] 2009-02-09 . C06986B55981B355090DD34DE809E4BB . 714752 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntdll.dll
    [-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntdll.dll
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntdll.dll
    [-] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
    .
    [-] 2009-02-27 . 69AA4E30B68CA408F358981B768106A8 . 177152 . . [5.1.2600.3531] . . c:\windows\system32\msctfime.ime
    [-] 2009-02-27 . 69AA4E30B68CA408F358981B768106A8 . 177152 . . [5.1.2600.3531] . . c:\windows\system32\dllcache\msctfime.ime
    [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3GDR\msctfime.ime
    [-] 2009-02-27 . A5A7EB6AE404A5C788443246C5D36283 . 177152 . . [5.1.2600.3531] . . c:\windows\$hf_mig$\KB961503\SP2QFE\msctfime.ime
    [-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msctfime.ime
    [-] 2004-08-04 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB961503$\msctfime.ime
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
    [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
    [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys
    [-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
    [-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
    [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
    [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
    [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
    [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
    [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
    [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
    [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
    [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll
    [-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
    [-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
    [-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
    [-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
    .
    [-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
    [-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\dllcache\aec.sys
    [-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
    [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
    [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
    .
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
    [-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
    [-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
    [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
    [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
    .
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
    .
    [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [-] 2010-02-16 . 115964D2E8323D9DE4FF5B74795AA0D5 . 2021888 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
    [-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3GDR\ntkrnlpa.exe
    [-] 2009-12-08 . B8AF9E80BAB026D5ABD84B14E34EB172 . 2020864 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
    [-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
    [-] 2009-08-04 . 4301C4619526334E13C00210E0CC372B . 2020864 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
    [-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
    [-] 2005-03-30 . 02FE8020C3A758FE2A8C45CBF4FD17CB . 2015232 . . [5.1.2600.2643] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
    [-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
    [-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll
    [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
    [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
    [-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
    [-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll
    [-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
    [-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll
    [-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
    [-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll
    [-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
    [-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll
    [-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
    [-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll
    [-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
    [-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
    .
    [-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
    [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [-] 2010-02-16 . 4F1BBAF9BA10B29022FB3F5FAC32D022 . 2143744 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe
    [-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
    [-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3GDR\ntoskrnl.exe
    [-] 2009-12-08 . A753994B8DE37FA767149DE6704E4886 . 2142720 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
    [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
    [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [-] 2009-08-04 . C0900759CBDA8FBACC2470EF0E8EB31B . 2142720 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
    [-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
    [-] 2005-03-30 . D5B44CEB743886F36222928CE2536C44 . 2135552 . . [5.1.2600.2643] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll
    [-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
    [-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll
    [-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
    [-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll
    [-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
    [-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll
    [-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
    [-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rasadhlp.dll
    .
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wshtcpip.dll
    [-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll
    [-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wshtcpip.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-09 4763008]
    "chromium"="c:\documents and settings\ \Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-06-23 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
    backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^ ^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\ \Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-07-12 14:07 136176 ----atw- c:\documents and settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-12 02:42 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
    "c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
    "c:\\Documents and Settings\\ \\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 255968]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 11:01 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2/12/2012 7:15 AM 116608]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]
    R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [10/26/2012 4:17 PM 87368]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [10/8/2012 4:40 PM 166912]
    R2 wsnm;VMware View Client Service;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2/10/2010 11:54 AM 151552]
    S0 pehslg;pehslg; [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/25/2010 11:49 AM 88176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [12/10/2012 7:26 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [12/10/2012 7:27 PM 21248]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 12872]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 78431974
    *NewlyCreated* - 97361442
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - 78431974
    *Deregistered* - 97361442
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 03:37]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 03:37]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2052111302-725345543-1003Core.job
    - c:\documents and settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-12 14:07]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2052111302-725345543-1003UA.job
    - c:\documents and settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-12 14:07]
    .
    2013-02-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2052111302-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    2013-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2052111302-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    2013-02-12 c:\windows\Tasks\ReclaimerUpdateFiles_ .job
    - c:\documents and settings\ \Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-28 03:50]
    .
    2013-02-12 c:\windows\Tasks\ReclaimerUpdateXML_ .job
    - c:\documents and settings\ \Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-28 03:50]
    .
    2013-02-10 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_ .job
    - c:\documents and settings\ \Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-28 03:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://view.midhosp.org/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\documents and settings\ \Application Data\Mozilla\Firefox\Profiles\ib654cie.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bible.com/
    FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
    FF - ExtSQL: !HIDDEN! 2012-12-10 21:03; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-12 17:10
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2013-02-12 17:13:33
    ComboFix-quarantined-files.txt 2013-02-12 22:13
    ComboFix2.txt 2010-08-20 20:30
    ComboFix3.txt 2010-08-20 03:01
    .
    Pre-Run: 5,581,942,784 bytes free
    Post-Run: 7,919,714,304 bytes free
    .
    - - End Of File - - 78F366F4A6EB96A542DBDC5E0F8FE503
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088892

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice