Jump to content

hiesenberg

Honorary Members
 View Profile  See their activity

  • Posts

    44

  • Joined

  • Last visited

Reputation

0 Neutral
  1. hiesenberg
    Kevin- the 2nd network connections folder is still there. After running combofix /uninstall, I watched it as combofix was removed but that folder remains. thx!
  2. hiesenberg
    Lets try again.. SCRN-SHOT.doc
  3. hiesenberg
    Kevin- Here is a shot of the 2 folders in control panel, (file uploaded). So to clarify, there is no need to remove those entries b/c they are inactive. Got it! Thanks.
  4. hiesenberg
    keviin: I still have the following: > 2 folders marked Network Connections, pretty sure there should only be one in the control panel > the win-xp search tool, search companion, still opens an empty window not allowing search criteria to be entered > the 2 registry changes do not stay deleted, (list below). they always come back on reboot. Is there a way to manually delete these from within the reg editor? Thanks! ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
  5. hiesenberg
    kevin- that log is from before I deleted them, but I delete them over and over and still they reappear. are you saying that in spite of those registry entries constantly returning after each deletion that they are safe and are not actually affecting the registry..? I ran the pc in clean boot for a short period and yes it was obvious that the svchost/taskbar issue seemed to be resolved but that is very similar to when I run it in safe mode. I won't be home for a couple of days, then I will run it for a longer while and slowly starting adding back services as you suggested. your patience is very much appreciated. Thanks!!
  6. hiesenberg
    kevin- that's fine, so those hooked drivers are safe and pose no threat. but what about the registry constantly changing..? I think that's what has me worried the most. what/where is the source of what causes those entries to consistently reactivate themselves? I believe there is something residing on this p/c that executes on reboot to make those changes.. are you saying that a non-ms service clash, if there is one, can cause those repeated registry changes..? i have deleted them over and over to only watch them pop up again after rescanning. I'm off for holiday time here in the states! Happy Thanksgiving! (not sure you folks even know what that is) RogueKiller V8.7.6 [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : RICH [Admin rights] Mode : Scan -- Date : 11/27/2013 00:39:28 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F) [inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP1604N +++++ --- User --- [MBR] 9c24779718baa28a177f1792c868d0f9 [bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo User = LL1 ... OK! User = LL2 ... OK! Finished :
  7. hiesenberg
    kevin: I'm not sure when I can complete that rather long task.. and we have a Holiday starting tomorrow so it might be a few days, (please do not close my topic). I'm particularly interested to know what those 2 drivers are found by rogue kill: ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F) [inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F) are these harmless or how serious are they? They reappeared on the RK scan and when I tried to delete the pc froze. I will try again later. Thanks!
  8. hiesenberg
    Kevin- I ran it in a clean boot and it looks alot like running in safe mode, minimal processes... I did not see the svchost/tasbar issue, it was inactive just like when I run the p/c in safemode. So I ran Rogue Killer and it found 6 new entries. Please note, I also noticed that a previous RK log,(added at the bottom) correctly list my h-d as a Samsung but the latest log does not identify it all...? and the 2nd Network Connection folder did not appear while in clean-boot status but the internet does not connect either. the win search tool coming up blank is opened by clicking the start button, 2nd column on the right. hopefully this info will provide some new clues. you'll deserve a medal if you can actually solve this one!! :-) Thanks!! RogueKiller V8.7.6 [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : RICH [Admin rights] Mode : Scan -- Date : 11/25/2013 13:35:49 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Administrator\Desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\RunOnce : 4DF37C11-28CE-42CF-9F83-1D4723EEBDE8 (cmd.exe /C start /D "C:\DOCUME~1\RICH\LOCALS~1\Temp" /B 4DF37C11-28CE-42CF-9F83-1D4723EEBDE8.exe -activeimages -postboot [x][-][x]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F) [inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ( @ ) +++++ --- User --- [MBR] 9c24779718baa28a177f1792c868d0f9 [bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11252013_133549.txt >> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX OLD RK LOG ADDED BELOW XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP1604N +++++ --- User --- [MBR] 9c24779718baa28a177f1792c868d0f9 [bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_08282013_132750.txt >> RKreport[0]_S_08282013_132204.txt
  9. hiesenberg
    I will able to run that first thing in the morning, not home now. Do you have any other scanner options to uncover deeply rooted infections? I just feel like we're hitting a wall and not making more progress. i'm guessing that this bug has evolved to were it is evading most av-scans we've run. couple of new issues: > 2 folders marked network connections in control panel, (there should only be one) > win file search tool, comes up blank. no way to run a file search I await your next steps
  10. hiesenberg
    kevin- pretty sure those files are going to be clean. Iexplore is actually a mcaffe utility that I renamed. > c:\windows\system32\drivers\lswd2yhn.sys belongs to this utility> Vba32 AntiRootkit driver, by VirusBlokAda Ltd. > Iexplore.exe--McAfee Labs Rootkit Remover let me know if you still want them removed.
  11. hiesenberg
    kevin- just noticed, the winXP file search tool is no longer available, that window now comes up blank. Thanks! ComboFix 13-11-22.01 - RICH 11/22/2013 17:10:44.8.1 - x86 Running from: c:\documents and settings\RICH\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\RICH\Desktop\CFScript.txt . FILE :: "C:\Iexplore.exe.exe" "c:\windows\system32\drivers\lswd2yhn.sys" . . ((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 ))))))))))))))))))))))))))))))) . . 2013-11-21 20:19 . 2013-11-21 20:20 -------- dc-h--w- c:\windows\ie8 2013-11-21 20:13 . 2013-11-21 20:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2013-11-21 04:13 . 2013-11-21 04:13 -------- d-sh--w- c:\documents and settings\RICH\IECompatCache 2013-11-21 01:12 . 2013-11-21 16:48 -------- d-----w- c:\windows\system32\XPSViewer 2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\MSBuild 2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\Reference Assemblies 2013-11-21 01:11 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2013-11-21 01:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-11-21 01:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2013-11-21 01:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-11-21 01:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-11-21 01:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-11-21 01:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-11-21 01:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-11-21 01:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-11-21 01:10 . 2013-11-21 01:11 -------- d-----w- C:\5fb5562cc79d999f538320a3b6f889a1 2013-11-20 23:05 . 2013-11-20 23:05 -------- d-----w- c:\windows\Microsoft Antimalware 2013-11-20 20:28 . 2013-11-20 20:28 -------- d-----w- C:\27326b470d00a276235bd9c056b86c70 2013-11-20 20:19 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543B7A6C-B61D-4C7A-94BA-D84BBD9C6BFE}\mpengine.dll 2013-11-19 17:13 . 2013-11-21 01:53 -------- d-----w- c:\windows\system32\MRT 2013-11-14 22:37 . 2013-11-14 22:37 -------- d-sh--w- c:\documents and settings\RICH\PrivacIE 2013-11-13 14:10 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-13 00:06 . 2013-10-13 07:25 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-11-12 18:29 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS 2013-10-31 23:44 . 2013-10-31 23:44 -------- d-----w- C:\FRST 2013-10-31 20:43 . 2013-10-31 20:43 35904 ----a-w- c:\windows\system32\drivers\lswd2yhn.sys 2013-10-31 20:01 . 2013-10-31 20:01 782640 ----a-w- C:\Iexplore.exe.exe 2013-10-28 16:18 . 2013-11-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-18 07:25 . 2013-10-04 04:13 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-31 19:59 . 2013-10-31 19:59 1472131 ----a-w- C:\vba32arkit.zip 2013-10-19 07:33 . 2013-10-19 07:33 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-10-18 05:11 . 2013-10-23 01:12 24064 ----a-w- c:\windows\zoek-delete.exe 2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 01:14 . 2013-04-19 21:58 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-01 23:31 . 2013-10-01 23:32 1207928 ----a-w- c:\program files\rc-installer.exe 2013-09-27 14:53 . 2013-01-20 19:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-19 07:54 . 2013-09-19 07:40 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-09-17 15:26 . 2013-09-17 15:26 325960 ----a-w- c:\program files\lua5.1.dll 2013-09-04 03:02 . 2013-07-19 00:22 1966080 ----a-w- c:\program files\Repair_Windows.exe 2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-04-19 22:40 . 2013-04-19 22:40 11091432 ----a-w- c:\program files\MSEInstall.exe 2013-03-25 03:24 . 2013-03-25 03:24 2483904 ----a-w- c:\program files\Procmon.exe 2011-03-08 17:54 . 2013-07-19 00:22 229376 ----a-w- c:\program files\pcwintech_tabs.ocx 2009-03-24 19:52 . 2013-07-19 00:22 1069376 ----a-w- c:\program files\MSCOMCTL.OCX 2009-03-24 19:52 . 2013-07-19 00:22 136008 ----a-w- c:\program files\msinet.ocx . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2005-04-12 49152] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80392994.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86660297.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "AlcxMonitor"=ALCXMNTR.EXE "MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048] . . Contents of the 'Scheduled Tasks' folder . 2013-10-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09] . 2013-11-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\ FF - ExtSQL: 2013-11-20 20:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-22 17:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1388) c:\windows\system32\ieframe.dll c:\windows\System32\OneX.DLL c:\windows\System32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-11-22 17:22:47 ComboFix-quarantined-files.txt 2013-11-22 22:22 ComboFix2.txt 2013-11-22 18:14 . Pre-Run: 91,163,914,240 bytes free Post-Run: 91,117,903,872 bytes free . - - End Of File - - 5FA2572DC48D59076759FCC2A6721310 8F558EB6672622401DA993E1E865C861
  12. hiesenberg
    kevin, ran a fresh download of Combofix in normal mode. during the scan it gave me an error that "PEV.EXE encountered a problem", but it finished scanning with no other issues. yesterday while testing, I let the pc run win-updates. ComboFix 13-11-22.01 - RICH 11/22/2013 12:48:13.7.1 - x86 Running from: c:\documents and settings\RICH\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 ))))))))))))))))))))))))))))))) . . 2013-11-21 20:19 . 2013-11-21 20:20 -------- dc-h--w- c:\windows\ie8 2013-11-21 20:13 . 2013-11-21 20:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2013-11-21 04:13 . 2013-11-21 04:13 -------- d-sh--w- c:\documents and settings\RICH\IECompatCache 2013-11-21 01:12 . 2013-11-21 16:48 -------- d-----w- c:\windows\system32\XPSViewer 2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\MSBuild 2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\Reference Assemblies 2013-11-21 01:11 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2013-11-21 01:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-11-21 01:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2013-11-21 01:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-11-21 01:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-11-21 01:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-11-21 01:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-11-21 01:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-11-21 01:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-11-21 01:10 . 2013-11-21 01:11 -------- d-----w- C:\5fb5562cc79d999f538320a3b6f889a1 2013-11-20 23:05 . 2013-11-20 23:05 -------- d-----w- c:\windows\Microsoft Antimalware 2013-11-20 20:28 . 2013-11-20 20:28 -------- d-----w- C:\27326b470d00a276235bd9c056b86c70 2013-11-20 20:19 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543B7A6C-B61D-4C7A-94BA-D84BBD9C6BFE}\mpengine.dll 2013-11-19 17:13 . 2013-11-21 01:53 -------- d-----w- c:\windows\system32\MRT 2013-11-14 22:37 . 2013-11-14 22:37 -------- d-sh--w- c:\documents and settings\RICH\PrivacIE 2013-11-13 14:10 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-13 00:06 . 2013-10-13 07:25 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-11-12 18:29 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS 2013-10-31 23:44 . 2013-10-31 23:44 -------- d-----w- C:\FRST 2013-10-31 20:43 . 2013-10-31 20:43 35904 ----a-w- c:\windows\system32\drivers\lswd2yhn.sys 2013-10-31 20:01 . 2013-10-31 20:01 782640 ----a-w- C:\Iexplore.exe.exe 2013-10-28 16:18 . 2013-11-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-18 07:25 . 2013-10-04 04:13 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-31 19:59 . 2013-10-31 19:59 1472131 ----a-w- C:\vba32arkit.zip 2013-10-19 07:33 . 2013-10-19 07:33 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-10-18 05:11 . 2013-10-23 01:12 24064 ----a-w- c:\windows\zoek-delete.exe 2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 01:14 . 2013-04-19 21:58 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-01 23:31 . 2013-10-01 23:32 1207928 ----a-w- c:\program files\rc-installer.exe 2013-09-27 14:53 . 2013-01-20 19:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-19 07:54 . 2013-09-19 07:40 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-09-17 15:26 . 2013-09-17 15:26 325960 ----a-w- c:\program files\lua5.1.dll 2013-09-04 03:02 . 2013-07-19 00:22 1966080 ----a-w- c:\program files\Repair_Windows.exe 2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-04-19 22:40 . 2013-04-19 22:40 11091432 ----a-w- c:\program files\MSEInstall.exe 2013-03-25 03:24 . 2013-03-25 03:24 2483904 ----a-w- c:\program files\Procmon.exe 2011-03-08 17:54 . 2013-07-19 00:22 229376 ----a-w- c:\program files\pcwintech_tabs.ocx 2009-03-24 19:52 . 2013-07-19 00:22 1069376 ----a-w- c:\program files\MSCOMCTL.OCX 2009-03-24 19:52 . 2013-07-19 00:22 136008 ----a-w- c:\program files\msinet.ocx . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2005-04-12 49152] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80392994.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86660297.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "AlcxMonitor"=ALCXMNTR.EXE "MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048] . . Contents of the 'Scheduled Tasks' folder . 2013-10-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09] . 2013-11-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\ FF - ExtSQL: 2013-11-20 20:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-22 13:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(160) c:\windows\System32\OneX.DLL c:\windows\System32\eappprxy.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-11-22 13:14:37 ComboFix-quarantined-files.txt 2013-11-22 18:14 . Pre-Run: 91,164,995,584 bytes free Post-Run: 91,201,699,840 bytes free . - - End Of File - - E0A5E85F14D9C90DA3FF0DF7ADD3023F 8F558EB6672622401DA993E1E865C861
  13. hiesenberg
    kevin- I also found this, "https //$talisma_url$" within my list of IE trusted sites. hopefully this is somewhat of a clue as to what the hell we're fighting here.
  14. hiesenberg
    thanks for hanging in there. great admiration for your persistence! Rkill 2.6.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 11/21/2013 03:33:52 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * C:\WINDOWS\System32\ws2_32.dll : 82,432 : 04/14/2008 07:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig] +-> C:\WINDOWS\erdnt\cache\ws2_32.dll : 82,432 : 04/14/2008 07:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ws2_32.dll : 82,432 : 04/14/2008 07:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl] * C:\WINDOWS\System32\ws2help.dll : 19,968 : 04/14/2008 07:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig] +-> C:\WINDOWS\erdnt\cache\ws2help.dll : 19,968 : 04/14/2008 07:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ws2help.dll : 19,968 : 04/14/2008 07:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl] * C:\WINDOWS\System32\wscntfy.exe : 13,824 : 04/14/2008 07:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig] +-> C:\WINDOWS\erdnt\cache\wscntfy.exe : 13,824 : 04/14/2008 07:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\wscntfy.exe : 13,824 : 04/14/2008 07:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl] * C:\WINDOWS\System32\xmlprov.dll : 129,024 : 04/14/2008 07:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig] +-> C:\WINDOWS\erdnt\cache\xmlprov.dll : 129,024 : 04/14/2008 07:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\xmlprov.dll : 129,024 : 04/14/2008 07:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl] * C:\WINDOWS\explorer.exe : 1,033,728 : 04/14/2008 07:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [NoSig] +-> C:\WINDOWS\erdnt\cache\explorer.exe : 1,033,728 : 04/14/2008 07:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,033,728 : 04/14/2008 07:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl] * C:\WINDOWS\System32\drivers\acpiec.sys : 11,648 : 04/14/2008 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [NoSig] +-> C:\WINDOWS\erdnt\cache\acpiec.sys : 11,648 : 04/14/2008 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\acpiec.sys : 11,648 : 04/14/2008 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [Pos Repl] * C:\WINDOWS\System32\drivers\acpi.sys : 187,776 : 04/14/2008 07:00 AM : 8fd99680a539792a30e97944fdaecf17 [NoSig] +-> C:\WINDOWS\system32\dllcache\acpi.sys : 187,776 : 04/14/2008 07:00 AM : 8fd99680a539792a30e97944fdaecf17 [Pos Repl] * C:\WINDOWS\System32\drivers\aec.sys : 142,592 : 04/14/2008 07:00 AM : 8bed39e3c35d6a489438b8141717a557 [NoSig] +-> C:\WINDOWS\erdnt\cache\aec.sys : 142,592 : 04/14/2008 07:00 AM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\aec.sys : 142,592 : 04/14/2008 07:00 AM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl] * C:\WINDOWS\System32\drivers\afd.sys : 138,496 : 08/17/2011 08:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/16/2008 10:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl] +-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/17/2011 08:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2509553$\afd.sys : 138,112 : 04/14/2008 07:00 AM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2592799$\afd.sys : 138,496 : 10/16/2008 09:43 AM : 7618d5218f2a614672ec61a80d854a37 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 08:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl] * C:\WINDOWS\System32\drivers\agp440.sys : 42,368 : 04/14/2008 07:00 AM : 08fd04aa961bdc77fb983f328334e3d7 [NoSig] +-> C:\WINDOWS\erdnt\cache\agp440.sys : 42,368 : 04/14/2008 07:00 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\agp440.sys : 42,368 : 04/14/2008 07:00 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl] * C:\WINDOWS\System32\drivers\amdk6.sys : 37,376 : 04/14/2008 07:00 AM : d7701d7e72243286cc88c9973d891057 [NoSig] +-> C:\WINDOWS\system32\dllcache\amdk6.sys : 37,376 : 04/14/2008 07:00 AM : d7701d7e72243286cc88c9973d891057 [Pos Repl] * C:\WINDOWS\System32\drivers\amdk7.sys : 37,760 : 04/14/2008 07:00 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig] +-> C:\WINDOWS\system32\dllcache\amdk7.sys : 37,760 : 04/14/2008 07:00 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl] * C:\WINDOWS\System32\drivers\arp1394.sys : 60,800 : 04/14/2008 07:00 AM : b5b8a80875c1dededa8b02765642c32f [NoSig] +-> C:\WINDOWS\system32\dllcache\arp1394.sys : 60,800 : 04/14/2008 07:00 AM : b5b8a80875c1dededa8b02765642c32f [Pos Repl] * C:\WINDOWS\System32\drivers\asyncmac.sys : 14,336 : 04/14/2008 07:00 AM : b153affac761e7f5fcfa822b9c4e97bc [NoSig] +-> C:\WINDOWS\erdnt\cache\asyncmac.sys : 14,336 : 04/14/2008 07:00 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl] +-> C:\WINDOWS\system32\dllcache\asyncmac.sys : 14,336 : 04/14/2008 07:00 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl] * C:\WINDOWS\System32\drivers\atapi.sys : 96,512 : 04/14/2008 07:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig] +-> C:\WINDOWS\erdnt\cache\atapi.sys : 96,512 : 04/14/2008 07:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 07:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl] * C:\WINDOWS\System32\drivers\audstub.sys : 3,072 : 08/17/2001 08:59 AM : d9f724aa26c010a217c97606b160ed68 [NoSig] +-> C:\WINDOWS\system32\dllcache\audstub.sys : 3,072 : 08/17/2001 08:59 AM : d9f724aa26c010a217c97606b160ed68 [Pos Repl] * C:\WINDOWS\System32\drivers\beep.sys : 4,224 : 04/14/2008 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [NoSig] +-> C:\WINDOWS\erdnt\cache\beep.sys : 4,224 : 04/14/2008 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 04/14/2008 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl] * C:\WINDOWS\System32\drivers\bridge.sys : 71,552 : 04/14/2008 07:00 AM : f934d1b230f84e1d19dd00ac5a7a83ed [NoSig] +-> C:\WINDOWS\system32\dllcache\bridge.sys : 71,552 : 04/14/2008 07:00 AM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl] * C:\WINDOWS\System32\drivers\bthport.sys : 272,128 : 06/13/2008 06:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 06:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 06:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 06:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl] * C:\WINDOWS\System32\drivers\cbidf2k.sys : 13,952 : 04/14/2008 07:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig] +-> C:\WINDOWS\system32\dllcache\cbidf2k.sys : 13,952 : 04/14/2008 07:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [Pos Repl] * C:\WINDOWS\System32\drivers\cdaudio.sys : 18,688 : 04/14/2008 07:00 AM : c1b486a7658353d33a10cc15211a873b [NoSig] +-> C:\WINDOWS\system32\dllcache\cdaudio.sys : 18,688 : 04/14/2008 07:00 AM : c1b486a7658353d33a10cc15211a873b [Pos Repl] * C:\WINDOWS\System32\drivers\cdfs.sys : 63,744 : 04/14/2008 07:00 AM : c885b02847f5d2fd45a24e219ed93b32 [NoSig] +-> C:\WINDOWS\system32\dllcache\cdfs.sys : 63,744 : 04/14/2008 07:00 AM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl] * C:\WINDOWS\System32\drivers\cdrom.sys : 62,976 : 04/14/2008 07:00 AM : 1f4260cc5b42272d71f79e570a27a4fe [NoSig] +-> C:\WINDOWS\system32\dllcache\cdrom.sys : 62,976 : 04/14/2008 07:00 AM : 1f4260cc5b42272d71f79e570a27a4fe [Pos Repl] * C:\WINDOWS\System32\drivers\classpnp.sys : 49,536 : 04/14/2008 07:00 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig] +-> C:\WINDOWS\system32\dllcache\classpnp.sys : 49,536 : 04/14/2008 07:00 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl] * C:\WINDOWS\System32\drivers\cpqdap01.sys : 11,776 : 04/14/2008 07:00 AM : 9624293e55ad405415862b504ca95b73 [NoSig] +-> C:\WINDOWS\system32\dllcache\cpqdap01.sys : 11,776 : 04/14/2008 07:00 AM : 9624293e55ad405415862b504ca95b73 [Pos Repl] * C:\WINDOWS\System32\drivers\crusoe.sys : 36,736 : 04/14/2008 07:00 AM : f50d9bdbb25cce075e514dc07472a22f [NoSig] +-> C:\WINDOWS\system32\dllcache\crusoe.sys : 36,736 : 04/14/2008 07:00 AM : f50d9bdbb25cce075e514dc07472a22f [Pos Repl] * C:\WINDOWS\System32\drivers\diskdump.sys : 14,208 : 04/14/2008 07:00 AM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig] +-> C:\WINDOWS\system32\dllcache\diskdump.sys : 14,208 : 04/14/2008 07:00 AM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl] * C:\WINDOWS\System32\drivers\disk.sys : 36,352 : 04/14/2008 07:00 AM : 044452051f3e02e7963599fc8f4f3e25 [NoSig] +-> C:\WINDOWS\system32\dllcache\disk.sys : 36,352 : 04/14/2008 07:00 AM : 044452051f3e02e7963599fc8f4f3e25 [Pos Repl] * C:\WINDOWS\System32\drivers\dmboot.sys : 799,744 : 04/14/2008 07:00 AM : d992fe1274bde0f84ad826acae022a41 [NoSig] +-> C:\WINDOWS\system32\dllcache\dmboot.sys : 799,744 : 04/14/2008 07:00 AM : d992fe1274bde0f84ad826acae022a41 [Pos Repl] * C:\WINDOWS\System32\drivers\dmio.sys : 153,344 : 04/14/2008 07:00 AM : 7c824cf7bbde77d95c08005717a95f6f [NoSig] +-> C:\WINDOWS\system32\dllcache\dmio.sys : 153,344 : 04/14/2008 07:00 AM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl] * C:\WINDOWS\System32\drivers\dmload.sys : 5,888 : 04/14/2008 07:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig] +-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 04/14/2008 07:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl] * C:\WINDOWS\System32\drivers\DMusic.sys : 52,864 : 04/13/2008 11:15 PM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig] +-> C:\WINDOWS\system32\dllcache\dmusic.sys : 52,864 : 04/13/2008 11:15 PM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl] * C:\WINDOWS\System32\drivers\drmkaud.sys : 2,944 : 04/14/2008 07:00 AM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig] +-> C:\WINDOWS\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 07:00 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl] * C:\WINDOWS\System32\drivers\drmk.sys : 60,160 : 04/13/2008 11:15 PM : 6cb08593487f5701d2d2254e693eafce [NoSig] +-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/13/2008 11:15 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl] * C:\WINDOWS\System32\drivers\dxapi.sys : 10,496 : 04/14/2008 07:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig] +-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 04/14/2008 07:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl] * C:\WINDOWS\System32\drivers\dxg.sys : 71,168 : 04/14/2008 07:00 AM : ac7280566a7bb85cb3291f04ddc1198e [NoSig] +-> C:\WINDOWS\system32\dllcache\dxg.sys : 71,168 : 04/14/2008 07:00 AM : ac7280566a7bb85cb3291f04ddc1198e [Pos Repl] * C:\WINDOWS\System32\drivers\dxgthk.sys : 3,328 : 04/14/2008 07:00 AM : a73f5d6705b1d820c19b18782e176efd [NoSig] +-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 04/14/2008 07:00 AM : a73f5d6705b1d820c19b18782e176efd [Pos Repl] * C:\WINDOWS\System32\drivers\fastfat.sys : 143,744 : 04/14/2008 07:00 AM : 38d332a6d56af32635675f132548343e [NoSig] +-> C:\WINDOWS\system32\dllcache\fastfat.sys : 143,744 : 04/14/2008 07:00 AM : 38d332a6d56af32635675f132548343e [Pos Repl] * C:\WINDOWS\System32\drivers\fdc.sys : 27,392 : 04/14/2008 07:00 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig] +-> C:\WINDOWS\system32\dllcache\fdc.sys : 27,392 : 04/14/2008 07:00 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl] * C:\WINDOWS\System32\drivers\fips.sys : 44,544 : 04/14/2008 07:00 AM : d45926117eb9fa946a6af572fbe1caa3 [NoSig] +-> C:\WINDOWS\system32\dllcache\fips.sys : 44,544 : 04/14/2008 07:00 AM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl] * C:\WINDOWS\System32\drivers\flpydisk.sys : 20,480 : 04/14/2008 07:00 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig] +-> C:\WINDOWS\system32\dllcache\flpydisk.sys : 20,480 : 04/14/2008 07:00 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl] * C:\WINDOWS\System32\drivers\fltMgr.sys : 129,792 : 04/14/2008 07:00 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig] +-> C:\WINDOWS\system32\dllcache\fltmgr.sys : 129,792 : 04/14/2008 07:00 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl] * C:\WINDOWS\System32\drivers\fs_rec.sys : 7,936 : 04/14/2008 07:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [NoSig] +-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 04/14/2008 07:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl] * C:\WINDOWS\System32\drivers\fsvga.sys : 12,160 : 04/14/2008 07:00 AM : 455f778ee14368468560bd7cb8c854d0 [NoSig] +-> C:\WINDOWS\system32\dllcache\fsvga.sys : 12,160 : 04/14/2008 07:00 AM : 455f778ee14368468560bd7cb8c854d0 [Pos Repl] * C:\WINDOWS\System32\drivers\ftdisk.sys : 125,056 : 04/14/2008 07:00 AM : 6ac26732762483366c3969c9e4d2259d [NoSig] +-> C:\WINDOWS\system32\dllcache\ftdisk.sys : 125,056 : 04/14/2008 07:00 AM : 6ac26732762483366c3969c9e4d2259d [Pos Repl] * C:\WINDOWS\System32\drivers\hidclass.sys : 36,864 : 04/14/2008 07:00 AM : 1af592532532a402ed7c060f6954004f [NoSig] +-> C:\WINDOWS\system32\dllcache\hidclass.sys : 36,864 : 04/14/2008 07:00 AM : 1af592532532a402ed7c060f6954004f [Pos Repl] * C:\WINDOWS\System32\drivers\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [NoSig] +-> C:\WINDOWS\$NtUninstallKB2862335$\hidparse.sys : 24,960 : 04/14/2008 07:00 AM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl] +-> C:\WINDOWS\SoftwareDistribution\Download\80d0a80404d440ef21afe2a803e22ea8\SP3QFE\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl] +-> C:\WINDOWS\system32\dllcache\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl] * C:\WINDOWS\System32\drivers\hidusb.sys : 10,368 : 04/13/2008 11:15 PM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig] +-> C:\WINDOWS\system32\dllcache\hidusb.sys : 10,368 : 04/13/2008 11:15 PM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl] * C:\WINDOWS\System32\drivers\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/20/2009 10:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB970430$\http.sys : 264,832 : 04/14/2008 07:00 AM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl] * C:\WINDOWS\System32\drivers\i8042prt.sys : 52,480 : 04/14/2008 07:00 AM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig] +-> C:\WINDOWS\system32\dllcache\i8042prt.sys : 52,480 : 04/14/2008 07:00 AM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl] * C:\WINDOWS\System32\drivers\imapi.sys : 42,112 : 04/14/2008 07:00 AM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig] +-> C:\WINDOWS\system32\dllcache\imapi.sys : 42,112 : 04/14/2008 07:00 AM : 083a052659f5310dd8b6a6cb05edcf8e [Pos Repl] * C:\WINDOWS\System32\drivers\intelppm.sys : 36,352 : 04/14/2008 07:00 AM : 8c953733d8f36eb2133f5bb58808b66b [NoSig] +-> C:\WINDOWS\system32\dllcache\intelppm.sys : 36,352 : 04/14/2008 07:00 AM : 8c953733d8f36eb2133f5bb58808b66b [Pos Repl] * C:\WINDOWS\System32\drivers\ip6fw.sys : 36,608 : 04/14/2008 07:00 AM : 3bb22519a194418d5fec05d800a19ad0 [NoSig] +-> C:\WINDOWS\erdnt\cache\ip6fw.sys : 36,608 : 04/14/2008 07:00 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ip6fw.sys : 36,608 : 04/14/2008 07:00 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl] * C:\WINDOWS\System32\drivers\ipfltdrv.sys : 32,896 : 04/14/2008 07:00 AM : 731f22ba402ee4b62748adaf6363c182 [NoSig] +-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 04/14/2008 07:00 AM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl] * C:\WINDOWS\System32\drivers\ipinip.sys : 20,864 : 04/14/2008 07:00 AM : b87ab476dcf76e72010632b5550955f5 [NoSig] +-> C:\WINDOWS\system32\dllcache\ipinip.sys : 20,864 : 04/14/2008 07:00 AM : b87ab476dcf76e72010632b5550955f5 [Pos Repl] * C:\WINDOWS\System32\drivers\ipnat.sys : 152,832 : 04/14/2008 07:00 AM : cc748ea12c6effde940ee98098bf96bb [NoSig] +-> C:\WINDOWS\system32\dllcache\ipnat.sys : 152,832 : 04/14/2008 07:00 AM : cc748ea12c6effde940ee98098bf96bb [Pos Repl] * C:\WINDOWS\System32\drivers\ipsec.sys : 75,264 : 04/14/2008 07:00 AM : 23c74d75e36e7158768dd63d92789a91 [NoSig] +-> C:\WINDOWS\erdnt\cache\ipsec.sys : 75,264 : 04/14/2008 07:00 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ipsec.sys : 75,264 : 04/14/2008 07:00 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl] * C:\WINDOWS\System32\drivers\irenum.sys : 11,264 : 04/14/2008 07:00 AM : c93c9ff7b04d772627a3646d89f7bf89 [NoSig] +-> C:\WINDOWS\system32\dllcache\irenum.sys : 11,264 : 04/14/2008 07:00 AM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl] * C:\WINDOWS\System32\drivers\isapnp.sys : 37,248 : 04/14/2008 07:00 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig] +-> C:\WINDOWS\system32\dllcache\isapnp.sys : 37,248 : 04/14/2008 07:00 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl] * C:\WINDOWS\System32\drivers\kbdclass.sys : 24,576 : 04/14/2008 07:00 AM : 463c1ec80cd17420a542b7f36a36f128 [NoSig] +-> C:\WINDOWS\erdnt\cache\kbdclass.sys : 24,576 : 04/14/2008 07:00 AM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\kbdclass.sys : 24,576 : 04/14/2008 07:00 AM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl] * C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 04/14/2008 07:00 AM : 692bcf44383d056aed41b045a323d378 [NoSig] +-> C:\WINDOWS\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 07:00 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl] * C:\WINDOWS\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 06:18 AM : b467646c54cc746128904e1654c750c1 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 05:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB968389$\ksecdd.sys : 92,288 : 04/14/2008 07:00 AM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 06:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl] * C:\WINDOWS\System32\drivers\ks.sys : 141,056 : 04/13/2008 11:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig] +-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/13/2008 11:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl] * C:\WINDOWS\System32\drivers\mcd.sys : 7,680 : 04/14/2008 07:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig] +-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 04/14/2008 07:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl] * C:\WINDOWS\System32\drivers\mf.sys : 63,744 : 04/14/2008 07:00 AM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig] +-> C:\WINDOWS\system32\dllcache\mf.sys : 63,744 : 04/14/2008 07:00 AM : a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl] * C:\WINDOWS\System32\drivers\mnmdd.sys : 4,224 : 04/14/2008 07:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig] +-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 04/14/2008 07:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl] * C:\WINDOWS\System32\drivers\modem.sys : 30,080 : 04/14/2008 07:00 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig] +-> C:\WINDOWS\system32\dllcache\modem.sys : 30,080 : 04/14/2008 07:00 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl] * C:\WINDOWS\System32\drivers\mouclass.sys : 23,040 : 04/14/2008 07:00 AM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig] +-> C:\WINDOWS\system32\dllcache\mouclass.sys : 23,040 : 04/14/2008 07:00 AM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl] * C:\WINDOWS\System32\drivers\mouhid.sys : 12,160 : 08/17/2001 12:48 AM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig] +-> C:\WINDOWS\system32\dllcache\mouhid.sys : 12,160 : 08/17/2001 12:48 AM : b1c303e17fb9d46e87a98e4ba6769685 [Pos Repl] * C:\WINDOWS\System32\drivers\mountmgr.sys : 42,368 : 04/14/2008 07:00 AM : a80b9a0bad1b73637dbcbba7df72d3fd [NoSig] +-> C:\WINDOWS\system32\dllcache\mountmgr.sys : 42,368 : 04/14/2008 07:00 AM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl] * C:\WINDOWS\System32\drivers\mrxdav.sys : 180,608 : 04/14/2008 07:00 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [NoSig] +-> C:\WINDOWS\system32\dllcache\mrxdav.sys : 180,608 : 04/14/2008 07:00 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl] * C:\WINDOWS\System32\drivers\mrxsmb.sys : 456,320 : 07/15/2011 08:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/15/2011 08:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys : 456,576 : 04/14/2008 07:00 AM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 08:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 08:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl] * C:\WINDOWS\System32\drivers\msfs.sys : 19,072 : 04/14/2008 07:00 AM : c941ea2454ba8350021d774daf0f1027 [NoSig] +-> C:\WINDOWS\system32\dllcache\msfs.sys : 19,072 : 04/14/2008 07:00 AM : c941ea2454ba8350021d774daf0f1027 [Pos Repl] * C:\WINDOWS\System32\drivers\msgpc.sys : 35,072 : 04/14/2008 07:00 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig] +-> C:\WINDOWS\system32\dllcache\msgpc.sys : 35,072 : 04/14/2008 07:00 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl] * C:\WINDOWS\System32\drivers\MSKSSRV.sys : 7,552 : 04/13/2008 11:09 PM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig] +-> C:\WINDOWS\system32\dllcache\mskssrv.sys : 7,552 : 04/13/2008 11:09 PM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl] * C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 5,376 : 04/13/2008 11:09 PM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig] +-> C:\WINDOWS\system32\dllcache\mspclock.sys : 5,376 : 04/13/2008 11:09 PM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl] * C:\WINDOWS\System32\drivers\MSPQM.sys : 4,992 : 04/13/2008 11:09 PM : bad59648ba099da4a17680b39730cb3d [NoSig] +-> C:\WINDOWS\system32\dllcache\mspqm.sys : 4,992 : 04/13/2008 11:09 PM : bad59648ba099da4a17680b39730cb3d [Pos Repl] * C:\WINDOWS\System32\drivers\mssmbios.sys : 15,488 : 04/14/2008 07:00 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig] +-> C:\WINDOWS\system32\dllcache\mssmbios.sys : 15,488 : 04/14/2008 07:00 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl] * C:\WINDOWS\System32\drivers\mup.sys : 105,472 : 04/21/2011 08:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/21/2011 08:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2535512$\mup.sys : 105,344 : 04/14/2008 07:00 AM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 08:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl] * C:\WINDOWS\System32\drivers\ndis.sys : 182,656 : 04/14/2008 07:00 AM : 1df7f42665c94b825322fae71721130d [NoSig] +-> C:\WINDOWS\erdnt\cache\ndis.sys : 182,656 : 04/14/2008 07:00 AM : 1df7f42665c94b825322fae71721130d [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ndis.sys : 182,656 : 04/14/2008 07:00 AM : 1df7f42665c94b825322fae71721130d [Pos Repl] * C:\WINDOWS\System32\drivers\ndistapi.sys : 10,496 : 07/08/2011 09:02 AM : 0109c4f3850dfbab279542515386ae22 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/08/2011 08:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2566454$\ndistapi.sys : 10,112 : 04/14/2008 07:00 AM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 09:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl] * C:\WINDOWS\System32\drivers\ndisuio.sys : 14,592 : 04/14/2008 07:00 AM : f927a4434c5028758a842943ef1a3849 [NoSig] +-> C:\WINDOWS\system32\dllcache\ndisuio.sys : 14,592 : 04/14/2008 07:00 AM : f927a4434c5028758a842943ef1a3849 [Pos Repl] * C:\WINDOWS\System32\drivers\ndiswan.sys : 91,520 : 04/14/2008 07:00 AM : edc1531a49c80614b2cfda43ca8659ab [NoSig] +-> C:\WINDOWS\system32\dllcache\ndiswan.sys : 91,520 : 04/14/2008 07:00 AM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl] * C:\WINDOWS\System32\drivers\ndproxy.sys : 40,960 : 11/02/2010 10:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40,960 : 11/03/2010 00:55 AM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2440591$\ndproxy.sys : 40,576 : 04/14/2008 07:00 AM : 6215023940cfd3702b46abc304e1d45a [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/02/2010 10:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl] * C:\WINDOWS\System32\drivers\netbios.sys : 34,688 : 04/14/2008 07:00 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig] +-> C:\WINDOWS\system32\dllcache\netbios.sys : 34,688 : 04/14/2008 07:00 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl] * C:\WINDOWS\System32\drivers\netbt.sys : 162,816 : 04/14/2008 07:00 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig] +-> C:\WINDOWS\system32\dllcache\netbt.sys : 162,816 : 04/14/2008 07:00 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl] * C:\WINDOWS\System32\drivers\nic1394.sys : 61,824 : 04/14/2008 07:00 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig] +-> C:\WINDOWS\system32\dllcache\nic1394.sys : 61,824 : 04/14/2008 07:00 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl] * C:\WINDOWS\System32\drivers\nikedrv.sys : 12,032 : 04/14/2008 07:00 AM : be984d604d91c217355cdd3737aad25d [NoSig] +-> C:\WINDOWS\system32\dllcache\nikedrv.sys : 12,032 : 04/14/2008 07:00 AM : be984d604d91c217355cdd3737aad25d [Pos Repl] * C:\WINDOWS\System32\drivers\nmnt.sys : 40,320 : 04/14/2008 07:00 AM : 1e421a6bcf2203cc61b821ada9de878b [NoSig] +-> C:\WINDOWS\system32\dllcache\nmnt.sys : 40,320 : 04/14/2008 07:00 AM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl] * C:\WINDOWS\System32\drivers\npfs.sys : 30,848 : 04/14/2008 07:00 AM : 3182d64ae053d6fb034f44b6def8034a [NoSig] +-> C:\WINDOWS\system32\dllcache\npfs.sys : 30,848 : 04/14/2008 07:00 AM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl] * C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 04/14/2008 07:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [NoSig] +-> C:\WINDOWS\erdnt\cache\ntfs.sys : 574,976 : 04/14/2008 07:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl] +-> C:\WINDOWS\system32\dllcache\ntfs.sys : 574,976 : 04/14/2008 07:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl] * C:\WINDOWS\System32\drivers\null.sys : 2,944 : 04/14/2008 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig] +-> C:\WINDOWS\erdnt\cache\null.sys : 2,944 : 04/14/2008 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl] +-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 04/14/2008 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl] * C:\WINDOWS\System32\drivers\nwlnkflt.sys : 12,416 : 04/14/2008 07:00 AM : b305f3fad35083837ef46a0bbce2fc57 [NoSig] +-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 04/14/2008 07:00 AM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl] * C:\WINDOWS\System32\drivers\nwlnkfwd.sys : 32,512 : 04/14/2008 07:00 AM : c99b3415198d1aab7227f2c88fd664b9 [NoSig] +-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 04/14/2008 07:00 AM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl] * C:\WINDOWS\System32\drivers\nwlnkipx.sys : 88,320 : 04/14/2008 07:00 AM : 8b8b1be2dba4025da6786c645f77f123 [NoSig] +-> C:\WINDOWS\system32\dllcache\nwlnkipx.sys : 88,320 : 04/14/2008 07:00 AM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl] * C:\WINDOWS\System32\drivers\nwlnknb.sys : 63,232 : 04/14/2008 07:00 AM : 56d34a67c05e94e16377c60609741ff8 [NoSig] +-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 04/14/2008 07:00 AM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl] * C:\WINDOWS\System32\drivers\nwlnkspx.sys : 55,936 : 04/14/2008 07:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig] +-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 04/14/2008 07:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl] * C:\WINDOWS\System32\drivers\oprghdlr.sys : 3,456 : 04/14/2008 07:00 AM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig] +-> C:\WINDOWS\system32\dllcache\oprghdlr.sys : 3,456 : 04/14/2008 07:00 AM : 4bb30ddc53ebc76895e38694580cdfe9 [Pos Repl] * C:\WINDOWS\System32\drivers\p3.sys : 42,752 : 04/14/2008 07:00 AM : c90018bafdc7098619a4a95b046b30f3 [NoSig] +-> C:\WINDOWS\system32\dllcache\p3.sys : 42,752 : 04/14/2008 07:00 AM : c90018bafdc7098619a4a95b046b30f3 [Pos Repl] * C:\WINDOWS\System32\drivers\parport.sys : 80,128 : 04/14/2008 07:00 AM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig] +-> C:\WINDOWS\system32\dllcache\parport.sys : 80,128 : 04/14/2008 07:00 AM : 5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl] * C:\WINDOWS\System32\drivers\partmgr.sys : 19,712 : 04/14/2008 07:00 AM : beb3ba25197665d82ec7065b724171c6 [NoSig] +-> C:\WINDOWS\system32\dllcache\partmgr.sys : 19,712 : 04/14/2008 07:00 AM : beb3ba25197665d82ec7065b724171c6 [Pos Repl] * C:\WINDOWS\System32\drivers\parvdm.sys : 6,784 : 04/14/2008 07:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig] +-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 04/14/2008 07:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl] * C:\WINDOWS\System32\drivers\pciidex.sys : 24,960 : 04/14/2008 07:00 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig] +-> C:\WINDOWS\system32\dllcache\pciidex.sys : 24,960 : 04/14/2008 07:00 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl] * C:\WINDOWS\System32\drivers\pci.sys : 68,224 : 04/14/2008 07:00 AM : a219903ccf74233761d92bef471a07b1 [NoSig] +-> C:\WINDOWS\system32\dllcache\pci.sys : 68,224 : 04/14/2008 07:00 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl] * C:\WINDOWS\System32\drivers\pcmcia.sys : 120,192 : 04/14/2008 07:00 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig] +-> C:\WINDOWS\system32\dllcache\pcmcia.sys : 120,192 : 04/14/2008 07:00 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl] * C:\WINDOWS\System32\drivers\portcls.sys : 146,048 : 04/13/2008 11:49 PM : e82a496c3961efc6828b508c310ce98f [NoSig] +-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/13/2008 11:49 PM : e82a496c3961efc6828b508c310ce98f [Pos Repl] * C:\WINDOWS\System32\drivers\processr.sys : 35,840 : 04/14/2008 07:00 AM : a32bebaf723557681bfc6bd93e98bd26 [NoSig] +-> C:\WINDOWS\system32\dllcache\processr.sys : 35,840 : 04/14/2008 07:00 AM : a32bebaf723557681bfc6bd93e98bd26 [Pos Repl] * C:\WINDOWS\System32\drivers\psched.sys : 69,120 : 04/14/2008 07:00 AM : 09298ec810b07e5d582cb3a3f9255424 [NoSig] +-> C:\WINDOWS\system32\dllcache\psched.sys : 69,120 : 04/14/2008 07:00 AM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl] * C:\WINDOWS\System32\drivers\ptilink.sys : 17,792 : 04/14/2008 07:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig] +-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 04/14/2008 07:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl] * C:\WINDOWS\System32\drivers\rasacd.sys : 8,832 : 04/14/2008 07:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig] +-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 04/14/2008 07:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl] * C:\WINDOWS\System32\drivers\rasl2tp.sys : 51,328 : 04/14/2008 07:00 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig] +-> C:\WINDOWS\system32\dllcache\rasl2tp.sys : 51,328 : 04/14/2008 07:00 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl] * C:\WINDOWS\System32\drivers\raspppoe.sys : 41,472 : 04/14/2008 07:00 AM : 5bc962f2654137c9909c3d4603587dee [NoSig] +-> C:\WINDOWS\system32\dllcache\raspppoe.sys : 41,472 : 04/14/2008 07:00 AM : 5bc962f2654137c9909c3d4603587dee [Pos Repl] * C:\WINDOWS\System32\drivers\raspptp.sys : 48,384 : 04/14/2008 07:00 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig] +-> C:\WINDOWS\system32\dllcache\raspptp.sys : 48,384 : 04/14/2008 07:00 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl] * C:\WINDOWS\System32\drivers\raspti.sys : 16,512 : 04/14/2008 07:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig] +-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 04/14/2008 07:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl] * C:\WINDOWS\System32\drivers\rawwan.sys : 34,432 : 04/14/2008 07:00 AM : 01524cd237223b18adbb48f70083f101 [NoSig] +-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 04/14/2008 07:00 AM : 01524cd237223b18adbb48f70083f101 [Pos Repl] * C:\WINDOWS\System32\drivers\rdbss.sys : 175,744 : 04/14/2008 07:00 AM : 7ad224ad1a1437fe28d89cf22b17780a [NoSig] +-> C:\WINDOWS\system32\dllcache\rdbss.sys : 175,744 : 04/14/2008 07:00 AM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl] * C:\WINDOWS\System32\drivers\rdpcdd.sys : 4,224 : 04/14/2008 07:00 AM : 4912d5b403614ce99c28420f75353332 [NoSig] +-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 04/14/2008 07:00 AM : 4912d5b403614ce99c28420f75353332 [Pos Repl] * C:\WINDOWS\System32\drivers\rdpdr.sys : 196,224 : 04/13/2008 11:02 PM : 15cabd0f7c00c47c70124907916af3f1 [NoSig] +-> C:\WINDOWS\system32\dllcache\rdpdr.sys : 196,224 : 04/13/2008 11:02 PM : 15cabd0f7c00c47c70124907916af3f1 [Pos Repl] * C:\WINDOWS\System32\drivers\rdpwd.sys : 139,784 : 07/04/2012 09:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2723135-v2\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 08:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2723135-v2$\rdpwd.sys : 139,656 : 04/14/2008 07:00 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl] +-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/04/2012 09:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl] * C:\WINDOWS\System32\drivers\redbook.sys : 57,600 : 04/13/2008 11:10 PM : f828dd7e1419b6653894a8f97a0094c5 [NoSig] +-> C:\WINDOWS\system32\dllcache\redbook.sys : 57,600 : 04/13/2008 11:10 PM : f828dd7e1419b6653894a8f97a0094c5 [Pos Repl] * C:\WINDOWS\System32\drivers\rmcast.sys : 203,136 : 05/08/2008 09:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [NoSig] +-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/08/2008 08:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys : 202,624 : 04/14/2008 07:00 AM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 09:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl] * C:\WINDOWS\System32\drivers\rndismp.sys : 30,592 : 04/14/2008 07:00 AM : 601844cbcf617ff8c868130ca5b2039d [NoSig] +-> C:\WINDOWS\system32\dllcache\rndismp.sys : 30,592 : 04/14/2008 07:00 AM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl] * C:\WINDOWS\System32\drivers\rootmdm.sys : 5,888 : 04/14/2008 07:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig] +-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 04/14/2008 07:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl] * C:\WINDOWS\System32\drivers\scsiport.sys : 96,384 : 04/14/2008 07:00 AM : 76c465f570e90c28942d52ccb2580a10 [NoSig] +-> C:\WINDOWS\system32\dllcache\scsiport.sys : 96,384 : 04/14/2008 07:00 AM : 76c465f570e90c28942d52ccb2580a10 [Pos Repl] * C:\WINDOWS\System32\drivers\sdbus.sys : 79,232 : 04/14/2008 07:00 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig] +-> C:\WINDOWS\system32\dllcache\sdbus.sys : 79,232 : 04/14/2008 07:00 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl] * C:\WINDOWS\System32\drivers\serenum.sys : 15,744 : 04/14/2008 07:00 AM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig] +-> C:\WINDOWS\system32\dllcache\serenum.sys : 15,744 : 04/14/2008 07:00 AM : 0f29512ccd6bead730039fb4bd2c85ce [Pos Repl] * C:\WINDOWS\System32\drivers\serial.sys : 64,512 : 04/14/2008 07:00 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig] +-> C:\WINDOWS\system32\dllcache\serial.sys : 64,512 : 04/14/2008 07:00 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl] * C:\WINDOWS\System32\drivers\sffdisk.sys : 11,904 : 04/14/2008 07:00 AM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig] +-> C:\WINDOWS\system32\dllcache\sffdisk.sys : 11,904 : 04/14/2008 07:00 AM : 0fa803c64df0914b41f807ea276bf2a6 [Pos Repl] * C:\WINDOWS\System32\drivers\sffp_sd.sys : 11,008 : 04/14/2008 07:00 AM : c17c331e435ed8737525c86a7557b3ac [NoSig] +-> C:\WINDOWS\system32\dllcache\sffp_sd.sys : 11,008 : 04/14/2008 07:00 AM : c17c331e435ed8737525c86a7557b3ac [Pos Repl] * C:\WINDOWS\System32\drivers\sfloppy.sys : 11,392 : 04/14/2008 07:00 AM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig] +-> C:\WINDOWS\system32\dllcache\sfloppy.sys : 11,392 : 04/14/2008 07:00 AM : 8e6b8c671615d126fdc553d1e2de5562 [Pos Repl] * C:\WINDOWS\System32\drivers\smclib.sys : 14,592 : 04/14/2008 07:00 AM : 017daecf0ed3aa731313433601ec40fa [NoSig] +-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 04/14/2008 07:00 AM : 017daecf0ed3aa731313433601ec40fa [Pos Repl] * C:\WINDOWS\System32\drivers\sonydcam.sys : 25,344 : 04/14/2008 07:00 AM : 489703624dac94ed943c2abda022a1cd [NoSig] +-> C:\WINDOWS\system32\dllcache\sonydcam.sys : 25,344 : 04/14/2008 07:00 AM : 489703624dac94ed943c2abda022a1cd [Pos Repl] * C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 04/13/2008 11:15 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig] +-> C:\WINDOWS\system32\dllcache\splitter.sys : 6,272 : 04/13/2008 11:15 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl] * C:\WINDOWS\System32\drivers\sr.sys : 73,472 : 04/14/2008 07:00 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [NoSig] +-> C:\WINDOWS\system32\dllcache\sr.sys : 73,472 : 04/14/2008 07:00 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl] * C:\WINDOWS\System32\drivers\srv.sys : 357,888 : 02/17/2011 08:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/26/2010 08:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl] +-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/17/2011 08:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2508429$\srv.sys : 334,848 : 04/14/2008 07:00 AM : 5252605079810904e31c332e241cd59b [Pos Repl] +-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 08:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl] * C:\WINDOWS\System32\drivers\stream.sys : 49,408 : 04/13/2008 11:15 PM : 3e5d89099ded9e86e5639f411693218f [NoSig] +-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/13/2008 11:15 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl] * C:\WINDOWS\System32\drivers\swenum.sys : 4,352 : 04/14/2008 07:00 AM : 3941d127aef12e93addf6fe6ee027e0f [NoSig] +-> C:\WINDOWS\system32\dllcache\swenum.sys : 4,352 : 04/14/2008 07:00 AM : 3941d127aef12e93addf6fe6ee027e0f [Pos Repl] * C:\WINDOWS\System32\drivers\swmidi.sys : 56,576 : 04/14/2008 07:00 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig] +-> C:\WINDOWS\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 07:00 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl] * C:\WINDOWS\System32\drivers\sysaudio.sys : 60,800 : 04/14/2008 07:00 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig] +-> C:\WINDOWS\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 07:00 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl] * C:\WINDOWS\System32\drivers\tape.sys : 14,976 : 04/14/2008 07:00 AM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig] +-> C:\WINDOWS\system32\dllcache\tape.sys : 14,976 : 04/14/2008 07:00 AM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl] * C:\WINDOWS\System32\drivers\tcpip6.sys : 226,880 : 02/11/2010 07:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 06:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl] +-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 06:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB978338$\tcpip6.sys : 225,664 : 04/14/2008 07:00 AM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 07:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl] * C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys : 361,344 : 04/14/2008 07:00 AM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl] +-> C:\WINDOWS\erdnt\cache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl] +-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl] * C:\WINDOWS\System32\drivers\tdi.sys : 19,072 : 04/14/2008 07:00 AM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig] +-> C:\WINDOWS\system32\dllcache\tdi.sys : 19,072 : 04/14/2008 07:00 AM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl] * C:\WINDOWS\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 07:00 AM : 6471a66807f5e104e4885f5b67349397 [NoSig] +-> C:\WINDOWS\system32\dllcache\tdpipe.sys : 12,040 : 04/14/2008 07:00 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl] * C:\WINDOWS\System32\drivers\tdtcp.sys : 21,896 : 04/14/2008 07:00 AM : c56b6d0402371cf3700eb322ef3aaf61 [NoSig] +-> C:\WINDOWS\system32\dllcache\tdtcp.sys : 21,896 : 04/14/2008 07:00 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl] * C:\WINDOWS\System32\drivers\termdd.sys : 40,840 : 04/14/2008 04:43 AM : 88155247177638048422893737429d9e [NoSig] +-> C:\WINDOWS\system32\dllcache\termdd.sys : 40,840 : 04/14/2008 04:43 AM : 88155247177638048422893737429d9e [Pos Repl] * C:\WINDOWS\System32\drivers\tosdvd.sys : 51,712 : 04/14/2008 07:00 AM : 699450901c5ccfd82357cbc531cedd23 [NoSig] +-> C:\WINDOWS\system32\dllcache\tosdvd.sys : 51,712 : 04/14/2008 07:00 AM : 699450901c5ccfd82357cbc531cedd23 [Pos Repl] * C:\WINDOWS\System32\drivers\tunmp.sys : 12,288 : 04/14/2008 07:00 AM : 8f861eda21c05857eb8197300a92501c [NoSig] +-> C:\WINDOWS\system32\dllcache\tunmp.sys : 12,288 : 04/14/2008 07:00 AM : 8f861eda21c05857eb8197300a92501c [Pos Repl] * C:\WINDOWS\System32\drivers\udfs.sys : 66,048 : 04/14/2008 07:00 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig] +-> C:\WINDOWS\system32\dllcache\udfs.sys : 66,048 : 04/14/2008 07:00 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl] * C:\WINDOWS\System32\drivers\update.sys : 384,768 : 04/14/2008 07:00 AM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig] +-> C:\WINDOWS\system32\dllcache\update.sys : 384,768 : 04/14/2008 07:00 AM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl] * C:\WINDOWS\System32\drivers\usb8023.sys : 12,928 : 02/11/2013 07:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [NoSig] +-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/11/2013 07:43 PM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB2807986$\usb8023.sys : 12,800 : 04/14/2008 07:00 AM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl] +-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/11/2013 07:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl] * C:\WINDOWS\System32\drivers\usbcamd2.sys : 25,728 : 04/14/2008 07:00 AM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig] +-> C:\WINDOWS\system32\dllcache\usbcamd2.sys : 25,728 : 04/14/2008 07:00 AM : ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl] * C:\WINDOWS\System32\drivers\usbcamd.sys : 25,600 : 04/14/2008 07:00 AM : 1c1a47b40c23358245aa8d0443b6935e [NoSig] +-> C:\WINDOWS\system32\dllcache\usbcamd.sys : 25,600 : 04/14/2008 07:00 AM : 1c1a47b40c23358245aa8d0443b6935e [Pos Repl] * C:\WINDOWS\System32\drivers\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [NoSig] +-> C:\WINDOWS\$NtUninstallKB2862330$\usbccgp.sys : 32,128 : 04/13/2008 11:15 PM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl] +-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl] +-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl] * C:\WINDOWS\System32\drivers\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [NoSig] +-> C:\WINDOWS\$NtUninstallKB2862330$\usbd.sys : 4,736 : 04/14/2008 07:00 AM : 596eb39b50d6ebd9b734dc4ae0544693 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl] +-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl] * C:\WINDOWS\System32\drivers\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [NoSig] +-> C:\WINDOWS\$NtUninstallKB2862330$\usbehci.sys : 30,208 : 04/14/2008 07:00 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl] +-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl] +-> C:\WINDOWS\system32\dllcache\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl] * C:\WINDOWS\System32\drivers\usbhub.sys : 59,520 : 04/14/2008 07:00 AM : 1ab3cdde553b6e064d2e754efe20285c [NoSig] +-> C:\WINDOWS\system32\dllcache\usbhub.sys : 59,520 : 04/14/2008 07:00 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl] * C:\WINDOWS\System32\drivers\usbintel.sys : 15,872 : 04/14/2008 07:00 AM : 290913dc4f1125e5a82de52579a44c43 [NoSig] +-> C:\WINDOWS\system32\dllcache\usbintel.sys : 15,872 : 04/14/2008 07:00 AM : 290913dc4f1125e5a82de52579a44c43 [Pos Repl] * C:\WINDOWS\System32\drivers\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [NoSig] +-> C:\WINDOWS\$NtUninstallKB2862330$\usbport.sys : 143,872 : 04/14/2008 07:00 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl] +-> C:\WINDOWS\Driver Cache\i386\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl] +-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl] +-> C:\WINDOWS\system32\dllcache\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl] * C:\WINDOWS\System32\drivers\USBSTOR.sys : 26,368 : 04/14/2008 07:00 AM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig] +-> C:\WINDOWS\system32\dllcache\usbstor.sys : 26,368 : 04/14/2008 07:00 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl] * C:\WINDOWS\System32\drivers\vga.sys : 20,992 : 04/14/2008 07:00 AM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig] +-> C:\WINDOWS\system32\dllcache\vga.sys : 20,992 : 04/14/2008 07:00 AM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl] * C:\WINDOWS\System32\drivers\videoprt.sys : 81,664 : 04/14/2008 07:00 AM : e28726b72c46821a28830e077d39a55b [NoSig] +-> C:\WINDOWS\system32\dllcache\videoprt.sys : 81,664 : 04/14/2008 07:00 AM : e28726b72c46821a28830e077d39a55b [Pos Repl] * C:\WINDOWS\System32\drivers\volsnap.sys : 52,352 : 04/14/2008 07:00 AM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig] +-> C:\WINDOWS\system32\dllcache\volsnap.sys : 52,352 : 04/14/2008 07:00 AM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl] * C:\WINDOWS\System32\drivers\wanarp.sys : 34,560 : 04/14/2008 07:00 AM : e20b95baedb550f32dd489265c1da1f6 [NoSig] +-> C:\WINDOWS\system32\dllcache\wanarp.sys : 34,560 : 04/14/2008 07:00 AM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl] * C:\WINDOWS\System32\drivers\wdmaud.sys : 83,072 : 04/14/2008 07:00 AM : 6768acf64b18196494413695f0c3a00f [NoSig] +-> C:\WINDOWS\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 07:00 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl] * C:\WINDOWS\System32\drivers\wmilib.sys : 4,352 : 04/14/2008 07:00 AM : 2f31b7f954bed437f2c75026c65caf7b [NoSig] +-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 04/14/2008 07:00 AM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl] * C:\WINDOWS\System32\drivers\ws2ifsl.sys : 12,032 : 04/14/2008 07:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig] +-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 04/14/2008 07:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 11/21/2013 03:36:45 PM Execution time: 0 hours(s), 2 minute(s), and 53 seconds(s)
  15. hiesenberg
    okay lots going on... >could not locate the combo log but I will look again > taskbar change is back, this time the blue version added a 2nd level, like 2 rows of icons. very weird. > while svchost was running at 90-100%, I ran Rkill and it listed well over a 100 drivers as unsigned. it ran for much longer period than what it usually takes, (I saved the log-can be posted) > also ran Junkware-jrt and it found 2 registry entries. previously, JRT has always come up clean. please tell me if these jrt findings are serious or harmless..? Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Microsoft Windows XP x86 Ran by Administrator on Thu 11/21/2013 at 16:16:48.18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 11/21/2013 at 16:20:44.26 End of JRT log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.