Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake shockwave/java update virus help [Closed]

Started by Jhoffz88 , May 21 2013 05:57 PM

  • This topic is locked This topic is locked

#1
Jhoffz88
Posted 21 May 2013 - 05:57 PM

Jhoffz88

    New Member

  • Member
  • Pip
  • 7 posts
I was using a site I use to watch movies and got an update pop up that I knew was fake, unfortunately I don't remember if it was java or adobe, when I X'd it out it downloaded anyway. Now after my comp has restarted it says all my web browsers were either removed or missing, same with my spy bot SD, hijack this... It also says I don't have permission to access my desktop or when trying to install a program it gives me "error 5:access denied". I know it has 2start up programs that run on system start up called "active update" and spybotSD told me it changed 2 registries done by a program called "0ki7znduokheb.exe" which I'm sure is just a random letter generation, any help would be appreciated but if its inevitable ill wipe my comp...also I am curently running.VIPRE from a thumb drive,.tried rkill and exehelper but it still doesnt allow me to download any files... Thanks for any replies
  • 0

Advertisements

#2
Jasmyne
Posted 22 May 2013 - 08:00 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now! It isn't always a quick & easy fix to remove malware but if you'll stick with me, I'll stick with you until your computer is clean. Throughout this process you may want to print instructions in case you loose internet access unless you have another way to access them aside from the infected computer. Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)

Let's get a look at what's going on. Since you have been able to download other programs to a flashdrive, download OTL and copy the following information to a notepad and save them both on the flashdrive.
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT

  • Copy OTL to your desktop.
  • Double click on the icon to run it.
  • Please check the box next to Scan All Users.
  • Under the Custom Scans/Fixes box at the bottom, paste in the information I asked you to copy to the notepad file.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Jhoffz88
Posted 22 May 2013 - 07:30 PM

Jhoffz88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
the first from otl.txt


OTL logfile created on: 5/22/2013 7:28:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.75% Memory free
6.00 Gb Paging File | 5.69 Gb Available in Paging File | 94.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.29 Gb Total Space | 44.09 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.40 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 7.12 Gb Free Space | 95.64% Space Free | Partition Type: FAT32

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/22 19:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/05/15 05:00:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/26 01:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/05 21:26:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/11 21:27:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/10/24 16:02:58 | 004,999,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 04:01:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/28 03:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | System | Stopped] -- G:\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jon\AppData\Local\Temp\ESEADriver2.sys -- (ESEADriver2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jon\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundIS\apf001.sys -- (apf001)
DRV - [2013/02/26 01:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/12 18:09:56 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/01/06 21:54:08 | 000,012,400 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2011/01/06 21:54:08 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/09/07 15:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/06/20 22:26:36 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/06/20 22:26:36 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/06/20 22:26:36 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/06/20 22:26:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/05/12 05:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2009/10/16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/02/19 22:34:00 | 001,877,312 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.pogo.iplay.com/?o=shp
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes,DefaultScope = {C151DC94-7231-4781-8AEA-E70F4D36093B}
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...35-35FF7FF4EDFB
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes\{C151DC94-7231-4781-8AEA-E70F4D36093B}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes\{E8B856F0-07C2-49F8-89BF-C8FF3DC5D01C}: "URL" = http://start.pogo.ip...q={searchTerms}
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\SearchScopes\{FADAF79F-5160-A735-645A-89C6F36CD600}: "URL" = http://www.bing.com/...021&form=ZGAIDF
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-319656707-540591754-2592210645-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\Jon\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll File not found
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\Jon\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/30 12:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/06 03:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/06 03:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 21:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/05 21:26:03 | 000,000,000 | ---D | M]

[2013/02/05 21:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/05 21:26:09 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 03:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/08 18:06:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/01/09 20:28:36 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober213620374.xml
[2012/10/12 14:29:24 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/03/26 20:09:40 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober156772877.xml
[2011/04/15 22:41:25 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober97895541.xml

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Adobe = C:\Users\Jon\AppData\Roaming\34735E\34735E.exe
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA04278D-9A05-4EB7-988D-CEA818035CD4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\housecalllauncher.exe: Debugger - a_.exe File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - n_.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - a_.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 16:42:22 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{d046b7e7-32af-11e0-ab33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d046b7e7-32af-11e0-ab33-806e6f6e6963}\Shell\AutoRun\command - "" = F:\CTRun\Start.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/05/21 18:10:13 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2013/05/21 18:10:13 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/21 16:09:44 | 000,000,000 | --SD | C] -- C:\@GMT-2013.05.09-08.59.47
[2013/05/19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\IGG
[2013/05/07 20:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/07 20:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/21 21:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/21 21:21:15 | 2415,267,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 21:20:23 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 21:20:22 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 21:18:41 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/21 21:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/21 20:25:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 20:11:03 | 004,215,672 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/21 20:11:03 | 001,322,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/20 22:30:05 | 016,409,811 | ---- | M] () -- C:\Users\Jon\Desktop\spybotsd162.rar
[2013/05/19 22:46:24 | 000,151,552 | ---- | M] () -- C:\Users\Jon\cgadtf6cu60h2.exe
[2013/05/19 22:46:23 | 000,194,560 | ---- | M] () -- C:\Users\Jon\0ki7znduokheb.exe
[2013/05/15 05:00:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 05:00:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/07 20:21:02 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/01 18:38:57 | 206,373,954 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/20 22:29:53 | 016,409,811 | ---- | C] () -- C:\Users\Jon\Desktop\spybotsd162.rar
[2013/05/19 22:46:24 | 000,151,552 | ---- | C] () -- C:\Users\Jon\cgadtf6cu60h2.exe
[2013/05/19 22:46:23 | 000,194,560 | ---- | C] () -- C:\Users\Jon\0ki7znduokheb.exe
[2013/05/07 20:10:56 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/07 20:10:07 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 20:10:05 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/07 20:09:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 22:40:54 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/02/22 17:02:04 | 000,000,042 | ---- | C] () -- C:\Users\Jon\jagex_cl_oldschool_LIVE.dat
[2013/02/03 02:24:30 | 000,000,044 | ---- | C] () -- C:\Users\Jon\jagex_cl_loginapplet_LIVE.dat
[2013/02/03 00:58:59 | 000,001,194 | ---- | C] () -- C:\Windows\wininit.ini
[2013/02/02 23:32:17 | 000,075,630 | ---- | C] () -- C:\ProgramData\1359865869.bdinstall.bin
[2013/02/02 23:31:09 | 000,021,308 | ---- | C] () -- C:\ProgramData\1359865868.bdinstall.bin
[2013/02/02 23:01:19 | 000,139,237 | ---- | C] () -- C:\ProgramData\1359864051.bdinstall.bin
[2013/02/02 23:00:51 | 000,021,287 | ---- | C] () -- C:\ProgramData\1359864047.bdinstall.bin
[2013/02/01 23:02:17 | 000,151,660 | ---- | C] () -- C:\ProgramData\1359777545.bdinstall.bin
[2013/01/29 14:59:37 | 000,154,424 | ---- | C] () -- C:\Users\Jon\Volumeid.exe
[2012/12/11 21:25:58 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012/12/11 21:25:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012/09/22 01:32:46 | 000,140,360 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/09/22 01:32:40 | 000,283,032 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/09/20 23:29:56 | 000,138,056 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\PnkBstrK.sys
[2012/09/20 23:24:57 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/20 23:24:56 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/09/01 03:38:33 | 006,908,648 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2012/08/18 01:05:47 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/08/12 18:09:56 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012/08/12 18:09:56 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012/08/11 22:21:10 | 000,000,043 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE3.dat
[2012/07/18 11:34:51 | 000,000,043 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE2.dat
[2012/07/07 13:57:26 | 000,000,047 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/03 23:43:48 | 000,000,043 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE1.dat
[2012/02/27 15:37:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/11/21 23:43:37 | 000,000,032 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE.dat
[2011/11/21 23:43:37 | 000,000,024 | ---- | C] () -- C:\Users\Jon\random.dat
[2011/11/04 23:37:35 | 000,000,126 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2011/11/04 23:35:52 | 000,002,091 | R--- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2011/11/04 23:35:52 | 000,000,109 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2011/06/04 23:19:34 | 000,002,376 | R--- | C] () -- C:\Windows\cmudax3.ini
[2011/06/04 20:42:50 | 000,045,056 | ---- | C] () -- C:\Windows\CmUtil.dll
[2011/06/04 20:42:50 | 000,024,576 | ---- | C] () -- C:\Windows\Setup.exe
[2011/06/04 20:42:50 | 000,000,017 | ---- | C] () -- C:\Windows\CmSetx.dll

========== ZeroAccess Check ==========

[2012/01/19 17:22:32 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB50504$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JGZQE98L\wbads.vo.llnwd.net\o25\u
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 20:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/13 20:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/07/13 20:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV - [2011/11/17 00:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 16:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 23:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/13 20:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 00:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 20:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/13 20:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 20:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 20:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 20:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 20:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 05:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/21 00:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 00:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 20:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/13 20:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/07/13 20:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 20:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 00:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/08/27 00:46:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/13 20:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/01 23:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/07/13 20:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/08/01 17:18:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/07/13 20:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/07/13 20:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/07/13 20:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/07/13 20:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/07/13 20:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2009/07/13 20:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009/07/13 20:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 20:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/13 20:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 20:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/13 20:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 1234-AE52
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Jon
01/06/2011 07:31 PM <JUNCTION> Application Data [..]
01/06/2011 07:31 PM <JUNCTION> Cookies [..]
01/06/2011 07:31 PM <JUNCTION> Local Settings [..]
01/06/2011 07:31 PM <JUNCTION> My Documents [..]
01/06/2011 07:31 PM <JUNCTION> NetHood [..]
01/06/2011 07:31 PM <JUNCTION> PrintHood [..]
01/06/2011 07:31 PM <JUNCTION> Recent [..]
01/06/2011 07:31 PM <JUNCTION> SendTo [..]
01/06/2011 07:31 PM <JUNCTION> Start Menu [..]
01/06/2011 07:31 PM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
11/18/2012 04:03 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
11/18/2012 04:03 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
11/18/2012 04:03 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
11/18/2012 04:03 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
11/18/2012 04:03 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/18/2012 04:03 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/18/2012 04:03 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
11/18/2012 04:03 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
11/18/2012 04:03 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
11/18/2012 04:03 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
11/18/2012 04:03 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
11/18/2012 04:03 AM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
11/18/2012 04:03 AM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
11/18/2012 04:03 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
11/18/2012 04:03 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
11/18/2012 04:03 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
11/04/2011 11:37 PM <SYMLINKD> $NtUninstallKB50504$ [..]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
61 Dir(s) 47,345,766,400 bytes free

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB50504$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0DE96CF5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FEECF2C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:CFA8C6E3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BCDC6E07
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:76403E94
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D3A82449
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7DC5D762
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:90BA5E08
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:067BF339
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:598E0FFA

< End of report >

now from extras.txt

OTL Extras logfile created on: 5/22/2013 7:28:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.75% Memory free
6.00 Gb Paging File | 5.69 Gb Available in Paging File | 94.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.29 Gb Total Space | 44.09 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.40 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 7.12 Gb Free Space | 95.64% Space Free | Partition Type: FAT32

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = SecurePad.TXT] -- C:\Program Files\exLibertine\SecureNotepad\securepad.exe "%1"

[HKEY_USERS\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D8E289-0233-4F38-B535-CE17E183D6AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{1027F85E-29C8-4AFE-AB3A-FB3F45436367}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BAA4C2A-D935-410B-AB11-1E724790012C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2586BC92-AB3E-4F53-A1D8-2C647B2F07AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C307755-2385-4592-935B-D4A169E3D440}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{334F5949-5DA1-4E18-BF55-FE54AC72D463}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3703628E-89CA-4172-9E1D-529F76B45922}" = rport=445 | protocol=6 | dir=out | app=system |
"{4370A110-2621-4C94-8EEF-31551EB336E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{45CA4F7F-EFC5-4F0D-B48E-D6893B2B28CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{472AEAA0-9F98-4455-ADC3-F433173AC3A9}" = lport=12424 | protocol=6 | dir=in | name=bitcomet 12424 tcp |
"{4AAECAB5-627B-4D93-9DD3-263130ACEEDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52603F0E-7019-4F2C-A3F1-A1257FAF05F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53805522-AA6B-4B9A-816D-4363D1563D7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{542096CE-385E-4AE6-9F24-05AEE8E3A754}" = lport=57654 | protocol=17 | dir=in | name=pando media booster |
"{5B649E24-1343-46FD-8D27-830E23D81C94}" = lport=57654 | protocol=6 | dir=in | name=pando media booster |
"{66960B50-B0DB-4CAA-A70A-CB54BAA23803}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B4C4474-D8E6-4954-973A-35D30B958245}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70CF0E39-48D2-488B-850B-373BC74DE84D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B31F3B2-14EE-456A-A6D3-C035B6E7E520}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D210AAD-ABA3-4F08-B394-E35304B56735}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EDBEA62-661D-45FF-A9E0-074AF6B0D2B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{8103330D-9128-4539-A31A-11816A780F74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{85530B77-6943-4069-B37A-84456AD0DABA}" = lport=12424 | protocol=17 | dir=in | name=bitcomet 12424 udp |
"{8A8DE902-53B7-42B2-88D9-80BAE7CB166C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB2F7A2D-D519-46DA-99E3-6B702E4D52B3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{AD25DC75-0958-43AD-BE66-1EC0B65BEA82}" = lport=57654 | protocol=6 | dir=in | name=pando media booster |
"{B6F4C763-6476-49C5-9A6E-FABD874A0F28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B75E034A-56F5-47E5-BDA9-0737C8EB1BFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7A2E12B-8424-47B8-8AD0-7C9127E5039E}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCB53BEE-D8A3-49D9-865F-EFD559E885B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5767FFC-E627-492C-B074-D12EDACFA914}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D5BFF39D-D6B4-4E93-8E91-D504D5FC1E0B}" = lport=57654 | protocol=17 | dir=in | name=pando media booster |
"{E1CE416F-0039-45D5-828E-95ECE85CB077}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EACFE93E-66C1-4C15-9200-15CCB73B3147}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EAD4F60C-6629-4996-AEC4-1BA8F69997A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE21D40C-F42A-4DFE-A04C-1CEE6F5CE047}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9EB2B4F-4A2B-41CC-B4AC-316D36D2EB81}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FBD4B02E-F19F-4D72-B370-6111F10BED8E}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0187FCCD-0FEB-45D5-A337-F7A98881617E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0D2E0534-3FD8-423A-A3EA-28E0D16B8FDE}" = protocol=1 | dir=out | [email protected],-28544 |
"{0F73F46F-D612-4D8C-98C3-25D783CDB1C9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{2B6FA9F9-93D5-4094-9945-A66D79DB091F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2BE5E9D1-327B-4495-89BE-DD12B9D3521D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D269405-9CFE-4D60-8825-3569DCE0410D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{2D8FBD1F-C4D6-4E3E-80DF-EEE65CAC279A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe |
"{37FDF6EB-098A-4831-B1B8-2C4400AFF85C}" = protocol=1 | dir=in | [email protected],-28543 |
"{3888CF2A-6B4F-4BFE-A369-37DCC7D25648}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"{3C211928-63D7-42DA-8308-64F3F2F518AE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3D1282FE-8A56-43DC-BE26-E8BB1E6D32F9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{3D3A3427-50A8-408E-9DB7-21296182DF37}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{3F096108-6780-4D21-9AA2-C96EFD36478F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe |
"{41BBCB9B-81BA-4C01-B40A-9F2BDB69E693}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{4281BA06-C56A-498D-867C-04793DE9682E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4644E943-6D98-4759-9CB5-EA7FC8119129}" = protocol=58 | dir=out | [email protected],-28546 |
"{499ED625-86E7-479E-BF79-AFC5FA378B0F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{5311EC52-C06D-4DF7-A548-E2EC1B96CBFB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5493D3FC-3567-4E62-849F-A7862D96C5D6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5949C7AE-DAD1-4B44-98F1-4A89D2F90FCF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5B5D01FD-0849-4A42-AD49-1BEA7BA08F33}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"{5CC278CD-C8F5-42CD-A5C8-E1C582A94C7D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5FB45DA6-9C24-454E-9C91-01E4CDCAA9CF}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{63351324-D7FD-40ED-B74B-AC7D57532255}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{63EF6176-7079-4D16-A174-F46B8F3F9C75}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{65F6C769-3BAA-4173-AB3B-FC9C743DE2DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D47C482-D9D6-496A-B917-EF663F977B39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74C34045-0EDD-4F99-B896-6B0A9B3109B6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{76DA0F66-9DDA-4E6A-A2E7-9B90DC0728BB}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{79E6F023-9786-43B4-B7BD-1543A43AA452}" = protocol=58 | dir=in | [email protected],-28545 |
"{84826CAA-51FF-49C0-BEBB-B6B47622E0E7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{85B6094D-B570-45E5-AAA4-A58E3CC049C0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe |
"{86CE7916-A95D-463C-88A1-4727CB0AA616}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A786E39-A81B-40EF-BEB5-38D4CEFE475D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{906908C7-EDC4-4146-AA41-5C4D52C91F18}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9ADAB6EA-9E8A-41B7-8477-FBE5FC9D216B}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{9AEF099C-0DDA-4F1B-9A47-AAA986167771}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A0592CC4-362F-452B-832F-72B307EF46E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A197ABF6-4496-4859-BE32-8F3482B1ADAC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{AA65DF35-261A-4B78-90C3-09B5A2206E26}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{AADA5F43-2BFC-4422-8281-C7A94E751A99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B63E2E77-2BAA-483F-B10C-2EE46DDD507C}" = protocol=6 | dir=out | app=system |
"{BD251EDC-98C0-4157-AF41-362D528B1A41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFC6DC4E-41FB-4D3E-A5DD-BBB3DA42464E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C028F24E-C9EC-4301-82ED-5641CC9C79CB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{C12B9DEF-6BF9-484C-AEA8-4CF6BB085752}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{C19AE378-2AA2-4C93-ADB2-98791704E353}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{C4BBC8F0-9620-4F84-B362-44BF05A9B416}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe |
"{C8DA8D24-CCB6-4C66-9EEA-10E9AE1CBE6D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CFCA12B1-E384-4A40-9C63-B6889C8A75BF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{D5EE47AA-1C85-47D8-AE99-2B57DCA90171}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{E019213C-7150-441D-90F3-66E96716D1DF}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{E2FF2E66-B07D-4302-BB64-41EB79D2A706}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E3D83C4C-B6D0-4073-B51F-4E619B17085D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4474A90-8E2B-4AF3-9AA4-70ED19D32DBD}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{ED40FF47-ECCF-44E8-AE2E-A86BD8D1C66A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F235E95A-8E37-40D0-93A5-588D75D69E2E}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{FFBEA2B4-D2BE-42C4-A10B-CF3AADBB67ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0AF5EAC0-A2EE-49D5-B7E8-8A36AC82902A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{11A85D65-D166-443C-9FAF-4B81E95058B1}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{1D621A78-0A88-4533-9FBE-BB0BF68E9D8B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{56F480CF-4CB3-4863-954A-4D32C6D58612}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{A052F2A4-5875-4E7B-A21D-71EEB4B5BB31}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"TCP Query User{FD62DDF0-ABA5-40EB-A88F-2F760E35C3DD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{29215DD0-CE1B-4BF2-AE47-5876A93BC3DB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{363CC9FC-8E71-40F2-AF6B-7612F788A71F}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |
"UDP Query User{8C84E9AD-A793-4400-982F-2F9F7885A6AF}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{CAA1FE8F-5C1B-455D-B7B5-F43D0320B840}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{CC9FB5C3-343C-4ECA-88DA-34E3DB518BA2}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{E19B89DF-C9F1-4157-9417-1A40A1839C3A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{815928D4-B230-40C7-AEEF-FCC3DC4B3C59}" = Aeria Ignite
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11117633}" = Professor Fizzwizzle
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.WORD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.WORD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.10.1721" = Aeria Ignite
"Aika Online: Epic III" = Aika Online: Epic III
"AudioCS" = Creative Audio Control Panel
"BitComet" = BitComet 1.34
"BitTorrent" = BitTorrent
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"Florensia" = Florensia 2.00.01
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"hon" = Heroes of Newerth
"IDA Pro Free_is1" = IDA Pro Free v5.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.WORD" = Microsoft Word 2010
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 209870" = Blacklight: Retribution
"Steam App 300" = Day of Defeat: Source
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive Beta
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-319656707-540591754-2592210645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IGG Web3D Player_is1" = IGG Web3D Player version 1.0.0.38
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2013 11:19:19 PM | Computer Name = Jon-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 5/20/2013 11:27:12 PM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 26.0.1410.64, time
stamp: 0x5163bfb1 Faulting module name: chrome.dll, version: 26.0.1410.64, time
stamp: 0x5163bf4a Exception code: 0x80000003 Fault offset: 0x005df7d7 Faulting process
id: 0x49c Faulting application start time: 0x01ce55d3143adf10 Faulting application
path: C:\Program Files\Google\Chrome\Application\chrome.exe Faulting module path:
C:\Program Files\Google\Chrome\Application\26.0.1410.64\chrome.dll Report Id: 52f46550-c1c6-11e2-ae95-002618e77251

Error - 5/20/2013 11:27:15 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/20/2013 11:27:15 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/20/2013 11:43:05 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/20/2013 11:43:05 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/21/2013 4:17:50 PM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.73.18.98, time stamp:
0x5171944e Faulting module name: libcef.dll, version: 1.989.464.0, time stamp: 0x5152264d
Exception
code: 0x80000003 Fault offset: 0x0002f2a0 Faulting process id: 0xc18 Faulting application
start time: 0x01ce566031e3e880 Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
module path: C:\Program Files\Steam\bin\libcef.dll Report Id: 825375b0-c253-11e2-aa51-002618e77251

Error - 5/21/2013 4:21:29 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/21/2013 4:21:29 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/21/2013 5:03:06 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/21/2013 5:03:06 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 5/21/2013 10:21:41 PM | Computer Name = Jon-PC | Source = DCOM | ID = 10005
Description =

Error - 5/21/2013 10:21:41 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:41 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:51 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:51 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:51 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:51 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:51 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/21/2013 10:21:51 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/22/2013 8:21:29 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068


< End of report >
  • 0

#4
Jasmyne
Posted 23 May 2013 - 05:10 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Frostwire
BitTorrent
BitComet


Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.
[/list]
----------------------------
Now that's out of the way, lets get started :)

Step 1 Run RogueKiller

  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2 Run ComboFix

Download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console
Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Step 3 Run AdwCleaner

  • Download AdwCleaner from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 4 Get a fresh OTL Scan
  • Double click OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. RogueKiller Logs
2. ComboFix Log
3. AdwCleaner Log
4. Fresh OTL Log
5. How is the computer running?
  • 0

#5
Jhoffz88
Posted 23 May 2013 - 08:48 PM

Jhoffz88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
when i open IE , which is the only program i have left to browse the web with it still redirects me from cetrain websites, i have a folder of some kind on my desktop called " jon " that everything inside says i do not have permission to access so im guessing maybe i need to reinstall my browsers? heres the logs

rogue killers

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 05/21/2013 06:08:47 PM in x86 mode.
Windows Version: Windows Seven Black Edition

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\nvvsvc.exe (PID: 724) [FI]
* C:\Windows\system32\nvvsvc.exe (PID: 1408) [FI]
* C:\Windows\system32\PnkBstrA.exe (PID: 2000) [WD-HEUR]
* C:\Windows\system32\sppsvc.exe (PID: 1700) [WD-HEUR]
* C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (PID: 2364) [FI]
* C:\Program Files\Common Files\Java\Java Update\jusched.exe (PID: 2580) [FI]
* C:\Windows\System32\rundll32.exe (PID: 2588) [WD-HEUR]
* C:\Program Files\Internet Explorer\iexplore.exe (PID: 3028) [FI]
* C:\Program Files\Internet Explorer\iexplore.exe (PID: 3080) [FI]
* C:\Windows\system32\SearchIndexer.exe (PID: 3224) [WD-HEUR]
* C:\Program Files\Internet Explorer\iexplore.exe (PID: 2996) [FI]
* C:\Program Files\Internet Explorer\iexplore.exe (PID: 2224) [FI]
* C:\Windows\system32\AUDIODG.EXE (PID: 4016) [WD-HEUR]
* C:\Windows\system32\WUDFHost.exe (PID: 3556) [WD-HEUR]

14 proccesses terminated!

Possibly Patched Files.

* C:\Windows\system32\csrss.exe
* C:\Windows\system32\wininit.exe
* C:\Windows\system32\csrss.exe
* C:\Windows\system32\services.exe
* C:\Windows\system32\lsass.exe
* C:\Windows\system32\lsm.exe
* C:\Windows\system32\winlogon.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\spoolsv.exe
* C:\Windows\system32\taskhost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\Dwm.exe
* C:\Windows\system32\wbem\wmiprvse.exe
* C:\Windows\system32\DllHost.exe
* C:\Windows\system32\conhost.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* MpsSvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\appmgmts.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll : 149,504 : 07/13/2009 08:14 PM : a45d184df6a8803da13a0b329517a64a [Pos Repl]

* C:\Windows\System32\browser.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_78bf7cdcff520ade\browser.dll : 102,400 : 07/13/2009 08:15 PM : 598e1280e7ff3744f4b8329366cc5635 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_78e0d070ff38f28e\browser.dll : 102,912 : 07/04/2012 04:23 PM : a0e691dc6589d4d2cbe373171d1a49e5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_796a6f2218568f7f\browser.dll : 102,912 : 07/04/2012 04:24 PM : f319bc3931655b9d5d145ac4f6eae7e2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_7aa7e7c0fc769589\browser.dll : 102,912 : 07/04/2012 04:14 PM : 3daa727b5b0a45039b0e1c9a211b8400 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_7b599b801576accc\browser.dll : 102,912 : 07/04/2012 04:17 PM : 28b0cf997de2852e9d27a36cdd6884c8 [Pos Repl]

* C:\Windows\System32\cngaudit.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll : 12,288 : 07/13/2009 08:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]

* C:\Windows\System32\comctl32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll : 530,432 : 07/13/2009 08:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll : 530,432 : 08/21/2010 08:33 AM : d3ead1cf16ba729a7f7c9a5d94aa7c05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll : 530,432 : 08/21/2010 08:52 AM : bf5d71b4a40687a90c8b47f776758a6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll : 530,432 : 07/13/2009 08:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll : 530,432 : 08/21/2010 08:33 AM : d3ead1cf16ba729a7f7c9a5d94aa7c05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll : 530,432 : 08/21/2010 08:52 AM : bf5d71b4a40687a90c8b47f776758a6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll : 1,680,896 : 07/13/2009 08:03 PM : 0fa436a553408cbeba070e3182658de3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll : 1,680,896 : 08/21/2010 08:21 AM : 4b8dd8541c0e26602005dd0137333615 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll : 1,680,896 : 08/21/2010 08:43 AM : 70ef5dfef7069164eacf7140c2cc6344 [Pos Repl]

* C:\Windows\System32\comres.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll : 1,297,408 : 07/13/2009 08:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl]

* C:\Windows\System32\conhost.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16385_none_74321d74636d5b24\conhost.exe : 271,360 : 07/13/2009 08:14 PM : 29d9fcdf65b7c823688a035937bb6697 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16816_none_747ed6b06333a2a7\conhost.exe : 271,872 : 05/14/2011 08:33 AM : 6eed825122ea3bdb9d456ac97978ffed [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16850_none_744d954463597a61\conhost.exe : 271,360 : 07/15/2011 11:31 PM : b5c8881951776ecd34ed2929b1af975d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.17135_none_7468127c6344eec2\conhost.exe : 271,360 : 10/04/2012 11:00 AM : e0896ec4b12ea977a7c81d1a8dab6667 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.17206_none_74898470632bb16d\conhost.exe : 271,360 : 01/03/2013 08:59 PM : 06325e5412596f7b4a8170519ef64392 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20978_none_74c994877c801cc5\conhost.exe : 271,872 : 06/03/2011 08:59 AM : 1f4fe2bdb51a23bda5d6a359ac063917 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20995_none_74b0f3d17c9308a2\conhost.exe : 271,360 : 06/23/2011 11:25 PM : 9f015a7096d21e6fdbab4cf649c16a16 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.21335_none_74f1b12d7c628bb3\conhost.exe : 271,360 : 10/04/2012 11:02 AM : 27ba2d6a9ba1b12401990b3e4dd637d7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.21416_none_750853357c516a4f\conhost.exe : 271,360 : 01/03/2013 08:55 PM : 47efc54249428c8615dffc9677a73fbf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17617_none_76663400605927ea\conhost.exe : 271,872 : 05/14/2011 08:23 AM : df9da0d253e05968d73cb4b1fd7a68e6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17641_none_763fc2806076e3b3\conhost.exe : 271,360 : 06/23/2011 11:22 PM : 7b162f044b225fe0cf25cacb5f05b07e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17965_none_762e298260837866\conhost.exe : 271,360 : 10/04/2012 11:57 AM : 310e9119d0a1cfdf1da897089b533d81 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21728_none_76e60129797dfcfc\conhost.exe : 271,872 : 05/14/2011 11:35 AM : f05a640a398be8f500c089b918ab1ebb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_76c390d179981e21\conhost.exe : 271,360 : 06/24/2011 11:56 AM : 5a95d2808edd2e879674b35b82877e79 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22125_none_76e2de1f7980dbae\conhost.exe : 271,360 : 10/04/2012 11:47 AM : 053bb2b53053f7e90a2884a855d9c21f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22209_none_76fc8105796d064f\conhost.exe : 271,360 : 01/03/2013 08:58 PM : 119f3800097d342f5f0cc2e392c29664 [Pos Repl]

* C:\Windows\System32\cryptsvc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll : 135,680 : 07/13/2009 08:15 PM : 9c231178ce4fb385f4b54b0a9080b8a4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll : 139,264 : 04/23/2012 11:47 PM : 520a108a2657f4bca7fced9ca7d885de [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll : 139,264 : 06/01/2012 11:45 PM : f2fde6c8dbaad44cc58d1e07e4af4eed [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll : 141,312 : 04/23/2012 11:33 PM : f522279b4717e2bff269c771fac2b78e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll : 141,312 : 06/01/2012 11:41 PM : ea8c26ecf1656d9647ef044f115ec6da [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll : 140,288 : 04/23/2012 11:36 PM : 06e771aa596b8761107ab57e99f128d7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll : 140,288 : 06/01/2012 11:36 PM : 96c0e38905cfd788313be8e11dae3f2f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : 142,336 : 04/23/2012 11:28 PM : 21993009e0ccb9b4fa195f14d3408626 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll : 142,336 : 06/01/2012 11:52 PM : 063dd65889d21035311463337bd268e7 [Pos Repl]

* C:\Windows\System32\csrss.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe : 6,144 : 07/13/2009 08:14 PM : 342271f6142e7c70805b8a81e1ba5f5c [Pos Repl]

* C:\Windows\System32\ctfmon.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe : 8,704 : 07/13/2009 08:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl]

* C:\Windows\System32\d3d8.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d8_31bf3856ad364e35_6.1.7600.16385_none_c222c27ec21ab213\d3d8.dll : 1,036,800 : 07/13/2009 08:15 PM : 241a1900c52dcba38b20a4f3671444e0 [Pos Repl]

* C:\Windows\System32\d3d8thk.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d8thk.dll : 11,264 : 07/13/2009 08:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]

* C:\Windows\System32\d3d9.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll : 1,826,816 : 07/13/2009 08:15 PM : 7459301d21c2e21468823f73042d9f87 [Pos Repl]

* C:\Windows\System32\ddraw.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll : 531,968 : 07/13/2009 08:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl]

* C:\Windows\System32\dllhost.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7,168 : 07/13/2009 08:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl]

* C:\Windows\System32\drivers\acpi.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_ddd3c514822f1b21\acpi.sys : 274,496 : 07/13/2009 08:26 PM : f0e07d144c8685b8774bc32fc8da4df0 [Pos Repl]
+-> C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_225f1a272f5b64b9\acpi.sys : 274,496 : 07/13/2009 08:26 PM : f0e07d144c8685b8774bc32fc8da4df0 [Pos Repl]

* C:\Windows\System32\drivers\afd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys : 338,944 : 07/13/2009 06:12 PM : ddc040fdb01ef1712a6b13e52afb104c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys : 338,944 : 04/24/2011 09:35 PM : 0db7a48388d54d154ebec120461a0fcd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys : 338,944 : 04/24/2011 09:27 PM : c114ab7a1550d42ea1700ffd4179cf5a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys : 338,944 : 04/24/2011 09:18 PM : 9ebbba55060f786f0fcaa3893bfa2806 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys : 338,944 : 04/24/2011 10:24 PM : c427f91a748cd342a2b3f9278d9fd6a5 [Pos Repl]

* C:\Windows\System32\drivers\agp440.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys : 53,312 : 07/13/2009 08:26 PM : 507812c3054c21cef746b6ee3d04dd6e [Pos Repl]
+-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys : 53,312 : 07/13/2009 08:26 PM : 507812c3054c21cef746b6ee3d04dd6e [Pos Repl]

* C:\Windows\System32\drivers\asyncmac.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys : 17,920 : 07/13/2009 06:54 PM : add2ade1c2b285ab8378d2daaf991481 [Pos Repl]

* C:\Windows\System32\drivers\atapi.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys : 21,584 : 07/13/2009 08:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl]
+-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys : 21,584 : 07/13/2009 08:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl]

* C:\Windows\System32\drivers\battc.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_x86_neutral_5752155055c5e2d7\battc.sys : 25,168 : 07/13/2009 08:26 PM : 2b8ee031fd700ab942ebe60665440e83 [Pos Repl]
+-> C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_15fde90fb523bb21\battc.sys : 25,168 : 07/13/2009 08:26 PM : 2b8ee031fd700ab942ebe60665440e83 [Pos Repl]

* C:\Windows\System32\drivers\beep.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys : 6,144 : 07/13/2009 06:45 PM : 505506526a9d467307b3c393dedaf858 [Pos Repl]

* C:\Windows\System32\drivers\bridge.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_07c046fe67692e98\bridge.sys : 78,336 : 07/13/2009 07:41 PM : 77361d72a04f18809d0efb6cceb74d4b [Pos Repl]

* C:\Windows\System32\drivers\cdfs.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_a63de9327e477e37\cdfs.sys : 70,656 : 07/13/2009 06:11 PM : 77ea11b065e0a8ab902d78145ca51e10 [Pos Repl]

* C:\Windows\System32\drivers\cdrom.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys : 108,544 : 07/13/2009 06:11 PM : ba6e70aa0e6091bc39de29477d866a77 [Pos Repl]
+-> C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys : 108,544 : 07/13/2009 06:11 PM : ba6e70aa0e6091bc39de29477d866a77 [Pos Repl]

* C:\Windows\System32\drivers\classpnp.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7600.16385_none_155984bf0d656ab3\Classpnp.sys : 140,864 : 07/13/2009 08:26 PM : a6388a5abf92c7927c085db0a958125f [Pos Repl]

* C:\Windows\System32\drivers\CmBatt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_x86_neutral_5752155055c5e2d7\CmBatt.sys : 14,080 : 07/13/2009 06:19 PM : dea805815e587dad1dd2c502220b5616 [Pos Repl]
+-> C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_15fde90fb523bb21\CmBatt.sys : 14,080 : 07/13/2009 06:19 PM : dea805815e587dad1dd2c502220b5616 [Pos Repl]

* C:\Windows\System32\drivers\compbatt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_x86_neutral_5752155055c5e2d7\compbatt.sys : 19,024 : 07/13/2009 08:26 PM : a6023d3823c37043986713f118a89bee [Pos Repl]
+-> C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_15fde90fb523bb21\compbatt.sys : 19,024 : 07/13/2009 08:26 PM : a6023d3823c37043986713f118a89bee [Pos Repl]

* C:\Windows\System32\drivers\diskdump.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7600.16385_none_66948c2ff899c64e\Diskdump.sys : 26,688 : 07/13/2009 08:20 PM : 9e9c3566083e3a152d4d5c5311a852ab [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7600.16634_none_66c9a133f87218b7\Diskdump.sys : 26,504 : 07/13/2010 08:22 AM : 3d8bdf695ba1569995027ad904f847e9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7600.20753_none_673c9ddd11a0d70c\Diskdump.sys : 26,504 : 07/13/2010 08:13 AM : d222767544650379e5c0385de9b40dbb [Pos Repl]

* C:\Windows\System32\drivers\disk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys : 57,424 : 07/13/2009 08:20 PM : 565003f326f99802e68ca78f2a68e9ff [Pos Repl]
+-> C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys : 57,424 : 07/13/2009 08:20 PM : 565003f326f99802e68ca78f2a68e9ff [Pos Repl]

* C:\Windows\System32\drivers\drmkaud.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_aed2a4456700dfde\drmkaud.sys : 5,120 : 07/13/2009 06:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl]
+-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_603daf367b793e32\drmkaud.sys : 5,120 : 07/13/2009 06:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl]

* C:\Windows\System32\drivers\drmk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_aed2a4456700dfde\drmk.sys : 80,896 : 07/13/2009 07:41 PM : 27f9288af019e6daca281ede51ff5928 [Pos Repl]
+-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_603daf367b793e32\drmk.sys : 80,896 : 07/13/2009 07:41 PM : 27f9288af019e6daca281ede51ff5928 [Pos Repl]

* C:\Windows\System32\drivers\dxapi.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-useros_31bf3856ad364e35_6.1.7600.16385_none_cd450af4ce8086e8\dxapi.sys : 13,312 : 07/13/2009 06:25 PM : 5fcd3320aae71506b43f9e12e4e72172 [Pos Repl]

* C:\Windows\System32\drivers\dxg.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_a8c197c1bc709e3e\dxg.sys : 76,288 : 07/13/2009 06:25 PM : 1b6242b20cb56f85a158e67f09ee84fe [Pos Repl]

* C:\Windows\System32\drivers\fastfat.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys : 148,480 : 07/13/2009 06:14 PM : 7e0ab74553476622fb6ae36f73d97d35 [Pos Repl]

* C:\Windows\System32\drivers\fdc.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\fdc.inf_x86_neutral_67322cb863995ea8\fdc.sys : 25,088 : 07/13/2009 06:45 PM : e817a017f82df2a1f8cfdbda29388b29 [Pos Repl]
+-> C:\Windows\winsxs\x86_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_0168099141bb7be7\fdc.sys : 25,088 : 07/13/2009 06:45 PM : e817a017f82df2a1f8cfdbda29388b29 [Pos Repl]

* C:\Windows\System32\drivers\flpydisk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_x86_neutral_2102f5344367a352\flpydisk.sys : 19,968 : 07/13/2009 06:45 PM : 87907aa70cb3c56600f1c2fb8841579b [Pos Repl]
+-> C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_e6e06650dbcf54b4\flpydisk.sys : 19,968 : 07/13/2009 06:45 PM : 87907aa70cb3c56600f1c2fb8841579b [Pos Repl]

* C:\Windows\System32\drivers\fltMgr.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.1.7600.16385_none_10dfc9158c1fa6f6\fltMgr.sys : 198,208 : 07/13/2009 08:20 PM : 7520ec808e0c35e0ee6f841294316653 [Pos Repl]

* C:\Windows\System32\drivers\fs_rec.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16385_none_25289c6a9fa4dca8\fs_rec.sys : 19,536 : 07/13/2009 08:20 PM : a574b4360e438977038aae4bf60d79a2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16970_none_252e76489fa130ee\fs_rec.sys : 19,312 : 02/29/2012 11:53 PM : 500a9814fd9446a8126858a5a7f7d273 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.21160_none_25c2bb21b8b6e809\fs_rec.sys : 19,312 : 02/29/2012 11:34 PM : 4f7b22cd40d4acfb9dd89f1080d3e9fe [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\fs_rec.sys : 19,824 : 02/29/2012 11:46 PM : 7dae5ebcc80e45d3253f4923dc424d05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.21933_none_27ccb28db5c2160c\fs_rec.sys : 19,824 : 02/29/2012 11:31 PM : d550d49eebe4bf9d351769fd66ca3c8f [Pos Repl]

* C:\Windows\System32\drivers\hidclass.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_5a80b94d3045438a\hidclass.sys : 55,808 : 07/13/2009 06:51 PM : b682e1cc0fdc7ac04b71d1fa9a07ef21 [Pos Repl]
+-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7600.16385_none_2045efea8171454c\hidclass.sys : 55,808 : 07/13/2009 06:51 PM : b682e1cc0fdc7ac04b71d1fa9a07ef21 [Pos Repl]

* C:\Windows\System32\drivers\hidparse.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_5a80b94d3045438a\hidparse.sys : 25,728 : 07/13/2009 06:51 PM : 6c26122f1931d4d7810240f32ddce890 [Pos Repl]
+-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7600.16385_none_2045efea8171454c\hidparse.sys : 25,728 : 07/13/2009 06:51 PM : 6c26122f1931d4d7810240f32ddce890 [Pos Repl]

* C:\Windows\System32\drivers\hidusb.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_5a80b94d3045438a\hidusb.sys : 24,064 : 07/13/2009 06:51 PM : 25072fb35ac90b25f9e4e3bacf774102 [Pos Repl]
+-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7600.16385_none_2045efea8171454c\hidusb.sys : 24,064 : 07/13/2009 06:51 PM : 25072fb35ac90b25f9e4e3bacf774102 [Pos Repl]

* C:\Windows\System32\drivers\http.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7600.16385_none_ac97526c7a2e8289\http.sys : 513,024 : 07/13/2009 06:12 PM : c531c7fd9e8b62021112787c4e2c5a5a [Pos Repl]

* C:\Windows\System32\drivers\i8042prt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys : 80,896 : 07/13/2009 06:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys : 80,896 : 07/13/2009 06:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl]
+-> C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys : 80,896 : 07/13/2009 06:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl]
+-> C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys : 80,896 : 07/13/2009 06:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl]

* C:\Windows\System32\drivers\intelide.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\intelide.sys : 15,424 : 07/13/2009 08:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl]
+-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\intelide.sys : 15,424 : 07/13/2009 08:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl]

* C:\Windows\System32\drivers\intelppm.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_x86_neutral_729b871528391032\intelppm.sys : 53,760 : 07/13/2009 06:11 PM : 3b514d27bfc4accb4037bc6685f766e0 [Pos Repl]
+-> C:\Windows\winsxs\x86_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_5d20b0c250b4b524\intelppm.sys : 53,760 : 07/13/2009 06:11 PM : 3b514d27bfc4accb4037bc6685f766e0 [Pos Repl]

* C:\Windows\System32\drivers\ipfltdrv.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7600.16385_none_e73fda0c2083052a\ipfltdrv.sys : 58,880 : 07/13/2009 06:54 PM : 709d1761d3b19a932ff0238ea6d50200 [Pos Repl]

* C:\Windows\System32\drivers\ipnat.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_5aee6dbbdcaf7199\ipnat.sys : 101,888 : 07/13/2009 06:54 PM : a5fa468d67abcdaa36264e463a7bb0cd [Pos Repl]

* C:\Windows\System32\drivers\irenum.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-irdaircomm_31bf3856ad364e35_6.1.7600.16385_none_2867d22e85fcfdfa\irenum.sys : 13,824 : 07/13/2009 06:53 PM : 42996cff20a3084a56017b7902307e9f [Pos Repl]

* C:\Windows\System32\drivers\isapnp.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys : 46,656 : 07/13/2009 08:20 PM : 1f32bb6b38f62f7df1a7ab7292638a35 [Pos Repl]
+-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys : 46,656 : 07/13/2009 08:20 PM : 1f32bb6b38f62f7df1a7ab7292638a35 [Pos Repl]

* C:\Windows\System32\drivers\kbdclass.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\kbdclass.sys : 42,576 : 07/13/2009 08:20 PM : adef52ca1aeae82b50df86b56413107e [Pos Repl]
+-> C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\kbdclass.sys : 42,576 : 07/13/2009 08:20 PM : adef52ca1aeae82b50df86b56413107e [Pos Repl]

* C:\Windows\System32\drivers\ksecdd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\ksecdd.sys : 67,664 : 07/13/2009 08:20 PM : e36a061ec11b373826905b21be10948f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\ksecdd.sys : 67,664 : 07/13/2009 08:20 PM : e36a061ec11b373826905b21be10948f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\ksecdd.sys : 67,440 : 11/16/2011 11:48 PM : 0263364acb9c834ace52fb85c2c064ec [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\ksecdd.sys : 67,440 : 06/01/2012 11:51 PM : 52fc17c8589f11747d01d3cf592673d0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\ksecdd.sys : 67,664 : 07/13/2009 08:20 PM : e36a061ec11b373826905b21be10948f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\ksecdd.sys : 67,440 : 11/17/2011 08:20 AM : eb58ce9c7291ae1917eecf25543b3a9d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\ksecdd.sys : 67,440 : 06/01/2012 11:50 PM : 5a07985c21039e42ac014853b7cd5a05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\ksecdd.sys : 67,440 : 11/16/2011 11:41 PM : f4647bb23db9038a7536cf6b68f4207f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\ksecdd.sys : 67,440 : 06/01/2012 11:45 PM : b7895b4182c0d16f6efadeb8081e8d36 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\ksecdd.sys : 67,440 : 11/16/2011 11:35 PM : 91beb3c853eb11ab8363f2f261875fea [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\ksecdd.sys : 67,440 : 06/01/2012 11:57 PM : 1cb63b575adbd14a7216f6c4716816bb [Pos Repl]

* C:\Windows\System32\drivers\ks.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16385_none_5757187af737b0be\ks.sys : 190,976 : 07/13/2009 06:45 PM : f762edd3acca095f5af4d719f3b8ae3d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16543_none_57805b62f719089a\ks.sys : 190,976 : 03/03/2010 09:57 PM : 9e79e2354301783d5e0d48411c2a7466 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.20659_none_580529fe10395c5f\ks.sys : 190,976 : 03/03/2010 09:53 PM : 5a5c40af44df5fac634b6c3555aa8808 [Pos Repl]

* C:\Windows\System32\drivers\mcd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_c87bc13e280dd10a\mcd.sys : 18,432 : 07/13/2009 06:45 PM : ef08d2ebe3eabba43cc57eee001027b6 [Pos Repl]

* C:\Windows\System32\drivers\modem.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_2fdad9144fff701e\modem.sys : 31,744 : 07/13/2009 06:55 PM : f001861e5700ee84e2d4e52c712f4964 [Pos Repl]

* C:\Windows\System32\drivers\mouclass.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\mouclass.sys : 41,552 : 07/13/2009 08:20 PM : fb18cc1d4c2e716b6b903b0ac0cc0609 [Pos Repl]
+-> C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\mouclass.sys : 41,552 : 07/13/2009 08:20 PM : fb18cc1d4c2e716b6b903b0ac0cc0609 [Pos Repl]

* C:\Windows\System32\drivers\mouhid.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\mouhid.sys : 26,112 : 07/13/2009 06:45 PM : 2c388d2cd01c9042596cf3c8f3c7b24d [Pos Repl]
+-> C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\mouhid.sys : 26,112 : 07/13/2009 06:45 PM : 2c388d2cd01c9042596cf3c8f3c7b24d [Pos Repl]

* C:\Windows\System32\drivers\mountmgr.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_f26e7ae968595905\mountmgr.sys : 78,416 : 07/13/2009 08:20 PM : 921c18727c5920d6c0300736646931c2 [Pos Repl]

* C:\Windows\System32\drivers\mrxdav.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7600.16385_none_14813b5b270f3a0b\mrxdav.sys : 115,712 : 07/13/2009 06:14 PM : b1be47008d20e43da3adc37c24cdb89d [Pos Repl]

* C:\Windows\System32\drivers\mrxsmb.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_7f67c358b2710494\mrxsmb.sys : 123,392 : 07/13/2009 06:14 PM : f4a054be78af7f410129c4b64b07dc9b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_7fa1d7e8b244d889\mrxsmb.sys : 123,392 : 02/27/2010 06:32 AM : f1b6aa08497ea86ca6ef6f7a08b0bfb8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16765_none_7f7d6ac8b260c14e\mrxsmb.sys : 123,392 : 02/22/2011 11:05 PM : b4c76ef46322a9711c7b0f4e21ef6ea5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_7fc14d14b22d62d4\mrxsmb.sys : 123,392 : 05/03/2011 09:43 PM : ca7570e42522e24324a12161db14ec02 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_8011d3b3cb764ad9\mrxsmb.sys : 123,392 : 02/27/2010 09:33 AM : dd364c196f822edc52217e8e819c8664 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20907_none_8049e995cb4be947\mrxsmb.sys : 123,904 : 02/22/2011 09:37 PM : 5dc06ceb9aa4b65e724376766eb410ab [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_8015da8dcb72a7aa\mrxsmb.sys : 123,904 : 05/03/2011 09:23 PM : ae6248d356c6c1de1623f0610b7fb0a3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_8163c7ceaf872d3a\mrxsmb.sys : 123,904 : 02/22/2011 10:47 PM : ed3d3419b064f28d812995ed8cadc541 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_81a4a93caf5682bb\mrxsmb.sys : 123,904 : 04/26/2011 09:17 PM : 5d16c921e3671636c0eba3bbaac5fd25 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_81ee64e3c8a3e65b\mrxsmb.sys : 123,904 : 02/22/2011 09:09 PM : c76fd653db8b90da85ead12b12fffc9f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_822275d1c87d251f\mrxsmb.sys : 123,904 : 04/26/2011 09:15 PM : 39a8ff477b3f5d0edfe814155841c735 [Pos Repl]

* C:\Windows\System32\drivers\msfs.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_a646965e7e3ffc0c\msfs.sys : 22,528 : 07/13/2009 06:11 PM : daefb28e3af5a76abcc2c3078c07327f [Pos Repl]

* C:\Windows\System32\drivers\MSKSSRV.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_61cb11453c0f45a5\mskssrv.sys : 8,320 : 07/13/2009 06:45 PM : 8c0860d6366aaffb6c5bb9df9448e631 [Pos Repl]

* C:\Windows\System32\drivers\MSPCLOCK.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_61cb11453c0f45a5\mspclock.sys : 5,888 : 07/13/2009 06:45 PM : 3ea8b949f963562cedbb549eac0c11ce [Pos Repl]

* C:\Windows\System32\drivers\MSPQM.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_61cb11453c0f45a5\mspqm.sys : 5,504 : 07/13/2009 06:45 PM : f456e973590d663b1073e9c463b40932 [Pos Repl]

* C:\Windows\System32\drivers\mssmbios.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\mssmbios.sys : 28,240 : 07/13/2009 08:20 PM : fc6b9ff600cc585ea38b12589bd4e246 [Pos Repl]
+-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\mssmbios.sys : 28,240 : 07/13/2009 08:20 PM : fc6b9ff600cc585ea38b12589bd4e246 [Pos Repl]

* C:\Windows\System32\drivers\mup.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.1.7600.16385_none_acc89f51b9d75e29\mup.sys : 49,728 : 07/13/2009 08:20 PM : 159fad02f64e6381758c990f753bcc80 [Pos Repl]

* C:\Windows\System32\drivers\ndis.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys : 710,720 : 07/13/2009 08:20 PM : 23759d175a0a9baaf04d05047bc135a8 [Pos Repl]

* C:\Windows\System32\drivers\ndistapi.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_0db6be04dbc2da8a\ndistapi.sys : 20,992 : 07/13/2009 06:54 PM : e4a8aec125a2e43a9e32afeea7c9c888 [Pos Repl]

* C:\Windows\System32\drivers\ndisuio.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7600.16385_none_6bc75de74831b352\ndisuio.sys : 45,568 : 07/13/2009 06:53 PM : b30ae7f2b6d7e343b0df32e6c08fce75 [Pos Repl]

* C:\Windows\System32\drivers\ndiswan.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_f30ee6e4b89e5dbf\ndiswan.sys : 118,784 : 07/13/2009 06:54 PM : 267c415eadcbe53c9ca873dee39cf3a4 [Pos Repl]

* C:\Windows\System32\drivers\ndproxy.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_0db6be04dbc2da8a\ndproxy.sys : 48,128 : 07/13/2009 06:54 PM : af7e7c63dcef3f8772726f86039d6eb4 [Pos Repl]

* C:\Windows\System32\drivers\netbios.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_59b80e4dcc72e431\netbios.sys : 36,352 : 07/13/2009 06:53 PM : 80b275b1ce3b0e79909db7b39af74d51 [Pos Repl]

* C:\Windows\System32\drivers\netbt.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys : 187,904 : 07/13/2009 06:12 PM : dd52a733bf4ca5af84562a5e2f963b91 [Pos Repl]

* C:\Windows\System32\drivers\npfs.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-npfs_31bf3856ad364e35_6.1.7600.16385_none_a647db007e3ec880\npfs.sys : 35,328 : 07/13/2009 06:11 PM : 1db262a9f8c087e8153d89bef3d2235f [Pos Repl]

* C:\Windows\System32\drivers\ntfs.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys : 1,210,432 : 07/13/2009 08:20 PM : 3795dcd21f740ee799fb7223234215af [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17267_none_a65f079e7e2d464a\ntfs.sys : 1,210,712 : 03/01/2013 11:09 PM : a458a5f7fd79c477d40ed42cf5a230cb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17281_none_a643660a7e42e622\ntfs.sys : 1,210,728 : 04/12/2013 11:58 AM : a8f59428e9f361c7ac42a94ac1560bc9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21483_none_a6cf054f975eb5c1\ntfs.sys : 1,211,240 : 03/01/2013 11:01 PM : 76371f9d9fcde3acdfec3d7c3e585fb5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21499_none_a6ca371f976169bc\ntfs.sys : 1,211,240 : 04/12/2013 11:59 AM : e3b53a54a7af3b3098701783ba15ff75 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_a88545c87b23ee60\ntfs.sys : 1,212,264 : 03/01/2013 11:07 PM : 9cdaebe5160b9af02ae17c62bdb6c4b5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys : 1,211,752 : 04/12/2013 11:45 AM : 5e43d2b0ee64123d4880dfa6626defde [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_a8bf31f7947dec65\ntfs.sys : 1,213,272 : 03/01/2013 10:30 PM : bdc9ce1b497b6c266ed70e3d34184f40 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys : 1,213,288 : 04/12/2013 10:53 AM : a543d7fd38f51123ca6b8b4722e4d322 [Pos Repl]

* C:\Windows\System32\drivers\null.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys : 4,608 : 07/13/2009 06:11 PM : f9756a98d69098dca8945d62858a812c [Pos Repl]

* C:\Windows\System32\drivers\parport.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\parport.sys : 79,360 : 07/13/2009 06:45 PM : 2ea877ed5dd9713c5ac74e8ea7348d14 [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\parport.sys : 79,360 : 07/13/2009 06:45 PM : 2ea877ed5dd9713c5ac74e8ea7348d14 [Pos Repl]

* C:\Windows\System32\drivers\partmgr.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7600.16385_none_e17269af1bc32604\partmgr.sys : 56,912 : 07/13/2009 08:20 PM : ff4218952b51de44fe910953a3e686b9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7600.16979_none_e18146271bb75e59\partmgr.sys : 56,688 : 03/17/2012 08:20 AM : 66d3415c159741ade7038a277efff99f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7600.21172_none_e203b90e34db8004\partmgr.sys : 56,176 : 03/17/2012 08:25 AM : 58916826a13a721e7f73f454daa6c9c8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.17796_none_e34f027718f0b622\partmgr.sys : 56,176 : 03/17/2012 08:27 AM : 3f34a1b4c5f6475f320c275e63afce9b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.21946_none_e40eb0c431e5c75e\partmgr.sys : 56,176 : 03/17/2012 08:05 AM : 2dbfa1d13f039e222d18bc7b36ac6cdb [Pos Repl]

* C:\Windows\System32\drivers\parvdm.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\parvdm.sys : 8,704 : 07/13/2009 06:45 PM : eb0a59f29c19b86479d36b35983daadc [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\parvdm.sys : 8,704 : 07/13/2009 06:45 PM : eb0a59f29c19b86479d36b35983daadc [Pos Repl]

* C:\Windows\System32\drivers\pciidex.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\pciidex.sys : 42,560 : 07/13/2009 08:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl]
+-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\pciidex.sys : 42,560 : 07/13/2009 08:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl]

* C:\Windows\System32\drivers\pci.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\pci.sys : 153,680 : 07/13/2009 08:20 PM : c858cb77c577780ecc456a892e7e7d0f [Pos Repl]
+-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\pci.sys : 153,680 : 07/13/2009 08:20 PM : c858cb77c577780ecc456a892e7e7d0f [Pos Repl]

* C:\Windows\System32\drivers\pcmcia.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_x86_neutral_42dda5eb5768a3df\pcmcia.sys : 180,288 : 07/13/2009 08:19 PM : f396431b31693e71e8a80687ef523506 [Pos Repl]
+-> C:\Windows\winsxs\x86_pcmcia.inf_31bf3856ad364e35_6.1.7600.16385_none_85a22802fc99e371\pcmcia.sys : 180,288 : 07/13/2009 08:19 PM : f396431b31693e71e8a80687ef523506 [Pos Repl]

* C:\Windows\System32\drivers\portcls.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_aed2a4456700dfde\portcls.sys : 177,152 : 07/13/2009 06:51 PM : d72708c9f49500c13d7d067e169b7715 [Pos Repl]
+-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_603daf367b793e32\portcls.sys : 177,152 : 07/13/2009 06:51 PM : d72708c9f49500c13d7d067e169b7715 [Pos Repl]

* C:\Windows\System32\drivers\processr.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_x86_neutral_729b871528391032\processr.sys : 52,224 : 07/13/2009 06:11 PM : 85b1e3a0c7585bc4aae6899ec6fcf011 [Pos Repl]
+-> C:\Windows\winsxs\x86_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_5d20b0c250b4b524\processr.sys : 52,224 : 07/13/2009 06:11 PM : 85b1e3a0c7585bc4aae6899ec6fcf011 [Pos Repl]

* C:\Windows\System32\drivers\rasacd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys : 11,776 : 07/13/2009 06:54 PM : 30a81b53c766d0133bb86d234e5556ab [Pos Repl]

* C:\Windows\System32\drivers\rasl2tp.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7600.16385_none_99b2a2c04941dfb7\rasl2tp.sys : 78,848 : 07/13/2009 06:54 PM : d9f91eafec2815365cbe6d167e4e332a [Pos Repl]

* C:\Windows\System32\drivers\raspppoe.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.1.7600.16385_none_5609da43fbeb6e85\raspppoe.sys : 77,824 : 07/13/2009 06:54 PM : 0fe8b15916307a6ac12bfb6a63e45507 [Pos Repl]

* C:\Windows\System32\drivers\raspptp.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7600.16385_none_99c574fc492a728d\raspptp.sys : 73,728 : 07/13/2009 06:54 PM : 631e3e205ad6d86f2aed6a4a8e69f2db [Pos Repl]

* C:\Windows\System32\drivers\rdbss.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7600.16385_none_59ab2defc2bd0505\rdbss.sys : 241,664 : 07/13/2009 06:14 PM : 835d7e81bf517a3b72384bdcc85e1ce6 [Pos Repl]

* C:\Windows\System32\drivers\rdpcdd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_d4b17a3e9f928d55\RDPCDD.sys : 6,656 : 07/13/2009 07:01 PM : 1e016846895b15a99f9a176a05029075 [Pos Repl]

* C:\Windows\System32\drivers\rdpdr.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7600.16385_none_011065d1aa5ad954\rdpdr.sys : 133,120 : 07/13/2009 07:02 PM : c5ff95883ffef704d50c40d21cfb3ab5 [Pos Repl]

* C:\Windows\System32\drivers\rdpwd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_4b4bde6b36561dcb\rdpwd.sys : 177,152 : 07/13/2009 07:01 PM : 801371ba9782282892d00aadb08ee367 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys : 177,152 : 02/14/2012 10:22 PM : 0399c725a9c95a6f1862b93f008ddf4a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.17011_none_4b93703d36211704\rdpwd.sys : 177,152 : 04/27/2012 10:19 PM : c5b8d47a4688de9d335204ea757c2240 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys : 178,176 : 02/16/2012 10:16 PM : 9abed8c1607153bb89488187529c3db5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21202_none_4c28df244f35b15b\rdpwd.sys : 178,176 : 04/27/2012 10:19 PM : 9a67f7b4939f6a3ec7464c07737682f6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys : 183,808 : 02/16/2012 10:14 PM : 244c83332f44589ae98fc347f11b2693 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17830_none_4d6356e533586b60\rdpwd.sys : 183,808 : 04/27/2012 10:17 PM : f031683e6d1fea157abb2ff260b51e61 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys : 183,808 : 02/16/2012 10:09 PM : 2570d1f85c0ce1096e075f2de96d11d9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21982_none_4db8e4a84c9cc98d\rdpwd.sys : 183,808 : 04/27/2012 10:08 PM : f665adb892f8002248274d9a22dddb00 [Pos Repl]

* C:\Windows\System32\drivers\rmcast.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7600.16385_none_54542254e93e94e1\rmcast.sys : 117,248 : 07/13/2009 06:53 PM : b4090006a82eeb608c358ab5d37de85a [Pos Repl]

* C:\Windows\System32\drivers\rndismp.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7600.16385_none_e10505d0ed38f22a\RNDISMP.sys : 33,280 : 07/13/2009 06:54 PM : 7400cfab5cf36f2294e80b3f3bda3ebc [Pos Repl]

* C:\Windows\System32\drivers\rootmdm.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_946e88ef35e184db\rootmdm.sys : 8,192 : 07/13/2009 06:55 PM : 564297827d213f52c7a3a2ff749568ca [Pos Repl]

* C:\Windows\System32\drivers\scsiport.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_6.1.7600.16385_none_e55684068b7262bb\scsiport.sys : 140,368 : 07/13/2009 08:19 PM : f9882099e58ecf8b0e1c7afa5d2cc56d [Pos Repl]

* C:\Windows\System32\drivers\serenum.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serenum.sys : 17,920 : 07/13/2009 06:45 PM : 9ad8b8b515e3df6acd4212ef465de2d1 [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serenum.sys : 17,920 : 07/13/2009 06:45 PM : 9ad8b8b515e3df6acd4212ef465de2d1 [Pos Repl]

* C:\Windows\System32\drivers\serial.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys : 83,456 : 07/13/2009 06:45 PM : 5fb7fcea0490d821f26f39cc5ea3d1e2 [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys : 83,456 : 07/13/2009 06:45 PM : 5fb7fcea0490d821f26f39cc5ea3d1e2 [Pos Repl]

* C:\Windows\System32\drivers\sffdisk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_fadfac8e3bdbd79b\sffdisk.sys : 11,264 : 07/13/2009 06:45 PM : 9f976e1eb233df46fce808d9dea3eb9c [Pos Repl]
+-> C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.1.7600.16385_none_a411df264b3d893a\sffdisk.sys : 11,264 : 07/13/2009 06:45 PM : 9f976e1eb233df46fce808d9dea3eb9c [Pos Repl]

* C:\Windows\System32\drivers\sffp_sd.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_fadfac8e3bdbd79b\sffp_sd.sys : 12,800 : 07/13/2009 06:45 PM : 4f1e5b0fe7c8050668dbfade8999aefb [Pos Repl]
+-> C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.1.7600.16385_none_a411df264b3d893a\sffp_sd.sys : 12,800 : 07/13/2009 06:45 PM : 4f1e5b0fe7c8050668dbfade8999aefb [Pos Repl]

* C:\Windows\System32\drivers\sfloppy.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_x86_neutral_2102f5344367a352\sfloppy.sys : 13,824 : 07/13/2009 06:45 PM : db96666cc8312ebc45032f30b007a547 [Pos Repl]
+-> C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_e6e06650dbcf54b4\sfloppy.sys : 13,824 : 07/13/2009 06:45 PM : db96666cc8312ebc45032f30b007a547 [Pos Repl]

* C:\Windows\System32\drivers\smclib.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft.windows.s...smart_card_library_31bf3856ad364e35_6.1.7600.16385_none_f9da031b490b1c8a\smclib.sys : 17,408 : 07/13/2009 06:45 PM : 2e467e6ca8e0a140c08011844c0d3936 [Pos Repl]

* C:\Windows\System32\drivers\srv.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16385_none_d9cdbf7e57c72d46\srv.sys : 309,760 : 07/13/2009 06:15 PM : 2ba4ebc7dfba845a1edbe1f75913be33 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_da1d75cc578ac680\srv.sys : 310,784 : 06/21/2010 09:47 PM : dd0dd124d95390fdffa7fb6283923ed4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16664_none_d9e264be57b7d382\srv.sys : 310,784 : 08/26/2010 10:31 PM : 2dbedfb1853f06110ec2aa7f3213c89f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16765_none_d9e366ee57b6ea00\srv.sys : 311,296 : 02/22/2011 11:06 PM : 4a9b0f215de2519e2363f91df25c1e97 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_da2548a6578558d8\srv.sys : 311,296 : 04/28/2011 09:57 PM : c4a027b8c0bd3fc0699f41fa5e9e0c87 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_da7da03970c8d60e\srv.sys : 311,296 : 06/21/2010 09:45 PM : 1610437b099a40d18a8975edab98a301 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20789_none_da5b632370e129e1\srv.sys : 311,296 : 08/26/2010 10:28 PM : f28094971cd10dd0c09930fb654ada0b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20907_none_daafe5bb70a211f9\srv.sys : 311,808 : 02/22/2011 09:38 PM : d0806dbfe08ab1a11b673c1e43d70efb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_da78d5d570cb8457\srv.sys : 311,808 : 04/28/2011 09:49 PM : 110ad8cd36f173e917b1145950042b79 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17565_none_dbc9c3f454dd55ec\srv.sys : 311,808 : 02/22/2011 10:48 PM : 4e636465a8653ba3bf29f929aa578e6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_dc0da64054a9f772\srv.sys : 311,808 : 04/28/2011 09:46 PM : e4c2764065d66ea1d2d3ebc28fe99c46 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21666_none_dc5461096dfa0f0d\srv.sys : 311,808 : 02/22/2011 09:10 PM : 52c2b8f7dbb796954a98cf7bc8753766 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_dc8b72d56dd099d6\srv.sys : 311,808 : 04/28/2011 10:19 PM : b9526afe58b0eb537a391dfa925a1e40 [Pos Repl]

* C:\Windows\System32\drivers\stream.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_5e3aebd498f644ed\stream.sys : 53,632 : 07/13/2009 06:50 PM : 45b44fc9e5ac0db02b19d515ee809de5 [Pos Repl]

* C:\Windows\System32\drivers\swenum.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\swenum.sys : 12,240 : 07/13/2009 08:19 PM : e58c78a848add9610a4db6d214af5224 [Pos Repl]
+-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\swenum.sys : 12,240 : 07/13/2009 08:19 PM : e58c78a848add9610a4db6d214af5224 [Pos Repl]

* C:\Windows\System32\drivers\tape.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_6.1.7600.16385_none_9200269b1ea20fd1\tape.sys : 24,576 : 07/13/2009 06:45 PM : 949c35bf4ae6c110a924ab5e2175dda7 [Pos Repl]

* C:\Windows\System32\Drivers\tcpip.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys : 1,285,712 : 07/13/2009 08:19 PM : 2cc3d75488abd3ec628bbb9a4fc84efc [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys : 1,286,016 : 06/14/2010 08:12 AM : bb7f39c31c4a4417fd318e7cd184e225 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys : 1,286,016 : 04/24/2011 11:56 PM : 0158d5e9982e9d6a90dfc802f618e130 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys : 1,286,016 : 06/21/2011 11:39 AM : c2daaeb48f3a47c410b041a0d2382ee1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys : 1,285,488 : 09/29/2011 11:43 AM : 56c198ac82efa622dd93e9e43575f79c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys : 1,287,024 : 03/30/2012 11:29 AM : 55e9965552741f3850cb22cbba9671ed [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys : 1,287,528 : 01/03/2013 10:55 PM : bbceaeff1fd72a026f827cbb2f4aa8ad [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys : 1,288,576 : 06/14/2010 10:06 AM : a39ea325c081ad27461f630c8e3e56e0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys : 1,298,816 : 04/24/2011 11:44 PM : 8861b9a06ba99c6e1d62d0c86dfab86c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys : 1,301,376 : 06/21/2011 11:30 AM : 93c444d118b184452132357c322124cd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys : 1,301,872 : 09/29/2011 11:02 AM : 22f7e7cbca308dee3428b097d4f8a61c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys : 1,303,408 : 03/30/2012 11:08 AM : e47c2844a1605a44178f4281e4d58b3d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys : 1,303,912 : 01/02/2013 11:01 PM : 34ae5cc0c7417ab701c2aa8a7bc75417 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys : 1,290,624 : 04/24/2011 11:31 PM : 24326784df8f3d5f5bbb9f878ce33c14 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys : 1,290,624 : 06/21/2011 11:34 AM : 04e4a7d53a7ace02e8c55b17a498f631 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys : 1,290,608 : 09/29/2011 11:03 AM : 65d10b191c59c5501a1263fc33f6894b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys : 1,291,632 : 03/30/2012 11:23 AM : 7fa2e0f8b072bd04b77b421480b6cc22 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys : 1,293,672 : 01/02/2013 11:05 PM : 7c0507d2391af5933600cbced799f277 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys : 1,301,376 : 04/25/2011 11:31 AM : 6d4728cff2724ff3a4654971d61d0f1c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys : 1,303,424 : 06/21/2011 11:54 AM : dec4940487050ae13c60c86f40e07e75 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys : 1,303,920 : 09/29/2011 11:17 AM : 3c1c41e317710f74cec1e7f0d5325993 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys : 1,306,480 : 03/30/2012 11:04 AM : 88fcdb9923efeca207b3cebd24407126 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys : 1,308,504 : 01/03/2013 10:56 PM : 4a95845c5f33a4ddeb6aef6367fb6520 [Pos Repl]

* C:\Windows\System32\drivers\tdi.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7600.16385_none_66c49eaf974a0e9b\tdi.sys : 20,992 : 07/13/2009 06:12 PM : 52639c994fe3cd975bfe7428b939b320 [Pos Repl]

* C:\Windows\System32\drivers\tdpipe.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_db828d8fa60ad848\tdpipe.sys : 17,920 : 07/13/2009 07:01 PM : 1875c1490d99e70e449e3afae9fcbadf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_db963837a5fc5ca2\tdpipe.sys : 17,920 : 07/13/2009 07:01 PM : 1875c1490d99e70e449e3afae9fcbadf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_dc287c7cbf13e10f\tdpipe.sys : 17,920 : 07/13/2009 07:01 PM : 1875c1490d99e70e449e3afae9fcbadf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdpipe.sys : 18,432 : 11/20/2010 07:21 AM : 1cb91b2bd8f6dd367dfc2ef26fd751b2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdpipe.sys : 18,432 : 11/20/2010 07:21 AM : 1cb91b2bd8f6dd367dfc2ef26fd751b2 [Pos Repl]

* C:\Windows\System32\drivers\tdtcp.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_db828d8fa60ad848\tdtcp.sys : 24,064 : 07/13/2009 07:01 PM : 7551e91ea999ee9a8e9c331d5a9c31f3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_db963837a5fc5ca2\tdtcp.sys : 24,064 : 02/14/2012 10:22 PM : 7156308896d34ea75a582f9a09e50c17 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_dc287c7cbf13e10f\tdtcp.sys : 24,064 : 02/16/2012 10:16 PM : b311ac66edb0201981f6c1a444e42454 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdtcp.sys : 24,576 : 02/16/2012 10:13 PM : 2c2c5afe7ee4f620d69c23c0617651a8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdtcp.sys : 24,576 : 02/16/2012 10:09 PM : 010560bc6586d1c1cc7cef24b5db4d94 [Pos Repl]

* C:\Windows\System32\drivers\tdx.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys : 74,240 : 07/13/2009 06:12 PM : cb39e896a2a83702d1737bfd402b3542 [Pos Repl]

* C:\Windows\System32\drivers\termdd.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\termdd.sys : 51,776 : 07/13/2009 08:19 PM : c36f41ee20e6999dbf4b0425963268a5 [Pos Repl]
+-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\termdd.sys : 51,776 : 07/13/2009 08:19 PM : c36f41ee20e6999dbf4b0425963268a5 [Pos Repl]

* C:\Windows\System32\drivers\udfs.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-udfs_31bf3856ad364e35_6.1.7600.16385_none_a64fee667e374655\udfs.sys : 246,784 : 07/13/2009 06:14 PM : 09cc3e16f8e5ee7168e01cf8fcbe061a [Pos Repl]

* C:\Windows\System32\drivers\usb8023.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_c4c31b1bb3fed11a\usb8023.sys : 15,872 : 07/13/2009 06:54 PM : b71da871254d96d0349639d03e4c1cc1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.17233_none_c4f71175b3d82f31\usb8023.sys : 15,872 : 02/12/2013 06:51 AM : a9645d3f7b14f6c8f4bfac4ff81b4cbb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.21444_none_c576e084ccfd016a\usb8023.sys : 15,872 : 02/11/2013 09:31 PM : 3f39ee7c311b3d65ce5354fcb4de7bef [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7601.18076_none_c6b52fa9b11c56e6\usb8023.sys : 15,872 : 02/11/2013 09:32 PM : fe8a57c8e04edd3aa8add8f3c8f65297 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7601.22248_none_c7613eb2ca1fd2b2\usb8023.sys : 15,872 : 02/11/2013 09:20 PM : 81c26bc6f9c73334df29b859ad3e5659 [Pos Repl]

* C:\Windows\System32\drivers\usbcamd2.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7600.16385_none_9f5eb7b3d98ea3ce\USBCAMD2.sys : 25,856 : 07/13/2009 06:51 PM : 2190f65ec7e9ae7a301e01e4261acef8 [Pos Repl]

* C:\Windows\System32\drivers\usbcamd.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7600.16385_none_9f5eb7b3d98ea3ce\USBCAMD.sys : 25,856 : 07/13/2009 06:51 PM : 47d88f155eb4e4be60ebd76ac8d17db7 [Pos Repl]

* C:\Windows\System32\drivers\usbccgp.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_6d9d194ba6d9753d\usbccgp.sys : 75,264 : 07/13/2009 06:51 PM : 8455c4ed038efd09e99327f9d2d48ffa [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_e24d8d3fec6e4567\usbccgp.sys : 75,264 : 07/13/2009 06:51 PM : 8455c4ed038efd09e99327f9d2d48ffa [Pos Repl]
+-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_cacebd196fc5e8e0\usbccgp.sys : 75,264 : 07/13/2009 06:51 PM : 8455c4ed038efd09e99327f9d2d48ffa [Pos Repl]
+-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7600.16445_none_caf9feaf6fa57643\usbccgp.sys : 75,264 : 07/13/2009 06:51 PM : 8455c4ed038efd09e99327f9d2d48ffa [Pos Repl]
+-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7600.20557_none_cb7acc2288c964ac\usbccgp.sys : 75,264 : 07/13/2009 06:51 PM : 8455c4ed038efd09e99327f9d2d48ffa [Pos Repl]

* C:\Windows\System32\drivers\usbd.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_85ba619fcf2acd7a\usbd.sys : 5,888 : 07/13/2009 06:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_ba59fa32fc6a596d\usbd.sys : 5,888 : 07/13/2009 06:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_bd98b59664e136c7\usbd.sys : 5,888 : 07/13/2009 06:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16445_none_bdc3f72c64c0c42a\usbd.sys : 5,888 : 07/13/2009 06:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.20557_none_be44c49f7de4b293\usbd.sys : 5,888 : 07/13/2009 06:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl]

* C:\Windows\System32\drivers\usbehci.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_85ba619fcf2acd7a\usbehci.sys : 41,984 : 10/23/2009 10:58 PM : ff32d4f3ec3c68b2ca61782c7964f54e [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_ba59fa32fc6a596d\usbehci.sys : 41,472 : 07/13/2009 06:51 PM : 1c333bfd60f2fed2c7ad5daf533cb742 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_bd98b59664e136c7\usbehci.sys : 41,472 : 07/13/2009 06:51 PM : 1c333bfd60f2fed2c7ad5daf533cb742 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16445_none_bdc3f72c64c0c42a\usbehci.sys : 41,984 : 10/23/2009 10:58 PM : ff32d4f3ec3c68b2ca61782c7964f54e [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.20557_none_be44c49f7de4b293\usbehci.sys : 41,984 : 10/23/2009 10:54 PM : 97c8c2750090ca722c73b8c8ddc7c82b [Pos Repl]

* C:\Windows\System32\drivers\usbhub.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_6d9d194ba6d9753d\usbhub.sys : 258,560 : 10/23/2009 11:00 PM : b0dfc7b484e0ca0c27bda5433b82d94a [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_e24d8d3fec6e4567\usbhub.sys : 258,560 : 07/13/2009 06:52 PM : ee6ef93ccfa94fae8c6ab298273d8ae2 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_85ba619fcf2acd7a\usbhub.sys : 258,560 : 10/23/2009 11:00 PM : b0dfc7b484e0ca0c27bda5433b82d94a [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_ba59fa32fc6a596d\usbhub.sys : 258,560 : 07/13/2009 06:52 PM : ee6ef93ccfa94fae8c6ab298273d8ae2 [Pos Repl]
+-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_cacebd196fc5e8e0\usbhub.sys : 258,560 : 07/13/2009 06:52 PM : ee6ef93ccfa94fae8c6ab298273d8ae2 [Pos Repl]
+-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7600.16445_none_caf9feaf6fa57643\usbhub.sys : 258,560 : 10/23/2009 11:00 PM : b0dfc7b484e0ca0c27bda5433b82d94a [Pos Repl]
+-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7600.20557_none_cb7acc2288c964ac\usbhub.sys : 258,560 : 10/23/2009 10:55 PM : 8b8601b4933275edab38d9994e0c0dda [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_bd98b59664e136c7\usbhub.sys : 258,560 : 07/13/2009 06:52 PM : ee6ef93ccfa94fae8c6ab298273d8ae2 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16445_none_bdc3f72c64c0c42a\usbhub.sys : 258,560 : 10/23/2009 11:00 PM : b0dfc7b484e0ca0c27bda5433b82d94a [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.20557_none_be44c49f7de4b293\usbhub.sys : 258,560 : 10/23/2009 10:55 PM : 8b8601b4933275edab38d9994e0c0dda [Pos Repl]

* C:\Windows\System32\drivers\usbport.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_85ba619fcf2acd7a\usbport.sys : 284,160 : 07/13/2009 06:51 PM : f6d1c957c5bf4f274aad1da7059916e4 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_ba59fa32fc6a596d\usbport.sys : 284,160 : 07/13/2009 06:51 PM : f6d1c957c5bf4f274aad1da7059916e4 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_bd98b59664e136c7\usbport.sys : 284,160 : 07/13/2009 06:51 PM : f6d1c957c5bf4f274aad1da7059916e4 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16445_none_bdc3f72c64c0c42a\usbport.sys : 284,160 : 07/13/2009 06:51 PM : f6d1c957c5bf4f274aad1da7059916e4 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.20557_none_be44c49f7de4b293\usbport.sys : 284,160 : 07/13/2009 06:51 PM : f6d1c957c5bf4f274aad1da7059916e4 [Pos Repl]

* C:\Windows\System32\drivers\USBSTOR.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS : 74,752 : 07/13/2009 06:51 PM : d8889d56e0d27e57ed4591837fe71d27 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS : 74,752 : 07/13/2009 06:51 PM : d8889d56e0d27e57ed4591837fe71d27 [Pos Repl]

* C:\Windows\System32\drivers\usbuhci.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_85ba619fcf2acd7a\usbuhci.sys : 24,064 : 07/13/2009 06:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_ba59fa32fc6a596d\usbuhci.sys : 24,064 : 07/13/2009 06:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_bd98b59664e136c7\usbuhci.sys : 24,064 : 07/13/2009 06:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.16445_none_bdc3f72c64c0c42a\usbuhci.sys : 24,064 : 07/13/2009 06:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl]
+-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7600.20557_none_be44c49f7de4b293\usbuhci.sys : 24,064 : 07/13/2009 06:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl]

* C:\Windows\System32\drivers\vga.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.1.7600.16385_none_9c6287a93b5351ec\vga.sys : 25,088 : 07/13/2009 06:25 PM : 8e38096ad5c8570a6f1570a61e251561 [Pos Repl]

* C:\Windows\System32\drivers\videoprt.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-videoport_31bf3856ad364e35_6.1.7600.16385_none_bbf0a23665b80f3d\videoprt.sys : 111,616 : 07/13/2009 06:25 PM : 15c126d1b55814b9e5cab10a9c1f4c67 [Pos Repl]

* C:\Windows\System32\drivers\volsnap.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys : 245,328 : 07/13/2009 08:19 PM : 58df9d2481a56edde167e51b334d44fd [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_73593b5de1f7705b\volsnap.sys : 245,616 : 09/06/2012 08:48 AM : 59f06b4968e58bc83dfc56ca4517960e [Pos Repl]
+-> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys : 245,328 : 07/13/2009 08:19 PM : 58df9d2481a56edde167e51b334d44fd [Pos Repl]
+-> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.17122_none_15cad1ba5d3abbe6\volsnap.sys : 245,616 : 09/06/2012 08:48 AM : 59f06b4968e58bc83dfc56ca4517960e [Pos Repl]
+-> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys : 245,616 : 09/06/2012 02:18 PM : 295954c522a057d3e590ee38246789ce [Pos Repl]

* C:\Windows\System32\drivers\wanarp.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_0db6be04dbc2da8a\wanarp.sys : 63,488 : 07/13/2009 06:55 PM : 692a712062146e96d28ba0b7d75de31b [Pos Repl]

* C:\Windows\System32\drivers\wmilib.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-wmilib_31bf3856ad364e35_6.1.7600.16385_none_592b507a658046bb\wmilib.sys : 14,912 : 07/13/2009 08:19 PM : 9a5b1059fe015db5269fbb25acbf841d [Pos Repl]

* C:\Windows\System32\drivers\ws2ifsl.sys [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys : 16,384 : 07/13/2009 06:55 PM : 6db3276587b853bf886b69528fdb048c [Pos Repl]

* C:\Windows\System32\dsound.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll : 453,632 : 07/13/2009 08:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl]

* C:\Windows\System32\dssenh.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.1.7600.16385_none_3bcf11a6e63842c7\dssenh.dll : 156,728 : 07/13/2009 08:17 PM : 99b9343280af6a4c0f27cf2e28e94bbf [Pos Repl]

* C:\Windows\System32\dwm.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_8d79ea381e8590a8\dwm.exe : 92,672 : 07/13/2009 08:14 PM : 505bf4d1cadeb8d4f8bcd08d944de25d [Pos Repl]

* C:\Windows\System32\es.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll : 271,360 : 07/13/2009 08:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl]

* C:\Windows\System32\hid.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_d6829e90e8c23da8\hid.dll : 22,016 : 07/13/2009 08:15 PM : 63df770df74acb370ef5a16727069aaf [Pos Repl]

* C:\Windows\System32\hnetcfg.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll : 288,256 : 07/13/2009 08:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl]

* C:\Windows\System32\ias.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll : 19,456 : 07/13/2009 08:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl]

* C:\Windows\System32\imm32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_5c2c7439dbbe9273\imm32.dll : 118,272 : 07/13/2009 08:15 PM : 5df8132adf721329234403189fc94e16 [Pos Repl]

* C:\Windows\System32\ipsecsvc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_43e4cdf54d58d3dd\IPSECSVC.DLL : 350,720 : 07/13/2009 08:15 PM : 48e1b75c6dc0232fd92baae4bd344721 [Pos Repl]

* C:\Windows\System32\kernel32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll : 857,088 : 07/13/2009 08:15 PM : 4605f7ee9805f7e1c98d6c959dd2949c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll : 857,088 : 12/08/2009 08:33 AM : 0369ba73ce6d918745579b24339765e8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll : 868,352 : 05/14/2011 08:35 AM : 4f9c07f0d68e135f1e07c20647fc54f9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll : 868,352 : 07/15/2011 11:34 PM : 7e99a20c758abb5ae89c7aeea3a9aeb2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_93ca306cb776b1bd\kernel32.dll : 868,352 : 10/04/2012 11:49 AM : 5eb52c62998cf36bae774fc67775eaeb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_93eba260b75d7468\kernel32.dll : 868,352 : 01/03/2013 10:46 PM : a2cb61b68566f6db067607273119d27b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll : 857,088 : 12/08/2009 10:57 AM : eb7b2309a2b16eeb73c2c13477fef8fb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll : 868,352 : 06/03/2011 10:01 AM : 11826814aa8c1177cbf6bc40105e9a87 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll : 868,352 : 07/15/2011 11:25 PM : 12dd18c6ecadedb922e40b494d315206 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_9453cf1dd0944eae\kernel32.dll : 868,352 : 10/04/2012 11:51 AM : a49f39ad51987f9360c316d85040d763 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_946a7125d0832d4a\kernel32.dll : 868,352 : 01/03/2013 10:44 PM : 89c816e5da817eb6e97bac7e644041e8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll : 868,352 : 05/14/2011 10:26 AM : 02d5e2d9d9497f314c97e082a1cb9808 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll : 868,352 : 07/15/2011 11:27 PM : e570cbd732848438eac574eb3442a2a8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll : 868,352 : 10/04/2012 11:43 AM : 3ed262888758e350c29e02207af9ac59 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll : 868,352 : 05/14/2011 11:40 AM : 5717fc9d2a1daa0596dc7d940f2d613c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll : 868,352 : 07/15/2011 11:54 PM : 921f8b3ff01501c9934ccb3c270833d7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll : 868,352 : 10/04/2012 11:32 AM : 63350392c018d28c87e6fcb638dfcfe8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll : 868,352 : 01/03/2013 10:46 PM : f14125f0b2acb29963e896e3441dc30c [Pos Repl]

* C:\Windows\System32\ksuser.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll : 4,608 : 07/13/2009 08:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl]

* C:\Windows\System32\linkinfo.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll : 22,016 : 07/13/2009 08:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl]

* C:\Windows\System32\lpk.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_a9d3afe7bbba66c9\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_a99aa339bbe5a0c7\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_a9de8585bbb2424d\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_a9bd1577bbcb7cc9\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17159_none_a9cdc4f3bbbe2399\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_a99d83d1bbe314aa\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_aa517c7cd4e1092d\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_aa6ff15ed4ca7a21\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_aa3de2ead4ef6b32\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_aa899444d4b6a4c2\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21362_none_aa4591b2d4ea2b1a\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_aa867320d4b9809b\lpk.dll : 26,112 : 12/16/2012 08:29 AM : 1953e31a9290333feeb28a002d92f68a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_abc7e369b8d5fa3e\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_aba3727db8f1e8b5\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_ab8109bdb90bfe76\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_abc2c1b1b8daa369\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_ac507fead1f480b1\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_ac2e0f92d20ea1d6\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_ac37beeed207946c\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_ac0e7fd2d22636de\lpk.dll : 26,624 : 07/13/2009 08:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]

* C:\Windows\System32\lsass.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe : 22,528 : 07/13/2009 08:14 PM : f42309c4191c506b71db5d1126d26318 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe : 22,528 : 07/13/2009 08:14 PM : f42309c4191c506b71db5d1126d26318 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe : 22,528 : 11/16/2011 11:36 PM : c2243ff9e9aad0c30e8b1a0914da15b6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe : 22,528 : 11/16/2011 11:36 PM : c2243ff9e9aad0c30e8b1a0914da15b6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe : 22,528 : 07/13/2009 08:14 PM : f42309c4191c506b71db5d1126d26318 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe : 22,528 : 11/17/2011 08:09 AM : 05f38cb7cab3ce8e9a1812d517da93ef [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe : 22,528 : 06/01/2012 11:40 PM : a6034689acf9d14973f8384ad5a5451e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe : 22,528 : 11/16/2011 11:29 PM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe : 22,528 : 11/16/2011 11:29 PM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe : 22,528 : 11/16/2011 11:24 PM : fbcb2dfa40862daa7b1534c9538208a5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe : 22,528 : 06/01/2012 11:51 PM : fa7b950e4ca6aa260c4eaba19e03644d [Pos Repl]

* C:\Windows\System32\lsm.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7600.16385_none_a51b22e46bde44fe\lsm.exe : 261,120 : 07/13/2009 08:14 PM : 398dc10274c0cb861338cfc56e727c9f [Pos Repl]

* C:\Windows\System32\mfc40u.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll : 924,944 : 07/13/2009 08:15 PM : f8742fc618ecbda92a406725197e93ae [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll : 954,288 : 08/30/2010 11:32 PM : 1b3a500340ac40f08d03a2c45213a17d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll : 954,288 : 08/30/2010 11:25 PM : a716981a8bb41f4149203687ee2d1be4 [Pos Repl]

* C:\Windows\System32\midimap.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll : 16,896 : 07/13/2009 08:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl]

* C:\Windows\System32\mshtml.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll : 5,957,632 : 07/13/2009 08:15 PM : 43592d31aff84dd957199248898d9430 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll : 5,978,112 : 11/04/2010 08:49 AM : 9145ef1a437a3fca06069fc649e16e32 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll : 5,980,672 : 12/17/2010 11:30 PM : 6e9e2d2dc298fe9a3a3c164fb8a2c9ea [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll : 5,981,696 : 02/23/2011 11:30 PM : c75417dd80fe9d56a906dd9da791ed6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_2e1097d4fa51edcb\mshtml.dll : 5,984,256 : 05/27/2011 11:38 PM : 1816d4cf1a7cbb72298ab120059226d4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_2df228a4fa68744c\mshtml.dll : 5,989,376 : 07/22/2011 11:38 AM : a56ebb1297f12728cf8ee028b7964e06 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_2dc4e860fa8ab162\mshtml.dll : 5,990,912 : 09/30/2011 11:42 PM : be58b60c0ffcd769db77bb072ddbcda7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_2e1c69f0fa48e858\mshtml.dll : 5,997,568 : 11/04/2011 11:34 PM : 9b2203a026436b0ce445819356619c06 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll : 5,999,104 : 12/16/2011 11:59 AM : 65631f456004e4df6add6f8c2550fea2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll : 5,979,136 : 11/04/2010 11:52 AM : 61854d1111e33a09603452b32a84b5f0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll : 5,980,672 : 12/17/2010 11:28 PM : a8b89a12e7a379ac443fb002f4aab51f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll : 5,982,720 : 02/23/2011 11:44 PM : f861a76f208bd31031a91412aa77bd4f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_2e68262c13947ea6\mshtml.dll : 5,984,768 : 05/27/2011 11:40 PM : c57c1b54d6038c0b5ac031c8e920baf4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_2ea6dd421365d794\mshtml.dll : 5,990,912 : 07/22/2011 11:30 AM : a3ef4e2490dd7cd6c4601fe3fde34535 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_2e6fcd5c138f49f2\mshtml.dll : 5,991,936 : 09/30/2011 11:39 PM : 146d5f5ceb1a89369b6d559ed5182b07 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_2e5d2e62139ccdd9\mshtml.dll : 5,999,616 : 11/04/2011 11:34 PM : 1f0d01939cadbfe8945e788f39662e8e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll : 6,000,640 : 12/16/2011 11:49 AM : 41adbc5327bbdd802266b965b9dc9c9b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll : 5,980,672 : 01/07/2011 11:46 AM : 1c6045d48179d15a843486d12bec0eaf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll : 5,981,696 : 03/06/2011 11:31 PM : 3d2f69861d7b24a3c5b0473583fe3d9d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_2ff7f524f777730e\mshtml.dll : 5,984,768 : 05/27/2011 11:33 PM : f5b7c30075207a165ff2eed1ff89ab8d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_2fda863ef78d12e6\mshtml.dll : 5,988,864 : 07/22/2011 11:33 AM : dd64818174a695e8ec766e50297ab854 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_2fb347b6f7a9e806\mshtml.dll : 5,990,400 : 09/30/2011 11:34 PM : 009751094a5a9041723d635af249dc6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_2ff5f676f7793d87\mshtml.dll : 5,997,056 : 11/04/2011 11:31 PM : 61c09b5ad2932538659d133c875dbb0f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll : 5,997,568 : 12/16/2011 11:52 AM : bdb0402589bdd0d47d0ce9b2a0187d94 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll : 5,980,672 : 01/07/2011 11:32 AM : 1011333570e1cecae8fac34c8d9461bc [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll : 5,981,696 : 03/06/2011 11:20 PM : 5e87c06b924495f6fa381391fde0c9d4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_3079c2e2109a7ace\mshtml.dll : 5,984,768 : 05/28/2011 11:55 AM : 0c32d9ff0fc163239c4b052fe6efa8e7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_304f837c10ba03e9\mshtml.dll : 5,988,864 : 07/22/2011 11:44 AM : cf3c3365dc28ab97636bf11e9bb67927 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_3074c356109ef942\mshtml.dll : 5,991,936 : 10/01/2011 11:06 AM : e16f0a71b984e06fe0a90a2e2e227b23 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_306424f010aaafd7\mshtml.dll : 5,997,568 : 11/04/2011 11:31 PM : 3e218028099f62ca630e2afe936f1f0d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll : 5,998,080 : 12/16/2011 11:58 AM : d829890a3ce83ee4332d2be11755e590 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_2bad15823c800473\mshtml.dll : 12,282,368 : 03/01/2012 11:01 AM : 497c9c3db953a60ec4f43a097e15f75e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_2baf16163c7e3721\mshtml.dll : 12,281,856 : 02/27/2012 07:52 PM : f82bf2cb075b49e9fab5ff213c45c020 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_2bb216f43c7b8326\mshtml.dll : 12,314,624 : 05/17/2012 06:11 PM : 9fb58f71104107d44540af1195f7a14d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_2bb3173e3c7a9c7d\mshtml.dll : 12,314,624 : 06/02/2012 06:07 AM : 6820a9e91aff7cb3a510360d8ccd9bdd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_2bb417883c79b5d4\mshtml.dll : 12,317,184 : 06/28/2012 07:52 PM : 5e8e869e1342308752a37a2c90cca79d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_2ba1454c3c89070d\mshtml.dll : 12,319,744 : 08/24/2012 07:27 AM : bb197f54a8f69eea8356b7f70e6d3a20 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_2ba646be3c8485c0\mshtml.dll : 12,320,768 : 10/08/2012 07:28 AM : 8d1bb1e5a033e8817ef94a9047630165 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16457_none_2ba847523c82b86e\mshtml.dll : 12,320,256 : 11/13/2012 08:48 PM : 07f649cd36f266bbe33b814fa678aa43 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_2b9a76883c8d885a\mshtml.dll : 12,321,280 : 01/08/2013 04:23 PM : c97434c851c4821bd92d2831fdf1ecbe [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16470_none_2b8ba5743c993eef\mshtml.dll : 12,321,792 : 02/01/2013 10:09 PM : 263963d93a3ca8f685efa5966f1e6581 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_2b91a7303c93d6f9\mshtml.dll : 12,324,352 : 02/21/2013 10:05 PM : 658ebc74bd38d16805648c4775f7fa82 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_2c3db4535597559e\mshtml.dll : 12,281,856 : 02/27/2012 07:21 PM : b9e083b14b1994f1255983f2df31c7df [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_2c2be26155a5c02e\mshtml.dll : 12,314,624 : 05/17/2012 05:53 PM : 761d9111f5a2619cb5060661d36fbfff [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_2c2de2f555a3f2dc\mshtml.dll : 12,314,624 : 06/02/2012 05:48 AM : 1abf770552ea9d4fe90f654468faf4ce [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_2c2ee33f55a30c33\mshtml.dll : 12,317,184 : 06/28/2012 06:11 PM : aec51857aec2f5ce4520366240afc671 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_2c31e41d55a05838\mshtml.dll : 12,319,744 : 08/24/2012 06:43 AM : 975d1ea99a0fe8104b72440995b3c20b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_2c2212bf55acf576\mshtml.dll : 12,321,280 : 10/08/2012 06:12 AM : f7b251da2fa89933771289793dcaa08b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20565_none_2c25139d55aa417b\mshtml.dll : 12,321,280 : 11/13/2012 08:14 PM : 8021ef27048f9ece5286ea8c8eed23b8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20573_none_2c18431d55b42abe\mshtml.dll : 12,322,304 : 01/08/2013 03:17 PM : b6ad225b3bcc07332fbb2c2824315534 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20580_none_2c0a725355befaaa\mshtml.dll : 12,322,304 : 02/01/2013 10:15 PM : 88c27474e61271b49677f22cee76fb3e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_2c10740f55b992b4\mshtml.dll : 12,324,864 : 02/21/2013 10:06 PM : 474d43d76e2a33fee21c6f4bb7c4a3b7 [Pos Repl]

* C:\Windows\System32\msimg32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll : 4,608 : 07/13/2009 08:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl]

* C:\Windows\System32\msprivs.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.1.7600.16385_none_0bef4735dcb96ff8\msprivs.dll : 2,048 : 07/13/2009 08:07 PM : c90878913df3dc504790282043db5f4c [Pos Repl]

* C:\Windows\System32\msvcrt.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll : 690,688 : 07/13/2009 08:15 PM : e46d48a7fe961401f1cbf85531cdf05d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll : 690,688 : 12/16/2011 08:59 AM : f8a61b2e713309b4616d107919bdab6e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll : 690,688 : 12/16/2011 08:49 AM : 10142c1975202a767c0edb3bc066fd88 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll : 690,688 : 12/16/2011 08:52 AM : 9dc80a8aaaaac397bdab3c67165a824e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll : 690,688 : 12/16/2011 08:58 AM : 2f740c4b458331357e825e94afb0953a [Pos Repl]

* C:\Windows\System32\mswsock.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll : 232,448 : 07/13/2009 08:15 PM : 11a41f17527ed75d6b758fdd7f4fd00d [Pos Repl]

* C:\Windows\System32\netlogon.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll : 563,712 : 07/13/2009 08:16 PM : eaa75d9000b71f10eec04d2ae6c60e81 [Pos Repl]

* C:\Windows\System32\netman.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll : 280,576 : 07/13/2009 08:16 PM : 7cccfca7510684768da22092d1fa4db2 [Pos Repl]

* C:\Windows\System32\ntkrnlpa.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe : 3,954,768 : 07/13/2009 08:20 PM : e2a8596576873bc5d509031decd8c95d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe : 3,955,288 : 12/08/2009 08:40 AM : 92345529a07f31547d73ff6e32e1afe9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe : 3,955,080 : 06/19/2010 08:33 AM : 05288b088c0dfac60d6bcf878fc32b60 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe : 3,957,120 : 10/26/2010 11:43 PM : a6dcf9f73f2fca7a96d9585817a08b43 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe : 3,957,632 : 04/09/2011 11:13 AM : eedb427eac109e0711642b65c229bc59 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe : 3,957,120 : 06/22/2011 11:38 PM : 1f969255e068d451bac2d4fb0bd8c9c3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntkrnlpa.exe : 3,957,104 : 10/25/2011 11:42 PM : 0e5e92c8aa8ada52d37d551e322bf1fa [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe : 3,958,128 : 04/01/2012 11:46 PM : 9d19079820928d72a5708a668b5b62ae [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_6c554d82153b4f9a\ntkrnlpa.exe : 3,958,128 : 08/30/2012 11:18 AM : 31805bfa4dc62a55d1c2193237decc0f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntkrnlpa.exe : 3,957,608 : 01/04/2013 11:02 PM : 4fc77400373f727993b96cd2ad5c94cc [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntkrnlpa.exe : 3,958,120 : 03/19/2013 11:06 AM : b02d4e4a4ebef9e33488969df6e9bc22 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe : 3,954,776 : 12/08/2009 11:04 AM : 9961859237c15878493ade2119991614 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe : 3,964,800 : 06/19/2010 11:37 AM : 2a37766f5121e98271ecd811a60d9420 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe : 3,966,848 : 10/26/2010 11:33 PM : 8e641a407a795dfb7b3a34053ef8db39 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe : 3,967,360 : 04/09/2011 11:21 AM : 83515cddb47b08f65f1ec7451778c3cd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe : 3,967,872 : 06/22/2011 11:32 PM : 11486d4317d57c6f5e4dc902ef75d811 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntkrnlpa.exe : 3,970,416 : 10/25/2011 11:51 PM : 0e725e4d29cba35e680dd51099eb6598 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe : 3,970,928 : 03/30/2012 11:43 PM : c6d1d128de4148e35b6c04b6892eb71a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntkrnlpa.exe : 3,971,440 : 08/30/2012 01:11 PM : 543f90836efeb1cce1dc547ef94cabac [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntkrnlpa.exe : 3,970,920 : 01/04/2013 10:53 PM : 291e9950a38f49a5c0bbc097c6d1a07d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_6c806c692ea0fe82\ntkrnlpa.exe : 3,971,432 : 03/19/2013 10:04 AM : 448a0336b56c2e927aae8e903c721800 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe : 3,967,872 : 04/09/2011 10:02 AM : 102a6182087b18c795664bcd22eb52e9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe : 3,967,872 : 06/22/2011 11:33 PM : a4a8ef2ace5fa5863aa0b04c9bbfeca7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntkrnlpa.exe : 3,967,856 : 10/25/2011 11:47 PM : f2368c2a4b126b2eaef1985116b88a1d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe : 3,968,368 : 03/30/2012 11:39 PM : 8f6d5704d7522aab8b4b82c0d35d9184 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe : 3,968,880 : 08/30/2012 11:12 AM : 7e1ec00b7d0d33a67dfc563574eeff93 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe : 3,967,848 : 01/04/2013 11:00 PM : 660100cb90f344040ef57f52fc0681c3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe : 3,968,856 : 03/19/2013 11:04 AM : 88355cfe81d381f93c74716daa803587 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe : 3,967,872 : 04/09/2011 11:01 AM : 9cf7f5d025183fa10e130445bc071b70 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe : 3,967,872 : 06/23/2011 11:55 AM : 3624d782f8b061b6fba3a35e2fe53cfd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntkrnlpa.exe : 3,970,928 : 10/26/2011 11:01 AM : fc9183a26d2ad7bd68f471262cf3946d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe : 3,971,952 : 03/30/2012 11:37 PM : 93358348d0b79812caaa83a1377e4449 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe : 3,972,464 : 08/30/2012 11:06 AM : 770feea2823e463d68e170d7ea6faeba [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe : 3,971,928 : 01/04/2013 10:49 PM : 8e43161944ce6e3a1f2b2618b992a8ce [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe : 3,972,440 : 03/18/2013 11:41 PM : 3dfcbeee97df8bbaa749caacfc9c43e1 [Pos Repl]

* C:\Windows\System32\ntoskrnl.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe : 3,899,472 : 07/13/2009 08:20 PM : b9d673f7707219dfd264891a26c21ecb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntoskrnl.exe : 3,899,464 : 12/08/2009 08:40 AM : cb51aeb061a5454cfc59b0b68acf53a4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe : 3,899,784 : 06/19/2010 08:33 AM : 8218e74a67942120bf8ee30661edf83f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe : 3,901,824 : 10/26/2010 11:43 PM : 776201760b5692f10dda3be85b54f213 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe : 3,901,824 : 04/09/2011 11:13 AM : d9fd1d6337f15aaf2012c69909615db5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe : 3,902,336 : 06/22/2011 11:38 PM : dfb0e9f902fdab7cd2e180e4072d45dd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntoskrnl.exe : 3,901,808 : 10/25/2011 11:42 PM : 7539cef9f7ff4ddae24dae5389dde2c3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntoskrnl.exe : 3,902,320 : 04/01/2012 11:46 PM : 678ad0f9db55f9127851cd631456f483 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_6c554d82153b4f9a\ntoskrnl.exe : 3,902,832 : 08/30/2012 11:18 AM : 8c8fc2396921c0f897721718abd5e70b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntoskrnl.exe : 3,902,312 : 01/04/2013 11:02 PM : b089270bacb16b8a1f0fde1529dbfe65 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntoskrnl.exe : 3,902,312 : 03/19/2013 11:06 AM : d1751cb2e03d7f57ac04c702d02974ac [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntoskrnl.exe : 3,899,992 : 12/08/2009 11:04 AM : 6c2effca281f6f5044810890a0589596 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe : 3,909,512 : 06/19/2010 11:37 AM : d5662cd1f9b85936561a07adc400acf4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe : 3,911,552 : 10/26/2010 11:33 PM : c6169f5fdc8399e0c6c0729ab6ef2ef8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe : 3,911,552 : 04/09/2011 11:21 AM : 0f4a148499cc6fa5d84a0f1587869051 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe : 3,911,552 : 06/22/2011 11:32 PM : 638a384e9968036d42bdbde499a1c8b8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntoskrnl.exe : 3,915,120 : 10/25/2011 11:51 PM : 8b5b4bec86a77d10820e0ba21249a6b7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntoskrnl.exe : 3,915,632 : 03/30/2012 11:43 PM : d909eafa618bc9db2615303da3d9c830 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntoskrnl.exe : 3,915,632 : 08/30/2012 01:11 PM : 60d216c90a0a306a2a1e69b9ec4a2ba7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntoskrnl.exe : 3,915,112 : 01/04/2013 10:53 PM : d93b06f0419392a2bea3ddcffb78ff37 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_6c806c692ea0fe82\ntoskrnl.exe : 3,915,608 : 03/19/2013 10:04 AM : 9eba1c36121835e6828ac9903f1f9ae0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe : 3,912,576 : 04/09/2011 10:02 AM : 5d21c487f79f8245e799071589e035bf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe : 3,912,576 : 06/22/2011 11:33 PM : fb58abd5e1f75a2cf713c9dff0ec0804 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntoskrnl.exe : 3,912,560 : 10/25/2011 11:47 PM : 9dbee8d5230881b583cf95f7c3bb8bb0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe : 3,913,072 : 03/30/2012 11:39 PM : 28f44480e411c3ddf04b63f6560e6ef4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe : 3,914,096 : 08/30/2012 11:12 AM : 948f0b444cb6cc35fe5f9de52420cb95 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe : 3,913,064 : 01/04/2013 11:00 PM : 82ff919e9236b0137b5c7455b0e1418a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntoskrnl.exe : 3,913,560 : 03/19/2013 11:04 AM : 2dfab8c3c394e95d262e1325bda5dfe4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe : 3,912,576 : 04/09/2011 11:01 AM : d385343510b75545ec5db3a64c2d2492 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe : 3,912,576 : 06/23/2011 11:55 AM : 90efdb506f6140eea9dee398d9449d86 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntoskrnl.exe : 3,915,120 : 10/26/2011 11:01 AM : eb58b25af04d7c036e648e0406aab431 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe : 3,916,656 : 03/30/2012 11:37 PM : 2e02a17e8965ad671e4987e503ad38b1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe : 3,917,168 : 08/30/2012 11:06 AM : 5355a85d26eecfa3a68b1f55b0c59a20 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe : 3,916,648 : 01/04/2013 10:49 PM : 2e083c7d9ca98b63fa8f8062874e9327 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntoskrnl.exe : 3,916,632 : 03/18/2013 11:41 PM : 80a652978002318c9723d43cfa618816 [Pos Repl]

* C:\Windows\System32\ole32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll : 1,412,608 : 07/13/2009 08:16 PM : 4acb903ad1693858a918907358cbd9e4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll : 1,413,632 : 06/29/2010 08:02 AM : e2c2d8c982316c8abf800c6ce3f28fab [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll : 1,414,144 : 06/28/2010 11:56 PM : 40e6bf57f6a923038b94c07387118089 [Pos Repl]

* C:\Windows\System32\olepro32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll : 90,112 : 07/13/2009 08:16 PM : c10459dbdc2099c5a8428cb7d87db85f [Pos Repl]

* C:\Windows\System32\perfctrs.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll : 39,424 : 07/13/2009 08:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl]

* C:\Windows\System32\powrprof.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll : 145,408 : 07/13/2009 08:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl]

* C:\Windows\System32\psbase.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15\psbase.dll : 50,688 : 07/13/2009 08:16 PM : 274992d0945889a6b56d0e1bd4288a6e [Pos Repl]

* C:\Windows\System32\pstorsvc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15\pstorsvc.dll : 23,552 : 07/13/2009 08:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [Pos Repl]

* C:\Windows\System32\qmgr.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll : 589,312 : 07/13/2009 08:16 PM : 53f476476f55a27f580661bde09c4ec4 [Pos Repl]

* C:\Windows\System32\rasadhlp.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll : 11,776 : 07/13/2009 08:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl]

* C:\Windows\System32\regsvc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll : 112,640 : 07/13/2009 08:16 PM : cb9a8683f4ef2bf99e123d79950d7935 [Pos Repl]

* C:\Windows\System32\rpcss.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll : 376,320 : 07/13/2009 08:16 PM : b82cd39e336973359d7c9bf911e8e84f [Pos Repl]

* C:\Windows\System32\scecli.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll : 175,616 : 07/13/2009 08:16 PM : 26073302daea83cc5b944c546d6b47d2 [Pos Repl]

* C:\Windows\System32\schannel.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_21eca131b6966c32\schannel.dll : 220,160 : 07/13/2009 08:16 PM : 0a53fd4ebbd92002ccc362a9b8087885 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16661_none_21fe4593b689c669\schannel.dll : 224,256 : 08/21/2010 08:36 AM : 21cf5c7d8d727dcc337a1d251b6135f4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_22385c09b65d9785\schannel.dll : 224,768 : 11/16/2011 11:39 PM : 83041697ae93aa4b783ae8746904edd2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.17035_none_22229453b66e02a9\schannel.dll : 225,280 : 06/01/2012 11:48 PM : 76c48f0cd8a526858ab9a4886586942a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.20785_none_227643aecfb40371\schannel.dll : 224,256 : 08/19/2010 11:30 PM : bf33806d317af52b6860a82d9fdc7e00 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_22684ed2cfbf00ed\schannel.dll : 224,768 : 11/17/2011 11:15 AM : cb6b6b1f8d283de4540445c5313cb445 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21225_none_22b702f0cf8383a9\schannel.dll : 225,280 : 06/01/2012 11:45 PM : 1f7939c11281755a7b0a6ac47929f701 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_2413e923b38c1f62\schannel.dll : 224,768 : 11/16/2011 11:34 PM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17856_none_23f47b8fb3a389b3\schannel.dll : 225,280 : 06/01/2012 11:40 PM : 3d3cbd1847f980fb03343a63671e7886 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_246e4516cccdc994\schannel.dll : 224,768 : 11/16/2011 11:29 PM : 3dbcbd8adb406c43a2127544d7ba974e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22010_none_24a32e70cca654f1\schannel.dll : 225,280 : 06/01/2012 11:55 PM : c5b2dc72f2453cef2e150a81f696703d [Pos Repl]

* C:\Windows\System32\schedsvc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_2ed774b4f8560e29\schedsvc.dll : 743,424 : 07/13/2009 08:16 PM : 3e8b0c453e25613a1f59762a5c42aa75 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_2ed0aba2f85a86eb\schedsvc.dll : 749,056 : 11/01/2010 11:39 PM : df1e5c82e4d09cf8105cc644980c4803 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_2f922742114f9827\schedsvc.dll : 749,056 : 11/01/2010 11:28 PM : 0f7a8520f0895e6f0f1a0a3fd3ea40d4 [Pos Repl]

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe : 259,072 : 07/13/2009 08:14 PM : 5f1b6a9c35d3d5ca72d6d6fdef9747d6 [Pos Repl]

* C:\Windows\System32\setupapi.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_34cbafd427916fc6\setupapi.dll : 1,668,608 : 07/13/2009 08:16 PM : 41323ab614a2b66ad77b1121d24ac895 [Pos Repl]

* C:\Windows\System32\sfc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll : 2,560 : 07/13/2009 08:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl]

* C:\Windows\System32\shsvcs.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_cd06b34d7e412c53\shsvcs.dll : 328,192 : 07/13/2009 08:16 PM : cd2e48fa5b29ee2b3b5858056d246ef2 [Pos Repl]

* C:\Windows\System32\smss.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe : 69,632 : 07/13/2009 08:14 PM : 16742790895960690237a5143cedec8b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe : 69,632 : 03/18/2013 09:50 PM : b24bf638652522bb5e14ab7993fd4a5d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe : 69,632 : 03/18/2013 09:51 PM : 37f4765554f2cd34aaab616f696e5539 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe : 69,632 : 03/18/2013 09:49 PM : de91dcc7bc55e940979097e98f743205 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe : 69,632 : 03/18/2013 09:43 PM : 0294cc751d7faeb13621eefb8a749429 [Pos Repl]

* C:\Windows\System32\spoolsv.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe : 316,416 : 07/13/2009 08:14 PM : 49b6dd6ab3715b7a67965f17194e98a9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe : 316,928 : 08/21/2010 08:32 AM : d1bb750eb51694de183e08b9c33be5b2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe : 316,928 : 08/19/2010 11:25 PM : 2fb4ce429488156b19c0d8e5c4552043 [Pos Repl]

* C:\Windows\System32\ssdpsrv.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll : 162,816 : 07/13/2009 08:16 PM : d887c9fd02ac9fa880f6e5027a43e118 [Pos Repl]

* C:\Windows\System32\svchost.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe : 20,992 : 07/13/2009 08:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl]

* C:\Windows\System32\tapisrv.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll : 241,664 : 07/13/2009 08:16 PM : 2f46b0c70a4adc8c90cf825da3b4feaf [Pos Repl]

* C:\Windows\System32\taskeng.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe : 190,464 : 07/13/2009 08:14 PM : de5dacebd4c89834ec6d2c41c8643cda [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe : 192,000 : 11/01/2010 11:34 PM : f8952e80b7f778da2f7aa8393ca2d30e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe : 192,000 : 11/01/2010 11:24 PM : 41c52af44fb96bddb1efb25d2d943bba [Pos Repl]

* C:\Windows\System32\taskhost.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_2814fe7cbba96e6a\taskhost.exe : 49,152 : 07/13/2009 08:14 PM : 8f4f5a5c1bae72ce6eaeea1ca3f98ca2 [Pos Repl]

* C:\Windows\System32\termsrv.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll : 543,232 : 07/13/2009 08:16 PM : a01e50a04d7b1960b33e92b9080e6a94 [Pos Repl]

* C:\Windows\System32\upnphost.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll : 266,752 : 07/13/2009 08:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl]

* C:\Windows\System32\user32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811,520 : 07/13/2009 08:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]

* C:\Windows\System32\userinit.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe : 26,112 : 07/13/2009 08:14 PM : 6de80f60d7de9ce6b8c2ddfdf79ef175 [Pos Repl]

* C:\Windows\System32\usp10.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll : 627,200 : 07/13/2009 08:16 PM : 0ba19f3198c40ac4e8cc66ee02eda6c6 [Pos Repl]

* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_a5baf0f767e33083\uxtheme.dll : 249,856 : 08/01/2009 05:18 PM : 6f3b7aef46f7af69d179d022ccead4e6 [Pos Repl]

* C:\Windows\System32\version.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll : 21,504 : 07/13/2009 08:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl]

* C:\Windows\System32\w32time.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll : 288,768 : 07/13/2009 08:16 PM : 55187fd710e27d5095d10a472c8baf1c [Pos Repl]

* C:\Windows\System32\wbem\wmiprvse.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7600.16385_none_103914aeecb89f38\WmiPrvSE.exe : 254,976 : 07/13/2009 08:14 PM : 203c3380a744ca5b9b1a9caeb57f7d57 [Pos Repl]

* C:\Windows\System32\wdigest.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_3aa3a13ade08a93a\wdigest.dll : 171,520 : 07/13/2009 08:16 PM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl]

* C:\Windows\System32\wiaservc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178\wiaservc.dll : 462,336 : 07/13/2009 08:16 PM : a22825e7bb7018e8af3e229a5af17221 [Pos Repl]

* C:\Windows\System32\wininet.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll : 977,920 : 07/13/2009 08:16 PM : 0d874f3bc751cc2198af2e6783fb8b35 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll : 978,944 : 11/04/2010 08:52 AM : a7360a3b20b38f1d6a09402fb6e9e2c3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll : 981,504 : 12/17/2010 11:32 PM : f019fca21f609e34b79ae130681d08f7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll : 981,504 : 12/20/2010 11:38 PM : 78b9ada2bc8946af7b17678e0d07a773 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll : 981,504 : 02/23/2011 11:32 PM : 214605c48ae416bc067c39d227cfcc57 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll : 981,504 : 04/22/2011 02:31 PM : 27cdaf355cce3762c7f13719e814418b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll : 981,504 : 06/21/2011 02:36 AM : ee0d7471ebf9ce40cc4a203b1f90f028 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll : 981,504 : 08/19/2011 11:38 PM : 1dbc7303366c0c9b80e51c4b4becb7ed [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll : 981,504 : 11/04/2011 11:35 PM : 7f5b51faca193430346970283c50769f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll : 981,504 : 12/16/2011 11:02 AM : 653109c31f7f190072c9e4df31154225 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll : 981,504 : 11/04/2010 11:53 AM : 749a4ddb8915066566e2bb38c2618048 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll : 981,504 : 12/17/2010 11:31 PM : 025031c16d3a486f6afe1c9b2fb1ade0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll : 981,504 : 12/20/2010 11:29 PM : 1b3dd46bc6396143a205eaaf05f38039 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll : 982,016 : 02/23/2011 11:46 PM : da2950bad7306006eba77dd93cc42690 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll : 982,016 : 04/22/2011 02:13 PM : e391db6e8ca3638b9772a990e6d280ff [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll : 982,016 : 06/21/2011 02:26 AM : 6dc5a5f57facff20149f04440bb4523c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll : 982,016 : 08/19/2011 11:35 PM : 79ffa6c81f9f5b2244c5668d08387ea6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll : 982,016 : 11/04/2011 11:37 PM : e49448acd38a375e4fbccb87056e1467 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll : 982,016 : 12/16/2011 11:51 AM : 8dfdd881cef74ed749ba968e060418ca [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll : 981,504 : 03/06/2011 11:33 PM : a5b19b240901cab0c8e7767d2873613e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll : 981,504 : 04/22/2011 02:10 PM : 2ca020eacdc6ddb2bea89fea02c90945 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll : 981,504 : 06/21/2011 02:28 AM : 748fd4cab1affd90a9556eb7d5aa1feb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll : 981,504 : 08/19/2011 11:31 PM : dbf24e87cb605a4f6e7424dd86f7a62c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll : 981,504 : 11/04/2011 11:35 PM : 19714fa7d7204d9bee1ee12791da9010 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll : 981,504 : 12/16/2011 11:54 AM : bdb7450cc556f238fd973c9da300feb8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll : 981,504 : 03/06/2011 11:22 PM : edeb2904636b657782f824d8ff97d0b8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll : 981,504 : 04/22/2011 02:51 PM : 7a11db452989040ad8570a3dce2e9de2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll : 981,504 : 06/21/2011 02:49 AM : d1e7c4fa045b34c32d12bfbb415ebe1b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll : 981,504 : 08/20/2011 02:53 AM : 7570fa3fc82e08fb637e32d2d95db41d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll : 982,016 : 11/04/2011 11:31 PM : 1903228fe0c7d402b26a217f8d7713fd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll : 982,016 : 12/16/2011 11:00 AM : 808c0ce9d4dbc0a6f72761294eb10fb2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll : 1,127,424 : 03/01/2012 11:01 AM : 1d94fa7c81d2ffe494af094619ba706f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll : 1,127,424 : 02/27/2012 07:11 PM : 44465367256d1c72b58f5abaa19e7016 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll : 1,129,472 : 05/17/2012 05:35 PM : 1c191a4f0960f21b5d58c8a65baf5427 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll : 1,129,472 : 06/02/2012 05:25 AM : 8e87270c4704cf2951e1e7820d6c8a2b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll : 1,129,472 : 06/28/2012 07:09 PM : 75a97a2c060e72ab49e071e08c7dd2ba [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_1a47262dbc329dd7\wininet.dll : 1,129,472 : 08/24/2012 07:51 AM : 5553611e2f9ea6f613079177f1233068 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll : 1,129,472 : 10/08/2012 07:48 AM : 9cb0d2a9a77d91d9614355ee9ff00519 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16457_none_1a4e2833bc2c4f38\wininet.dll : 1,129,472 : 11/13/2012 07:57 PM : 7fa3a810f383588d46220967de8b64ff [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll : 1,129,472 : 01/08/2013 04:03 PM : b49b56b64f57699a1a663d2cf7d0a56f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_1a318655bc42d5b9\wininet.dll : 1,129,472 : 02/01/2013 09:30 PM : 03728c624d05c2f157bbd46f6b7f6ea0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16476_none_1a378811bc3d6dc3\wininet.dll : 1,129,472 : 02/21/2013 09:38 PM : c5b6468422db1c8aa36c32cbb0197e5e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll : 1,127,424 : 02/27/2012 06:58 PM : 11a34dca08eb2a586246f2d6c2a81d58 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll : 1,129,472 : 05/17/2012 05:19 PM : 43bac67996d8765a5f1b3a4ea6231e21 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll : 1,129,472 : 06/02/2012 05:16 AM : e430161a632f9a8fe512de0ca5685559 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll : 1,129,472 : 06/28/2012 05:54 PM : 54c30a4066a28f9a017e095e283b2762 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_1ad7c4fed549ef02\wininet.dll : 1,129,472 : 08/24/2012 05:12 AM : 2895e29efcfc0b1bcf8aee1a0c67913c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll : 1,129,472 : 10/08/2012 05:37 AM : 6e3ac8a54a1881806ba2b58539483788 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20565_none_1acaf47ed553d845\wininet.dll : 1,129,472 : 11/13/2012 07:33 PM : 0635d714351f842d43ea184e75c4a3ff [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_1abe23fed55dc188\wininet.dll : 1,129,472 : 01/08/2013 02:41 PM : 16c45e6881449c6330567e51c13920fa [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_1ab05334d5689174\wininet.dll : 1,129,472 : 02/01/2013 09:36 PM : 1284d72c04b553ed5382ea14303d66db [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20586_none_1ab654f0d563297e\wininet.dll : 1,129,984 : 02/21/2013 09:35 PM : 490e24d5e427dfa55b1c1182f0db861c [Pos Repl]

* C:\Windows\System32\wininit.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe : 96,256 : 07/13/2009 08:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl]

* C:\Windows\System32\winlogon.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe : 285,696 : 07/13/2009 08:14 PM : 8ec6a4ab12b8f3759e21f8e3a388f2cf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe : 285,696 : 10/28/2009 08:17 AM : 37cdb7e72eb66ba85a87cbe37e7f03fd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe : 285,696 : 10/28/2009 08:52 AM : 3babe6767c78fbf5fb8435feed187f30 [Pos Repl]

* C:\Windows\System32\ws2_32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll : 206,336 : 07/13/2009 08:16 PM : daae8a9b8c0acc7f858454132553c30d [Pos Repl]

* C:\Windows\System32\ws2help.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll : 4,608 : 07/13/2009 08:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl]

* C:\Windows\System32\wuauclt.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe : 47,104 : 07/13/2009 08:14 PM : b0da80ff42a0819d162a86612896aaf2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe : 53,784 : 06/02/2012 05:19 PM : 2e0b0a051ffaa86e358465bb0880d453 [Pos Repl]

* C:\Windows\explorer.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe : 2,613,248 : 07/13/2009 08:14 PM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe : 2,613,248 : 08/03/2009 08:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe : 2,614,272 : 10/31/2009 08:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe : 2,613,248 : 08/03/2009 08:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe : 2,614,272 : 10/31/2009 08:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 05/21/2013 06:18:06 PM
Execution time: 0 hours(s), 9 minute(s), and 18 seconds(s)




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Scan -- Date : 05/23/2013 20:49:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Adobe (C:\Users\Jon\AppData\Roaming\34735E\34735E.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-319656707-540591754-2592210645-1001[...]\Policies\Explorer\Run : Adobe (C:\Users\Jon\AppData\Roaming\34735E\34735E.exe) [-] -> FOUND
[IFEO] HKLM\[...]\housecalllauncher.exe : Debugger (a_.exe) -> FOUND
[IFEO] HKLM\[...]\rstrui.exe : Debugger (n_.exe) -> FOUND
[IFEO] HKLM\[...]\spybotsd.exe : Debugger (a_.exe) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] $NtUninstallKB50504$ : C:\Windows\$NtUninstallKB50504$ --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822AS ATA Device +++++
--- User ---
[MBR] 53021e042d0626832f9745ade0eb7612
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 182569 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 113d70eda4ff86966fd28b29faec740e
[BSP] 05cf8b6324cc745fcdc06d0927a65ac8 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo
1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo
2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo
3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05232013_02d2049.txt >>
RKreport[1]_S_05232013_02d2049.txt



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Remove -- Date : 05/23/2013 20:51:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Adobe (C:\Users\Jon\AppData\Roaming\34735E\34735E.exe) [-] -> DELETED
[IFEO] HKLM\[...]\housecalllauncher.exe : Debugger (a_.exe) -> DELETED
[IFEO] HKLM\[...]\rstrui.exe : Debugger (n_.exe) -> DELETED
[IFEO] HKLM\[...]\spybotsd.exe : Debugger (a_.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\Windows\$NtUninstallKB50504$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] 1511017511 : C:\Windows\$NtUninstallKB50504$\1511017511 [-] --> REMOVED
[Del.Parent][FILE] @ : C:\Windows\$NtUninstallKB50504$\2909104173\@ [-] --> REMOVED
[Del.Parent][FILE] bckfg.tmp : C:\Windows\$NtUninstallKB50504$\2909104173\bckfg.tmp [-] --> REMOVED
[Del.Parent][FILE] cfg.ini : C:\Windows\$NtUninstallKB50504$\2909104173\cfg.ini [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\Windows\$NtUninstallKB50504$\2909104173\Desktop.ini [-] --> REMOVED
[Del.Parent][FILE] keywords : C:\Windows\$NtUninstallKB50504$\2909104173\keywords [-] --> REMOVED
[Del.Parent][FILE] kwrd.dll : C:\Windows\$NtUninstallKB50504$\2909104173\kwrd.dll [-] --> REMOVED
[Del.Parent][FILE] xadqgnnk : C:\Windows\$NtUninstallKB50504$\2909104173\L\xadqgnnk [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB50504$\2909104173\L --> REMOVED
[Del.Parent][FILE] lsflt7.ver : C:\Windows\$NtUninstallKB50504$\2909104173\lsflt7.ver [-] --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\Windows\$NtUninstallKB50504$\2909104173\U\00000001.@ [-] --> REMOVED
[Del.Parent][FILE] 00000002.@ : C:\Windows\$NtUninstallKB50504$\2909104173\U\00000002.@ [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB50504$\2909104173\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\$NtUninstallKB50504$\2909104173\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000004.@ : C:\Windows\$NtUninstallKB50504$\2909104173\U\80000004.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\$NtUninstallKB50504$\2909104173\U\80000032.@ [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB50504$\2909104173\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB50504$\2909104173 --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] ROOT : C:\Windows\$NtUninstallKB50504$ --> REMOVED AT REBOOT

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822AS ATA Device +++++
--- User ---
[MBR] 53021e042d0626832f9745ade0eb7612
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 182569 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 113d70eda4ff86966fd28b29faec740e
[BSP] 05cf8b6324cc745fcdc06d0927a65ac8 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo
1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo
2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo
3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_05232013_02d2051.txt >>
RKreport[1]_S_05232013_02d2049.txt ; RKreport[2]_D_05232013_02d2051.txt



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Shortcuts HJfix -- Date : 05/23/2013 20:56:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 124 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 192 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume3 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3]_SC_05232013_02d2056.txt >>
RKreport[1]_S_05232013_02d2049.txt ; RKreport[2]_D_05232013_02d2051.txt ; RKreport[3]_SC_05232013_02d2056.txt



combo fix

ComboFix 13-05-23.02 - Jon 05/23/2013 21:11:41.1.2 - x86
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.3071.2435 [GMT -5:00]
Running from: G:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Drop Down Deals
C:\Program Files\Drop Down Deals\OptChrome.exe._rb
C:\Program Files\Drop Down Deals\YontooLayers.crx._rb
C:\ProgramData\1359777545.bdinstall.bin
C:\ProgramData\1359864047.bdinstall.bin
C:\ProgramData\1359864051.bdinstall.bin
C:\ProgramData\1359865868.bdinstall.bin
C:\ProgramData\1359865869.bdinstall.bin
C:\Users\Jon\0ki7znduokheb.exe
C:\Users\Jon\AppData\Roaming\64dlls.exe
C:\Users\Jon\AppData\Roaming\intel64.exe
C:\Users\Jon\AppData\Roaming\Kernel32.exe
C:\Users\Jon\AppData\Roaming\localsys64.exe
C:\Users\Jon\AppData\Roaming\ntos.exe
C:\Users\Jon\AppData\Roaming\oembios.exe
C:\Users\Jon\AppData\Roaming\sdra64.exe
C:\Users\Jon\AppData\Roaming\sdra73.exe
C:\Users\Jon\AppData\Roaming\swin32.exe
C:\Users\Jon\AppData\Roaming\twex.exe
C:\Users\Jon\AppData\Roaming\twext.exe
C:\Users\Jon\AppData\Roaming\win32avs.exe
C:\Users\Jon\AppData\Roaming\wsnpoema.exe
C:\Users\Jon\cgadtf6cu60h2.exe
C:\Users\Jon\EULA.txt
C:\Windows\$NtUninstallKB50504$
C:\Windows\setup.exe
C:\Windows\system\CMICNFG3.cpl
C:\Windows\system32\rockers.reg
C:\Windows\wininit.ini
D:\Autorun.inf

Infected copy of C:\Windows\system32\userinit.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe


((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))


2013-05-24 01:48:20 . 2013-05-24 01:48:20 15616 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2013-05-21 23:10:13 . 2012-05-25 18:14:24 42864 ----a-w- C:\Windows\system32\sbbd.exe
2013-05-21 23:10:13 . 2012-05-25 18:14:24 101112 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2013-05-21 21:09:44 . 2013-05-21 21:09:54 -------- d-----w- C:\@GMT-2013.05.09-08.59.47
2013-05-19 23:13:41 . 2013-05-19 23:13:41 -------- d-----w- C:\Users\Jon\AppData\Roaming\IGG
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-05-15 13:06:52 . 2011-03-28 23:36:46 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 10:00:06 . 2013-01-31 01:18:42 692104 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-05-15 10:00:06 . 2012-02-06 05:52:37 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 13:58:11 . 2013-04-23 20:36:46 1210728 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2013-03-19 05:06:09 . 2013-04-10 09:39:54 3958120 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2013-03-19 05:06:09 . 2013-04-10 09:39:54 3902312 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-19 04:54:22 . 2013-04-10 09:39:53 38912 ----a-w- C:\Windows\system32\csrsrv.dll
2013-03-19 02:50:03 . 2013-04-10 09:39:53 69632 ----a-w- C:\Windows\system32\smss.exe
2013-03-01 03:11:14 . 2013-04-10 09:40:01 2345984 ----a-w- C:\Windows\system32\win32k.sys
2013-02-26 06:22:36 . 2013-02-26 06:22:36 1985824 ----a-w- C:\Windows\system32\nvcuvenc.dll
2013-02-26 06:22:36 . 2012-10-11 03:14:22 1017120 ----a-w- C:\Windows\system32\nvdispco32.dll
2013-02-26 06:22:34 . 2013-02-26 06:22:34 6262608 ----a-w- C:\Windows\system32\nvopencl.dll
2013-02-26 06:22:32 . 2012-10-11 03:14:50 892704 ----a-w- C:\Windows\system32\nvdispgenco32.dll
2013-02-26 06:22:32 . 2011-01-07 02:55:51 2505144 ----a-w- C:\Windows\system32\nvapi.dll
2013-02-26 06:22:32 . 2011-01-07 02:55:51 12641992 ----a-w- C:\Windows\system32\nvwgf2um.dll
2013-02-26 06:22:30 . 2011-01-07 02:55:51 15129960 ----a-w- C:\Windows\system32\nvd3dum.dll
2013-02-26 06:22:26 . 2013-02-26 06:22:26 7932256 ----a-w- C:\Windows\system32\nvcuda.dll
2013-02-26 06:22:22 . 2013-02-26 06:22:22 17560352 ----a-w- C:\Windows\system32\nvcompiler.dll
2013-02-26 06:22:08 . 2013-02-26 06:22:08 20449056 ----a-w- C:\Windows\system32\nvoglv32.dll
2013-02-26 06:22:06 . 2013-02-26 06:22:06 8939296 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2013-02-26 06:22:06 . 2013-02-26 06:22:06 2720544 ----a-w- C:\Windows\system32\nvcuvid.dll
2013-02-06 02:26:09 . 2013-02-06 02:25:56 262552 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2011-01-07 03:53:39 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\user32.dll
[7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 16:07:54 252296]
"P17RunE"="P17RunE.dll" [2008-03-28 21:57:30 14848]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 19:53:10 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 05:53:56 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="C:\Windows\system32\OobeFldr.dll" [2009-09-11 12:39:10 859648]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\Windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup

R1 SASKUTIL;SASKUTIL;G:\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [x]
R3 apf001;apf001;C:\Game\SoftnyxGame\GunBoundIS\apf001.sys [x]
R3 apf003;apf003;C:\Windows\system32\apf003.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athur.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe [x]
R3 cpuz134;cpuz134;C:\Users\Jon\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleXNt;EagleXNt;C:\Windows\system32\drivers\EagleXNt.sys [x]
R3 ESEADriver2;ESEADriver2;C:\Users\Jon\AppData\Local\Temp\ESEADriver2.sys [x]
R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva401;XDva401;C:\Windows\system32\XDva401.sys [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
S1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-08 01:20:47 1642448 ----a-w- C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-05-24 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 01:18:43 . 2013-05-15 10:00:07]

2013-05-24 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-08 01:10:01 . 2013-05-08 01:09:56]

2013-05-24 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-08 01:10:01 . 2013-05-08 01:09:56]


------- Supplementary Scan -------

uStart Page = hxxp://search.yahoo.com?type=800236&fr=spigot-yhp-ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath -


------- File Associations -------

.txt=SecurePad.TXT

- - - - ORPHANS REMOVED - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-BitTorrent - C:\Program Files\BitTorrent\BitTorrent.exe
AddRemove-McAfee Security Scan - C:\Program Files\McAfee Security Scan\uninstall.exe
AddRemove-World of Warcraft - C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
AddRemove-IGG Web3D Player_is1 - C:\Users\Jon\AppData\Roaming\IGG\Web3D\1.0.0.38\unins000.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="C:\Windows\system32\GameMon.des -service"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE

**************************************************************************

Completion time: 2013-05-23 21:27:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-24 02:27:01

Pre-Run: 53,440,532,480 bytes free
Post-Run: 53,380,579,328 bytes free

- - End Of File - - 3B513C371FD0DB839193F561A2056383

adwcleaner

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 21:36:35
# Updated 16/05/2013 by Xplode
# Operating system : Windows Seven Black Edition (32 bits)
# User : Jon - JON-PC
# Boot Mode : Normal
# Running from : G:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [609 octets] - [23/05/2013 21:32:37]
AdwCleaner[R2].txt - [541 octets] - [23/05/2013 21:36:35]
AdwCleaner[S1].txt - [668 octets] - [23/05/2013 21:33:15]

########## EOF - C:\AdwCleaner[R2].txt - [659 octets] ##########
  • 0

#6
Jasmyne
Posted 23 May 2013 - 09:00 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Jhoffz88,

I'll go through the scans and see what was found and where we need to go from there. While I'm doing that could you please run a fresh OTL log. :)

Thanks,

Jasmyne

Fresh OTL Scan
  • Double click OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic.

  • 0

#7
Jhoffz88
Posted 23 May 2013 - 09:08 PM

Jhoffz88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
oops i did just forgot to post it with them, sorry im a ding dong lol

OTL logfile created on: 5/23/2013 9:39:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.70% Memory free
6.00 Gb Paging File | 5.15 Gb Available in Paging File | 85.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.29 Gb Total Space | 49.83 Gb Free Space | 27.95% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.40 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 7.12 Gb Free Space | 95.55% Space Free | Partition Type: FAT32

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/22 19:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013/01/18 09:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/01/18 09:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/10 10:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/05/15 05:00:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/26 01:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/05 21:26:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/11 21:27:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/10/24 16:02:58 | 004,999,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 04:01:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/28 03:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | System | Stopped] -- G:\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jon\AppData\Local\Temp\ESEADriver2.sys -- (ESEADriver2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jon\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundIS\apf001.sys -- (apf001)
DRV - [2013/05/23 20:48:20 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2013/02/26 01:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/12 18:09:56 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/01/06 21:54:08 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2011/01/06 21:54:08 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/09/07 15:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/06/20 22:26:36 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/06/20 22:26:36 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/06/20 22:26:36 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/06/20 22:26:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/05/12 05:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2009/10/16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/02/19 22:34:00 | 001,877,312 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C151DC94-7231-4781-8AEA-E70F4D36093B}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E8B856F0-07C2-49F8-89BF-C8FF3DC5D01C}: "URL" = http://start.pogo.ip...q={searchTerms}
IE - HKCU\..\SearchScopes\{FADAF79F-5160-A735-645A-89C6F36CD600}: "URL" = http://www.bing.com/...021&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\Jon\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll File not found
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\Jon\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/30 12:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/06 03:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/06 03:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 21:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/05 21:26:03 | 000,000,000 | ---D | M]

[2013/02/05 21:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/05 21:26:09 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 03:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/08 18:06:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/01/09 20:28:36 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober213620374.xml
[2012/10/12 14:29:24 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/03/26 20:09:40 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober156772877.xml
[2011/04/15 22:41:25 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober97895541.xml

O1 HOSTS File: ([2013/05/23 21:23:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA04278D-9A05-4EB7-988D-CEA818035CD4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 16:42:22 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 21:27:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/23 21:23:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/23 21:00:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/23 21:00:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/23 21:00:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/23 21:00:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/23 21:00:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/23 21:00:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/23 20:48:01 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\RK_Quarantine
[2013/05/21 18:10:13 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2013/05/21 18:10:13 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/21 16:09:44 | 000,000,000 | ---D | C] -- C:\@GMT-2013.05.09-08.59.47
[2013/05/19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\IGG
[2013/05/07 20:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/07 20:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/23 21:40:08 | 004,289,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/23 21:40:08 | 001,347,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/23 21:34:54 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 21:34:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 21:34:39 | 2415,267,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 21:33:48 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 21:33:48 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 21:33:27 | 000,000,118 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/23 21:28:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 21:23:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/23 21:00:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 20:48:20 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/20 22:30:05 | 016,409,811 | ---- | M] () -- C:\Users\Jon\Desktop\spybotsd162.rar
[2013/05/07 20:21:02 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/01 18:38:57 | 206,373,954 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 21:33:23 | 000,000,118 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/23 21:00:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/23 21:00:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/23 21:00:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/23 21:00:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/23 21:00:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/23 20:48:20 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/20 22:29:53 | 016,409,811 | ---- | C] () -- C:\Users\Jon\Desktop\spybotsd162.rar
[2013/05/07 20:10:56 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/07 20:10:07 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 20:10:05 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/07 20:09:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 22:40:54 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/02/22 17:02:04 | 000,000,042 | ---- | C] () -- C:\Users\Jon\jagex_cl_oldschool_LIVE.dat
[2013/02/03 02:24:30 | 000,000,044 | ---- | C] () -- C:\Users\Jon\jagex_cl_loginapplet_LIVE.dat
[2013/01/29 14:59:37 | 000,154,424 | ---- | C] () -- C:\Users\Jon\Volumeid.exe
[2012/12/11 21:25:58 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012/12/11 21:25:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012/09/22 01:32:46 | 000,140,360 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/09/22 01:32:40 | 000,283,032 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/09/20 23:29:56 | 000,138,056 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\PnkBstrK.sys
[2012/09/20 23:24:57 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/20 23:24:56 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/09/01 03:38:33 | 006,908,648 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2012/08/18 01:05:47 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/08/12 18:09:56 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012/08/12 18:09:56 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012/08/11 22:21:10 | 000,000,043 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE3.dat
[2012/07/18 11:34:51 | 000,000,043 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE2.dat
[2012/07/07 13:57:26 | 000,000,047 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/03 23:43:48 | 000,000,043 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE1.dat
[2012/02/27 15:37:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/11/21 23:43:37 | 000,000,032 | ---- | C] () -- C:\Users\Jon\jagex_cl_runescape_LIVE.dat
[2011/11/21 23:43:37 | 000,000,024 | ---- | C] () -- C:\Users\Jon\random.dat
[2011/11/04 23:37:35 | 000,000,126 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2011/11/04 23:35:52 | 000,002,091 | R--- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2011/11/04 23:35:52 | 000,000,109 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2011/06/04 23:19:34 | 000,002,376 | R--- | C] () -- C:\Windows\cmudax3.ini
[2011/06/04 20:42:50 | 000,045,056 | ---- | C] () -- C:\Windows\CmUtil.dll
[2011/06/04 20:42:50 | 000,000,017 | ---- | C] () -- C:\Windows\CmSetx.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/19 22:46:41 | 000,000,000 | --SD | M] -- C:\Users\Jon\AppData\Roaming\34735E
[2011/08/07 10:42:04 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Ashampoo
[2013/03/09 21:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\BitComet
[2012/05/10 21:34:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\BitTorrent
[2011/03/16 01:44:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\blg
[2011/03/17 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\BloodTies
[2011/03/05 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dekovir
[2011/03/01 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/09 13:00:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\FixCleaner
[2012/08/18 00:36:56 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\FrostWire
[2011/01/06 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\GrabPro
[2013/02/03 06:28:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Hex-Rays
[2011/03/10 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\IBAGroup
[2013/05/19 18:13:41 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\IGG
[2013/02/02 23:40:18 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\IObit
[2011/04/23 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Leadertech
[2011/05/02 22:07:03 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\LolClient
[2012/05/23 20:03:43 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\LolClient2
[2011/03/18 00:58:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Ludia
[2011/03/28 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Merscom
[2011/01/08 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Notepad++
[2011/06/03 00:44:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Oberon Media
[2011/01/10 22:29:08 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Orbit
[2011/03/05 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\PlayFirst
[2011/03/26 20:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Pogo Games
[2011/04/12 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\purple
[2013/02/01 22:59:36 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\QuickScan
[2013/02/03 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Strongvault
[2011/12/03 03:10:47 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\TS3Client
[2011/01/09 21:25:24 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Unity
[2011/01/15 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\ZeroK

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0DE96CF5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FEECF2C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:CFA8C6E3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BCDC6E07
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:76403E94
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D3A82449
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7DC5D762
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:90BA5E08
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:067BF339
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:598E0FFA

< End of report >
  • 0

#8
Jasmyne
Posted 23 May 2013 - 09:12 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

oops i did just forgot to post it with them, sorry im a ding dong lol

Don't worry about it, it happens to all of us. :)
  • 0

#9
Jasmyne
Posted 24 May 2013 - 07:14 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Jhoffz88,

Since you have let me know that you have an illegally obtained copy of Windows and are now aware of the Terms of Use, if you can obtain a new license for Windows we will be able to continue, otherwise please let me know and we will close this thread.

Thank you,

Jasmyne
  • 0

#10
Jhoffz88
Posted 24 May 2013 - 12:53 PM

Jhoffz88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
yes getting a legal copy is the plan, the computer was given to me with it on there.
  • 0

Advertisements

#11
Jasmyne
Posted 25 May 2013 - 04:53 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Please download Dr Web Cureit from here to your desktop

The file will be randomly named
Reboot to safe mode
Run Dr Web
Tick the I agree box and select continue
Click select objects for scanning
Posted Image

Tick all boxes as shown
Click the wrench and select automatically apply actions to threats
Posted Image

Press start scan

The scan will now commence
Posted Image

Once the scan has finished click open report
Posted Image

A notepad will open
Select File > Save as..
Save it to your desktop
Upload the file to Mediafire and post the sharing link, or if you have dropbox then put it there and post the public link
  • 0

#12
Jhoffz88
Posted 25 May 2013 - 10:12 AM

Jhoffz88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
when trying to run the program off my desktop or even the flash drive it pops up the message that its running in epm mode, that even my desktop is infected and is recomended i run in EPM mode, to do so click ok, i do and then it does nothing further
  • 0

#13
Jasmyne
Posted 25 May 2013 - 11:25 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    Posted Image
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#14
Jhoffz88
Posted 25 May 2013 - 06:51 PM

Jhoffz88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
now that ive ran the scan with the usb backup and i try to reboot the computer i get this message "the group policy client service failed the logon. access is denied."
  • 0

#15
Jasmyne
Posted 25 May 2013 - 10:58 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Are you able to boot into safe mode?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP