Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer guy did not remove trojan!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 Kitkat1

Kitkat1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 31 March 2013 - 07:15 PM

I have several compromised computers and systems with varying degrees of infection.  I took one laptop that was least infected to a computer expert in order to have the drive formatted and wiped and a new OS, Windows 7 installed.  I turned it on to find that it was not formatted  completely.  The boot configuration screen when you press an F button upon boot still referred to Vista so I was concerned.


He was unreachable due to the holiday, so I attempted to reinstall Windows 7 with the disk I was given.  I tried several times to no avail.  I finally was able to connect to the lan at my home by connecting with ethernet cable.  I cannot update my router software for some reason, but I did try to immediately change my password for the router.   I have some security concerns with wireless networking so I disabled wireless in my router.

 

Every time this computer reboots, there are desktop.ini files and pagefile.sys files in random places, it tries to burn them to the cd disks and adds them to my usb sticks.  I am unable to clean this computer.  I figured since it is the least compromised, I could use this computer to help disinfect my other devices. 

 

I have run a DDS log and I have pasted it below.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by bobbi mcgee at 19:31:38 on 2013-03-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2551.1168 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TP-LINK\QSS\jswtrayutil.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\netsh.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mRun: [jswtrayutil] "c:\program files\tp-link\qss\jswtrayutil.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8320D4A1-35CA-46E4-B013-DA8355CD7323} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2013-3-31 20384]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2013-3-31 188416]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2013-3-31 954368]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2013-03-31 22:48:46 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ef1d616-0f04-4402-8836-e04326c67554}\mpengine.dll
2013-03-31 22:48:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-31 22:21:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-03-31 22:21:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-03-31 22:21:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-31 19:13:02 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2013-03-31 19:11:56 -------- d-----w- c:\programdata\Atheros
2013-03-31 19:10:39 -------- d-----w- c:\users\bobbi mcgee\appdata\roaming\TP-LINK
2013-03-31 19:10:24 -------- d-----w- c:\program files\TP-LINK
2013-03-31 19:10:16 1249792 ----a-w- c:\windows\system32\athr.sys
2013-03-31 19:09:40 -------- d-----w- c:\programdata\TP-LINK
2013-03-31 18:36:43 -------- d-----w- c:\users\bobbi mcgee\appdata\local\ElevatedDiagnostics
2013-03-31 17:40:43 -------- d-----w- c:\windows\Panther
2013-03-31 16:01:52 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-31 15:20:25 -------- d-----w- c:\users\bobbi mcgee\appdata\local\Diagnostics
.
==================== Find3M  ====================
.
.
============= FINISH: 19:32:08.49 ===============


 

Also attaching the attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2013 9:53:40 AM
System Uptime: 3/31/2013 6:17:25 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 30C0
Processor: Intel® Core™2 Duo CPU     T7300  @ 2.00GHz | U10 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 103.564 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IKEv2)
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (IKEv2)
PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Service: RasAgileVpn
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_2580\5&38E33CCA&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_2580\5&38E33CCA&0&2
Service:
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® ICH8 Family PCI Express Root Port 1 - 283F
Device ID: PCI\VEN_8086&DEV_283F&SUBSYS_30C0103C&REV_03\3&21436425&0&E0
Manufacturer: Intel
Name: Intel® ICH8 Family PCI Express Root Port 1 - 283F
PNP Device ID: PCI\VEN_8086&DEV_283F&SUBSYS_30C0103C&REV_03\3&21436425&0&E0
Service: pci
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&2F2343D7&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&2F2343D7&0&00E1
Service: netw5v32
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e977-e325-11ce-bfc1-08002be10318}
Description: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
Device ID: PCI\VEN_1180&DEV_0476&SUBSYS_30C0103C&REV_B6\4&288CC774&0&20F0
Manufacturer: RICOH
Name: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PNP Device ID: PCI\VEN_1180&DEV_0476&SUBSYS_30C0103C&REV_B6\4&288CC774&0&20F0
Service: pci
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Terminal Server Keyboard Driver
Device ID: ROOT\RDP_KBD\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Keyboard Driver
PNP Device ID: ROOT\RDP_KBD\0000
Service: TermDD
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: UMBus Enumerator
Device ID: UMB\UMB\1&841921D&0&PRINTERBUSENUMERATOR
Manufacturer: Microsoft
Name: UMBus Enumerator
PNP Device ID: UMB\UMB\1&841921D&0&PRINTERBUSENUMERATOR
Service: umbus
.
Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
Description: Generic PnP Monitor
Device ID: DISPLAY\LPLD600\4&30FBA05C&0&UID67568640
Manufacturer: (Standard monitor types)
Name: Generic PnP Monitor
PNP Device ID: DISPLAY\LPLD600\4&30FBA05C&0&UID67568640
Service: monitor
.
Class GUID:
Description:
Device ID: ACPI\HPQ0004\3&21436425&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0004\3&21436425&0
Service:
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30C0&REV_1002\4&21C5D16B&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30C0&REV_1002\4&21C5D16B&0&0001
Service: HdAudAddService
.
Class GUID:
Description:
Device ID: ACPI\HPQ0006\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&2
Service:
.
Class GUID: {4d36e96a-e325-11ce-bfc1-08002be10318}
Description: Intel® ICH8M Ultra ATA Storage Controllers - 2850
Device ID: PCI\VEN_8086&DEV_2850&SUBSYS_30C0103C&REV_03\3&21436425&0&F9
Manufacturer: Intel
Name: Intel® ICH8M Ultra ATA Storage Controllers - 2850
PNP Device ID: PCI\VEN_8086&DEV_2850&SUBSYS_30C0103C&REV_03\3&21436425&0&F9
Service: intelide
.
Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: Agere Systems HDA Modem
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&21C5D16B&0&0101
Manufacturer: Agere
Name: Agere Systems HDA Modem
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&21C5D16B&0&0101
Service: Modem
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
QSS Installation Program
TL-WN951N Driver
TP-LINK Wireless Configuration Utility
.
==== Event Viewer Messages From Past Week ========
.
3/31/2013 7:27:37 PM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:  The operation completed successfully.
3/31/2013 6:17:50 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom intelide pcmcia
.
==== End Of File ===========================

 

I am shocked to see the network activity on resource monitor now, it is a solid green graph of TCP connections and there are so many connections I have to scroll down to see them all.  Also, prior to giving up against these trojans, I used combofix, hijackthis, fixmbr, tdskiller malwarebytes, sas, spybot, norton 360, and none of them could fix this computer or the others that are infected that I have.  The MBRs and host files, drives, hardware, registry, drivers, etc. have all been infected on my computers and I suspect it will be hard to clean the computers that I do not want formatted because of the files.

 

I have been struggling with these issues for months, and am thankful that forums like this exist to help people.  Thanks in advance.

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 01 April 2013 - 06:15 PM

I thought I would post some logs that I just ran.  I tried to install avast last night but the trojans modified it before I could scan it and now I can't access it or even uninstall it for some reason.  I was only connected for an hour yesterday and for about twenty minutes today to give you an idea of the issues I am having.  The computer was constantly using memory even when the internet was unhooked and disabled.

 

Here are the new DDS logs below

 

DDS Logs again

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by bobbi mcgee at 19:07:25 on 2013-04-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2551.1787 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8320D4A1-35CA-46E4-B013-DA8355CD7323} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-31 49248]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-31 164736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-31 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-31 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-31 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-31 66336]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-31 45248]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2013-04-01 07:21:44 -------- d-----w- c:\users\bobbi mcgee\appdata\local\Apps
2013-04-01 00:44:48 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-01 00:44:47 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-01 00:44:47 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-01 00:44:45 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-01 00:44:44 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-01 00:44:03 -------- d-sh--w- c:\windows\Installer
2013-04-01 00:43:45 41664 ----a-w- c:\windows\avastSS.scr
2013-04-01 00:43:29 -------- d---a-w- c:\program files\AVAST Software
2013-04-01 00:42:35 -------- d-----w- c:\programdata\AVAST Software
2013-03-31 22:48:46 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ef1d616-0f04-4402-8836-e04326c67554}\mpengine.dll
2013-03-31 22:48:46 232336 ----a-w- c:\windows\system32\MpSigStub.exe
2013-03-31 22:21:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-03-31 22:21:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-03-31 22:21:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-03-31 22:21:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-31 19:13:02 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2013-03-31 19:11:56 -------- d-----w- c:\programdata\Atheros
2013-03-31 19:09:40 -------- d-----w- c:\programdata\TP-LINK
2013-03-31 18:36:43 -------- d-----w- c:\users\bobbi mcgee\appdata\local\ElevatedDiagnostics
2013-03-31 17:40:43 -------- d-----w- c:\windows\Panther
2013-03-31 16:01:52 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-31 15:20:25 -------- d-----w- c:\users\bobbi mcgee\appdata\local\Diagnostics
.
==================== Find3M  ====================
.
.
============= FINISH: 19:07:46.44 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2013 9:53:40 AM
System Uptime: 4/1/2013 6:55:40 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 30C0
Processor: Intel® Core™2 Duo CPU     T7300  @ 2.00GHz | U10 | 1980/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 103.253 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Terminal Server Keyboard Driver
Device ID: ROOT\RDP_KBD\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Keyboard Driver
PNP Device ID: ROOT\RDP_KBD\0000
Service: TermDD
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® ICH8 Family PCI Express Root Port 1 - 283F
Device ID: PCI\VEN_8086&DEV_283F&SUBSYS_30C0103C&REV_03\3&21436425&0&E0
Manufacturer: Intel
Name: Intel® ICH8 Family PCI Express Root Port 1 - 283F
PNP Device ID: PCI\VEN_8086&DEV_283F&SUBSYS_30C0103C&REV_03\3&21436425&0&E0
Service: pci
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: UMBus Enumerator
Device ID: UMB\UMB\1&841921D&0&PRINTERBUSENUMERATOR
Manufacturer: Microsoft
Name: UMBus Enumerator
PNP Device ID: UMB\UMB\1&841921D&0&PRINTERBUSENUMERATOR
Service: umbus
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&2F2343D7&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&2F2343D7&0&00E1
Service: netw5v32
.
Class GUID: {4d36e977-e325-11ce-bfc1-08002be10318}
Description: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
Device ID: PCI\VEN_1180&DEV_0476&SUBSYS_30C0103C&REV_B6\4&288CC774&0&20F0
Manufacturer: RICOH
Name: Ricoh R/RL/5C476(II) or Compatible CardBus Controller
PNP Device ID: PCI\VEN_1180&DEV_0476&SUBSYS_30C0103C&REV_B6\4&288CC774&0&20F0
Service: pci
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IKEv2)
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (IKEv2)
PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Service: RasAgileVpn
.
Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
Description: Generic PnP Monitor
Device ID: DISPLAY\LPLD600\4&30FBA05C&0&UID67568640
Manufacturer: (Standard monitor types)
Name: Generic PnP Monitor
PNP Device ID: DISPLAY\LPLD600\4&30FBA05C&0&UID67568640
Service: monitor
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID:
Description:
Device ID: ACPI\HPQ0004\3&21436425&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0004\3&21436425&0
Service:
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30C0&REV_1002\4&21C5D16B&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30C0&REV_1002\4&21C5D16B&0&0001
Service: HdAudAddService
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Description: Ricoh 1394 OHCI Compliant Host Controller
Device ID: PCI\VEN_1180&DEV_0832&SUBSYS_30C0103C&REV_02\4&288CC774&0&21F0
Manufacturer: Ricoh
Name: Ricoh 1394 OHCI Compliant Host Controller
PNP Device ID: PCI\VEN_1180&DEV_0832&SUBSYS_30C0103C&REV_02\4&288CC774&0&21F0
Service: 1394ohci
.
Class GUID:
Description:
Device ID: ACPI\HPQ0006\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&2
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: Agere Systems HDA Modem
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&21C5D16B&0&0101
Manufacturer: Agere
Name: Agere Systems HDA Modem
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&21C5D16B&0&0101
Service: Modem
.
Class GUID: {4d36e96a-e325-11ce-bfc1-08002be10318}
Description: Intel® ICH8M Ultra ATA Storage Controllers - 2850
Device ID: PCI\VEN_8086&DEV_2850&SUBSYS_30C0103C&REV_03\3&21436425&0&F9
Manufacturer: Intel
Name: Intel® ICH8M Ultra ATA Storage Controllers - 2850
PNP Device ID: PCI\VEN_8086&DEV_2850&SUBSYS_30C0103C&REV_03\3&21436425&0&F9
Service: intelide
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_2580\5&38E33CCA&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_2580\5&38E33CCA&0&2
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
avast! Free Antivirus
.
==== Event Viewer Messages From Past Week ========
.
4/1/2013 7:01:03 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {48DA6741-1BF0-4A44-8325-293086C79077}  and APPID  {48DA6741-1BF0-4A44-8325-293086C79077}  to the user bobbimcgee-PC\bobbi mcgee SID (S-1-5-21-1192416516-64041467-1537499077-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/1/2013 6:56:03 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom intelide pcmcia
4/1/2013 6:56:02 PM, Error: Service Control Manager [7000]  - The avast! Antivirus service failed to start due to the following error:  The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/1/2013 1:42:56 AM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/31/2013 7:27:37 PM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:  The operation completed successfully.
.
==== End Of File ===========================

 

 

If anyone can assist me, it would be sooooo appreciated!  Thanks!



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 05 April 2013 - 07:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

=http://www.bleepstatic.com/images/site/icons/steps/step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/490392 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gif If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 07 April 2013 - 09:44 PM

Hi there, I still really need help on this computer. I have thoroughly tried everything I could think of to fix this computer since the beginning of March. Things have gotten so out of hand, that I am down to typing this post from my iPhone using my cell data plan. This laptop has had windows 7 repaired with the boot disk at least 6 times in the last week or so. I also reinstalled the software 5 times, and even tried deleting the sick partition and adding new partitions, and adding OS on the unallocated part as I read was a solution to this kind of trojan. Today I tried for 7 hours to either connect to the Internet and/or get the OS reinstalled. It won't work!

Many BSODS and hang ups during scans. When I was able to connect to the Internet, I made two USB sticks with tools like rogue killer, hijackthis, avast, combo fix, aswcleaner, root repeal, dds , OTL, show hidden, spy bot, malware bytes etc. the virus is deleting the exe files from my sticks as I use them and depending on the laptop I am using, I can't even see the exe files in explorer.

I have three laptops, 3TB external drive, two net books, and likely several iphones ipods that are compromised. Our Yahoo mail has been hacked several times in the last 8 months
.
I think the whole problem started when someone in the house downloaded limewire etc about 2 years ago. we had file sharing enabled on the devices. we were also using 7 year old routers. This laptop i posted the scans about is the least infected. I had paid someone to have vista removed, and to format and install windows 7. I also sent in one other laptop with vista that I need to keep the files on. He was unable to clean the vista laptop, but told me this one was clean and had windows 7 fresh install.

Immediately I knew it was the same issue as updates were installing when I turned it on, these appear to be fake and jnvolve drivers for dozens of new devices in device manager. After every reboot, these devices enable themselves and the ones I delete are back. Auto play reenables itself, firewall resets to let all in, deleted files come back, services re enable themselves etc.

Remote Desktop connections are enabled, I had apple mobile device fake software, USB webcams, a key logger and location gps analyzer, photo file transfer software, audio and video remote recording software, etc.

When I could install AV programs, these have been rendered useless or compromised to allow the Trojans to go undetected. My windows firewall had new rules added to the default rules which allowed unrestricted access when I selected return to default option after restart.

In less than two weeks I had 158 PNP connections devices and I didn't install one. There are many open ports listening and waitinv to connect. I Pathpinged the ips from switzerland, kansas, new york, georgia and all over. in command prompt, the amount of helpers in netsh ras is staggering. there are mobile device connections, bluetooth connections, bluetooth remote file transfer adapters, teredo tunneljng, isatap etc. etc.

Right after the reinstalls, I cross my fingers and look for signs the trojan is still in the drive. i look in IE in Addons, there are over 20 addons that I cannot delete even as an administrator allowing scripts, XML, remote access etc.

There still remains the wonderful unkillable $recycle bin and page file.sys, desktop.ini etc,
All my log files are being gathered to send reports remotely. I am unable to delete files even with admin permission. All the files on the other computers have been synced remotely and have a little green icon showing on them. Every time I get an AV to scan and find malware and root kits in safe mode I get a BsOD on each computer. The gmer logs show MANY issues in the registries of the computers, the autostart, rootkits. If I terminate the services that remain after I click "hide legitimate" in spy bot, the computer shuts off without warning.

I planned on downloading RKill to stop this beast but I cannot even connect on my LAN now! I got a new router, and they have changed my password, and the time zone for the router was shanghai/hongkong. I got a warming about changing it back to the correct time zone. When I am connected to the Internet, the memory and CPU is 100 percent, the fan is running full blast all the time. The neteork icons say I am not connected, but netstat and tcpview program beg to differ!

Thank you for reading if you have got this far, maybe I should have elaborated more in my initial post because no one has replied yet.

How can I connect this computer to the Internet to download DDS and make new logs? I am fresh out of clean devices to use and do not have access to another one. Sorry for this post, very hard to do this from a phone.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:00 AM

Posted 12 April 2013 - 05:55 AM

Hello, my apologies for the delay.

Before investigating this issue two things:

1) is this a home or work computer? If it is a home computer, then do not connect it to any work network that might be infected, this will undo any repair we may make.

2) does this computer make part of a network? If so you'll need to inform the appropriate network admin because the problem is not only with your computer, but much larger (meaning for short that the network server needs to be cleaned and all terminals reimaged).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 08:05 AM

Hi there, thanks for replying!

This computer we bought used a few years ago from a computer store. It had vista business or nt. We rarely used this computer. We are just a family, with kids. The children have never used this computer, but they had their own net books which are also infected.

Since I first posted this log, I have sent the computer back to the store THREE times because I don't even get connected to the Internet and I can see the problem is still there.

In desperation I bought a brand new computer from that store on Monday and it was infected prior to me getting on a single website.

i also purchased a new router, I had the wireless cards disabled, and upon getting to the router setup screen, by the time I had changed the router passwords, it had been hacked!

I used my new computer with an ethernet cord to quickly download rkill and about thirty potential programs that you guys recommend. Many of the downloads were successful but the computer was running full bore, 100 % CPU and basically unfunctioning.

I went to a new computer repair store recommended by my ISP and they said the other company didn't format it right so i paid this new computer store another 250 dollars to reformat and install the OS plus ESET nod antivirus and a set of burned recovery disks on the brand new computer!recovery disk. I received the new laptop yesterday afternoon when I dropped off the laptop in the scans above to be properly formatted for the fourth time.

I was at the store for an hour, I looked at the settings on their display units, in cmd, and they answered my questions saying I am way too paranoid about this, that the brand new computer was infected but it is fine now,

I even forced them to go through netsh ras, netstat -a and device manager. There were all the usual suspicious network adapters on the computer still but they to me it was normal, these came from the boot disk of the brand new Asus machine. I am paranoid etc. they kept saying. i told them that strange files get added to usbs and disk drives, and there are hidden Partitions. they smugly told me i didnt know what i was talking about, that dollar signs happen to file names if they are corrupted during a partial uninstall etc. So then they loaded malware bytes and ESET while I watched, said you are 100 percent protected. I sheepishly left the original laptop(the one the dds logs were made from) when I left so they could format and reinstall it AGAIN.

At this point, I was feeling really bad about myself, questioning if I really am hysterical and paranoid. I decide to run the ESET scan while I drive home to make sure it is protected. As soon as I opened the lid, I knew this new computer was still infected! The screen said loading update 120 of 120 for windows. Then it said configuring windows, do not turn off.
I looked in control panel, remote connection manager- allow remote connections box was enabled already.the installed programs are windows live active x control for remote connections, Microsoft server programs, synaptic pointing devices, etc etc.
I put the settings if the ESET scan to the highest, and the scan was spitting out errors and could not access files like page file.sys recyclebin etc. as they are in use. It froze almost immediately. I could not run the scan. It worked if I rebooted in safe mode somewhat. There are so many RISKY changes to the computer, and the registry And settings. Without getting into any more detail, it is just as comprised as all of the computers we have in our home. I have four laptops that are non-functioning, and two additional net books. I am so frustrated with this infection.

From what I can see with my limited knowledge of computers is there is remote server syncing all my files automatically, there is a key logger and gps coordinate locator on my other Samsung 64 bit computer and remote photo webcam video capture logs. They are all infected with pretty much the same programs in varying degrees of severity. One stepson did download torrent and lime wire on his old netbook about two years ago and did not tell us. He has a macbook now so when I tried to track the origination down, I dragged out his old net book from the closet and noticed those programs and the same changes to The OS. It must have started this ball rolling to the disaster we are now in.

In short, we are just a family of three who do do not surf risky sites, nor do we have a corporate network, or servers or use file sharing programs.

As much as I hate this situation we are in, I do think that there is some relief that you can see there is a real problem in those logs and I am not just paranoid! Lol

I will boot up the brand new laptop and try to connect and post the dds logs for it. Or do you think I should post the dds logs for all four laptops? I have two other laptops that we used for our self employment and personal use until they became too contaminated. I am hoping I can get all four laptops cleaned from thus infection?

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:00 AM

Posted 14 April 2013 - 08:33 AM

I'm sorry, but from what you say I have to conclude the same: your computer doesn't seem infected. None of the problems you mention are anything that shouldn't be happen on a computer and your DDS log tells me the same. Because I encounter more people who are not sure about their computer's safety and possible suspicious behavior, I put up this post.

 

Just to ensure everything is fine we can run a rootkit scan.

 

 

 

Please download GMER from one of the following locations and save it to your desktop:
 

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    GMER2new_zpsdd936679.jpg
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:


  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 10:27 AM

Hi there, I cannot boot the computer in regular mode so I did these scans in safe mode only.  I hope this is ok. Here are the dds and gmer scans in safe mode on the brand new computer, reformatted and reinstalled with Windows 7 premium yesterday by the 2nd compDDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16421
Run by user at 11:05:20 on 2013-04-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4000.3409 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{FD8C1952-59A1-476A-86CC-5978B11B7C7D} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-4 76912]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
S1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-4-13 379520]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-3-21 1341664]
S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-1-10 139768]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-13 2656280]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-4 317440]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-4-13 1838656]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-14 13:46:32 -------- d-----w- C:\ASUS WebStorage
2013-04-14 13:34:10 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-04-14 13:21:24 -------- d-----w- C:\Users\user\AppData\Local\Google
2013-04-13 20:31:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-04-13 20:30:58 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-04-13 20:30:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-04-13 20:30:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-04-13 20:30:23 -------- d-----w- C:\Program Files\ESET
2013-04-13 20:26:55 -------- d-----w- C:\Users\user\AppData\Roaming\ASUS WebStorage
2013-04-13 20:03:18 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-04-13 20:01:46 379520 ----a-w- C:\Windows\System32\FBAgent.exe
2013-04-13 20:01:29 520192 ----a-w- C:\Windows\SysWow64\ASUS_Screensaver.scr
2013-04-13 20:01:29 -------- d-----w- C:\Windows\SysWow64\ASUS_Screensaver dir
2013-04-13 20:01:26 3058304 ----a-w- C:\Windows\AsScrPro.exe
2013-04-13 20:01:19 162456 ----a-w- C:\Windows\SysWow64\ACEngSvr.exe
2013-04-13 20:01:06 217216 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll
2013-04-13 20:00:53 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2013-04-13 20:00:51 -------- d-----w- C:\ProgramData\P4G
2013-04-13 20:00:51 -------- d-----w- C:\Program Files\ASUS
2013-04-13 20:00:27 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll
2013-04-13 20:00:27 1838656 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2013-04-13 20:00:26 -------- d-----w- C:\ProgramData\Ralink Driver
2013-04-13 20:00:09 -------- d-----w- C:\ProgramData\SonicFocus
2013-04-13 20:00:05 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-04-13 20:00:05 -------- d-----w- C:\Program Files\Realtek
2013-04-13 19:57:32 -------- d-----w- C:\ProgramData\AmUStor
2013-04-13 19:57:32 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
2013-04-13 19:56:38 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2013-04-13 19:56:25 -------- d-----w- C:\Program Files\Synaptics
2013-04-13 19:55:55 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-04-13 19:55:49 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-04-13 19:55:45 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-04-13 19:55:36 -------- d-----w- C:\Program Files\Common Files\Intel
2013-04-13 19:55:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-04-13 19:54:29 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-04-13 19:54:17 -------- d-----w- C:\Intel
2013-04-13 19:52:55 180736 ----a-w- C:\Windows\System32\ifsutil.dll
2013-04-13 19:52:55 148992 ----a-w- C:\Windows\SysWow64\ifsutil.dll
2013-04-13 19:52:27 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-04-13 19:47:08 -------- d-----w- C:\eSupport
2013-04-13 19:45:51 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02A314F1-6539-47E1-B4FB-81D65EB3D6D5}\mpengine.dll
2013-04-13 19:45:50 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 19:36:32 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2013-04-13 19:35:58 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-13 19:35:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-13 19:35:55 -------- d-----w- C:\Users\user\AppData\Local\Programs
2013-04-13 19:35:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-13 18:03:18 387 ----a-w- C:\Users\user\AppData\Roaming\sp_data.sys
2013-04-13 18:02:44 -------- d-----w- C:\Users\user\AppData\Local\Power2Go
2013-04-13 18:02:11 -------- d-----w- C:\Users\user\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2013-02-20 15:07:38 213416 ----a-w- C:\Windows\System32\drivers\eamonm.sys
.
============= FINISH: 11:05:52.46 ===============
 
Attach log.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 4/13/2013 1:59:26 PM
System Uptime: 4/14/2013 11:01:58 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | K54C
Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU 1 | 2195/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 125 GiB total, 92.74 GiB free.
D: is FIXED (NTFS) - 148 GiB total, 147.969 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_5390&SUBSYS_E054105B&REV_00\0000030D678518C000
Manufacturer: Ralink Technology, Corp.
Name: 802.11n Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_5390&SUBSYS_E054105B&REV_00\0000030D678518C000
Service: netr28x
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ehdrv
Device ID: ROOT\LEGACY_EHDRV\0000
Manufacturer: 
Name: ehdrv
PNP Device ID: ROOT\LEGACY_EHDRV\0000
Service: ehdrv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP15: 4/13/2013 3:45:32 PM - Windows Update
RP14: 4/13/2013 4:30:28 PM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Alcor Micro USB Card Reader
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
ATK Package
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
ESET NOD32 Antivirus
Fast Boot
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
InstantOn for NB
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSVCRT_amd64
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Sonic Focus
Synaptics Pointing Device Driver
Tweaking.com - Windows Repair (All in One)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
4/14/2013 11:02:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/14/2013 11:02:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/14/2013 11:02:31 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/14/2013 11:02:24 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/14/2013 11:02:19 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ATKWMIACPIIO discache eamonm ehdrv spldr Wanarpv6
4/13/2013 9:24:53 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-ReliabilityAnalysisComponent/Operational.
4/13/2013 9:19:00 PM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  %%-2147024891
4/13/2013 9:18:33 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
4/13/2013 9:16:50 PM, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  Access is denied.
4/13/2013 6:42:31 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
4/13/2013 6:22:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/13/2013 6:13:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/13/2013 6:13:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/13/2013 6:13:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD ATKWMIACPIIO DfsC discache eamonm ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/13/2013 6:13:34 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/13/2013 6:04:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
4/13/2013 4:30:26 PM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/13/2013 11:02:20 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-WPD-MTPClassDriver/Operational.
4/13/2013 11:02:20 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-WPD-CompositeClassDriver/Operational.
4/13/2013 11:02:20 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-WPD-ClassInstaller/Operational.
4/13/2013 11:02:20 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Wired-AutoConfig/Operational.
4/13/2013 11:02:20 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Winsock-WS2HELP/Operational.
4/13/2013 11:02:20 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-WinRM/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-WFP/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-WER-Diag/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-VHDMP/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-VDRVROOT/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-UAC/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-UAC-FileVirtualization/Operational.
4/13/2013 11:02:19 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-TZUtil/Operational.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Security-Audit-Configuration-Client/Operational.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Resource-Leak-Diagnostic/Operational.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-RemoteAssistance/Operational.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-RemoteAssistance/Admin.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-RemoteApp and Desktop Connections/Admin.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Recovery/Operational.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-ReadyBoostDriver/Operational.
4/13/2013 11:02:18 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-ReadyBoost/Operational.
4/13/2013 11:02:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-PowerShell/Operational.
4/13/2013 11:02:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-PeopleNearMe/Operational.
4/13/2013 11:02:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-NTLM/Operational.
4/13/2013 11:02:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-NlaSvc/Operational.
4/13/2013 11:02:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-NetworkProfile/Operational.
4/13/2013 11:02:16 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-MemoryDiagnostics-Results/Debug.
4/13/2013 11:02:16 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-MCT/Operational.
4/13/2013 11:02:16 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Kernel-WDI/Operational.
4/13/2013 11:02:16 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Iphlpsvc/Operational.
4/13/2013 11:02:16 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-International-RegionalOptionsControlPanel/Operational.
4/13/2013 11:02:16 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-IKE/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-HomeGroup Listener Service/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-HomeGroup Control Panel/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Forwarding/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Folder Redirection/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-FMS/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Fault-Tolerant-Heap/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-EventCollector/Operational.
4/13/2013 11:02:15 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-EapHost/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-DiskDiagnosticResolver/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-DiskDiagnostic/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnostics-Performance/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnostics-Networking/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnosis-Scripted/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnosis-Scripted/Admin.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnosis-PLA/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Diagnosis-PCW/Operational.
4/13/2013 11:02:14 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-DhcpNap/Admin.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-DeviceSync/Operational.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-DateTimeControlPanel/Operational.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-CorruptedFileRecovery-Server/Operational.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-CorruptedFileRecovery-Client/Operational.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-CodeIntegrity/Operational.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Bluetooth-MTPEnum/Operational.
4/13/2013 11:02:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Bits-Client/Operational.
4/13/2013 11:02:12 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Backup.
4/13/2013 11:02:12 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-AppLocker/MSI and Script.
4/13/2013 11:02:12 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-AppLocker/EXE and DLL.
4/13/2013 11:02:12 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-AppID/Operational.
4/13/2013 11:02:12 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-API-Tracing/Operational.
.
==== End Of File ===========================
 
Safe mode quick scan gmer
 
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-14 11:18:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 298.09GB
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapob.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       00000000759b1465 2 bytes [9B, 75]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000759b14bb 2 bytes [9B, 75]
.text  ...                                                                                                                             * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      0000000077e6f991 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15     0000000077e6f99b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           0000000077e6fbd5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15          0000000077e6fbdf 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               0000000077e6fc05 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15              0000000077e6fc0f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        0000000077e6fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15       0000000077e6fc27 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          0000000077e6fc35 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15         0000000077e6fc3f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        0000000077e6fc65 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15       0000000077e6fc6f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         0000000077e6fce5 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15        0000000077e6fcef 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        0000000077e6fcfd 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15       0000000077e6fd07 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  0000000077e6fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                 0000000077e6fd53 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       0000000077e6fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15      0000000077e6fe4b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077e70099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15               0000000077e700a3 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          0000000077e710a5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15         0000000077e710af 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                0000000077e7111d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15               0000000077e71127 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077e71321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15  0000000077e7132b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       00000000759b1465 2 bytes [9B, 75]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000759b14bb 2 bytes [9B, 75]
.text  ...                                                                                                                             * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      0000000077e6f991 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15     0000000077e6f99b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           0000000077e6fbd5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15          0000000077e6fbdf 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               0000000077e6fc05 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15              0000000077e6fc0f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        0000000077e6fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15       0000000077e6fc27 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          0000000077e6fc35 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15         0000000077e6fc3f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        0000000077e6fc65 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15       0000000077e6fc6f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         0000000077e6fce5 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15        0000000077e6fcef 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        0000000077e6fcfd 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15       0000000077e6fd07 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  0000000077e6fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                 0000000077e6fd53 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       0000000077e6fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15      0000000077e6fe4b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077e70099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15               0000000077e700a3 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          0000000077e710a5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15         0000000077e710af 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                0000000077e7111d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15               0000000077e71127 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077e71321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15  0000000077e7132b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       00000000759b1465 2 bytes [9B, 75]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000759b14bb 2 bytes [9B, 75]
.text  ...                                                                                                                             * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5       0000000077e6f991 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15      0000000077e6f99b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5            0000000077e6fbd5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15           0000000077e6fbdf 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                0000000077e6fc05 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15               0000000077e6fc0f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5         0000000077e6fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15        0000000077e6fc27 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5           0000000077e6fc35 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15          0000000077e6fc3f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5         0000000077e6fc65 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15        0000000077e6fc6f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5          0000000077e6fce5 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15         0000000077e6fcef 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5         0000000077e6fcfd 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15        0000000077e6fd07 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                   0000000077e6fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                  0000000077e6fd53 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5        0000000077e6fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15       0000000077e6fe4b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                 0000000077e70099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                0000000077e700a3 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5           0000000077e710a5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15          0000000077e710af 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                 0000000077e7111d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                0000000077e71127 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5    0000000077e71321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15   0000000077e7132b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        00000000759b1465 2 bytes [9B, 75]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000759b14bb 2 bytes [9B, 75]
.text  ...                                                                                                                             * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        00000000759b1465 2 bytes [9B, 75]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000759b14bb 2 bytes [9B, 75]
.text  ...                                                                                                                             * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5       0000000077e6f991 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15      0000000077e6f99b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5            0000000077e6fbd5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15           0000000077e6fbdf 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                0000000077e6fc05 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15               0000000077e6fc0f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5         0000000077e6fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15        0000000077e6fc27 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5           0000000077e6fc35 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15          0000000077e6fc3f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5         0000000077e6fc65 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15        0000000077e6fc6f 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5          0000000077e6fce5 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15         0000000077e6fcef 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5         0000000077e6fcfd 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15        0000000077e6fd07 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                   0000000077e6fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                  0000000077e6fd53 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5        0000000077e6fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15       0000000077e6fe4b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                 0000000077e70099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                0000000077e700a3 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5           0000000077e710a5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15          0000000077e710af 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                 0000000077e7111d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                0000000077e71127 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5    0000000077e71321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15   0000000077e7132b 1 byte [90]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        00000000759b1465 2 bytes [9B, 75]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000759b14bb 2 bytes [9B, 75]
.text  ...                                                                                                                             * 2
 
---- EOF - GMER 2.1 ----
 
 

uter store.



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:00 AM

Posted 14 April 2013 - 11:31 AM

That all looks clean. Have you been able at all to boot in normal mode since you installed Windows 7?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 12:31 PM

Hi. I was finally able to run in normal mode and decided to run RKill that I just downloaded this morning. It has been "killing" processes for the last fifteen minutes and shows no sign of stopping. For some reason my desktop was blank and the dds logs and gmer logs and the programs I downloaded from bleeping computer were missing. I did eventually find them in computer, users, downloads. When I started RKill.exe as administrator, it would not work, do I renamed it and it still wouldn't run. I then copied and pasted it into a different folder and then it ran. It has been scrolling down and stopping processes in winsxs, shells etc etc. for at least fifteen minutes. This will be the longest RKill log in history if it actually completes. I am afraid I won't find it as it says the desktop is missing or may be in use by another user or process. any log I try to put on the desktop will not save. I did run the eset sys inspector and it has hundreds of files that are in orange or red, saying they are risky. Would you like me to post the RKill log if it completes? There is something very very definitely wrong with this computer, the CPU use is 100% use with no fluctuations right now as I watch it.
PS the RKill log is complete, it took 32 minutes to complete the scan. And the entire time it was scrolling entries down. Is this normal?

#11 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 01:40 PM

Hi there, the computer is definitely not stable, it hung up and would not let me connect to the internet. I had to restart in safe mode. Here is the Rkill log that I just ran earlier this afternoon. Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/14/2013 12:54:08 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\system32\SearchIndexer.exe (PID: 2032) [WD-HEUR] * C:\Windows\system32\mmc.exe (PID: 3996) [WD-HEUR] * C:\Windows\system32\prevhost.exe (PID: 1480) [WD-HEUR] * C:\Windows\system32\mmc.exe (PID: 1388) [WD-HEUR] * C:\Windows\system32\mmc.exe (PID: 3344) [WD-HEUR] * C:\Users\user\Downloads\rkill.exe (PID: 2928) [UP-HEUR] * C:\Users\user\Downloads\rkill.exe (PID: 3172) [UP-HEUR] * C:\Windows\system32\taskmgr.exe (PID: 1904) [WD-HEUR] * C:\Users\user\Downloads\rkill64.exe (PID: 1456) [UP-HEUR] * C:\Users\user\Downloads\rkill64-2981.exe (PID: 2284) [UP-HEUR] 10 proccesses terminated! Possibly Patched Files. * C:\Windows\system32\csrss.exe * C:\Windows\system32\csrss.exe * C:\Windows\system32\wininit.exe * C:\Windows\system32\winlogon.exe * C:\Windows\system32\services.exe * C:\Windows\system32\lsass.exe * C:\Windows\system32\lsm.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\System32\svchost.exe * C:\Windows\System32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\System32\spoolsv.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\Dwm.exe * C:\Windows\Explorer.EXE * C:\Windows\system32\svchost.exe * C:\Windows\System32\svchost.exe * C:\Windows\system32\conhost.exe * C:\Windows\system32\conhost.exe * C:\Windows\system32\conhost.exe Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\user\Desktop\rkill\rkill-04-14-2013-12-56-56.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Automatic Searching for Missing Digital Signatures: * C:\Windows\System32\browser.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll : 136,192 : 07/13/2009 09:40 PM : 94fbc06f294d58d02361918418f996e3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll : 136,192 : 11/20/2010 09:25 AM : 8ef0d5c41ec907751b8429162b1239ed [Pos Repl] * C:\Windows\System32\cngaudit.dll [NoSig] +-> C:\Windows\SysWOW64\cngaudit.dll : 12,288 : 07/13/2009 09:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll : 18,944 : 07/13/2009 09:40 PM : 86fe1b1f8fd42cd0db641ab1cdb13093 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll : 12,288 : 07/13/2009 09:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl] * C:\Windows\System32\comctl32.dll [NoSig] +-> C:\Windows\SysWOW64\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll : 633,856 : 07/13/2009 09:40 PM : 7e8ab50ab7f2f81f30dcc8a98025b73a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll : 633,856 : 11/20/2010 09:26 AM : 14dfdeaf4e589ed3f1ff187a86b9408c [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll : 633,856 : 07/13/2009 09:40 PM : 7e8ab50ab7f2f81f30dcc8a98025b73a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll : 633,856 : 11/20/2010 09:26 AM : 14dfdeaf4e589ed3f1ff187a86b9408c [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll : 2,030,080 : 07/13/2009 09:24 PM : c093e7835c1372d6d70a6675edaa97b5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll : 2,030,080 : 11/20/2010 09:51 AM : 7fa8fdc2c2a27817fd0f624e78d3b50c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll : 530,432 : 07/13/2009 09:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll : 530,432 : 07/13/2009 09:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll : 1,680,896 : 07/13/2009 09:03 PM : 0fa436a553408cbeba070e3182658de3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll : 1,680,896 : 11/20/2010 09:55 AM : 352b3dc62a0d259a82a052238425c872 [Pos Repl] * C:\Windows\System32\comres.dll [NoSig] +-> C:\Windows\SysWOW64\comres.dll : 1,297,408 : 07/13/2009 09:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll : 1,297,408 : 07/13/2009 09:26 PM : 1a47d52e303b7543e4e6026595b95422 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll : 1,297,408 : 07/13/2009 09:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl] * C:\Windows\System32\conhost.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16385_none_d050b8f81bcacc5a\conhost.exe : 338,432 : 07/13/2009 09:39 PM : f64e8258351e501aa065ac499530367c [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16816_none_d09d72341b9113dd\conhost.exe : 338,944 : 02/18/2012 09:58 AM : 4e61a3edd4f8b6b8278c54e15a5eef34 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16823_none_d08fa16a1b9be3c9\conhost.exe : 338,944 : 02/18/2012 09:59 AM : dd2ce830345301d6817b9c4646e90d15 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16850_none_d06c30c81bb6eb97\conhost.exe : 338,432 : 02/18/2012 09:02 AM : f0d1646162fb07476cccf62edb034b8b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20978_none_d0e8300b34dd8dfb\conhost.exe : 338,944 : 02/18/2012 09:58 AM : 410d122273d8b4b6282d2b555ef064f7 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20995_none_d0cf8f5534f079d8\conhost.exe : 338,432 : 02/18/2012 09:02 AM : fef07d3376cc5ee6198cc45537d35d5f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe : 337,920 : 11/20/2010 09:24 AM : bd51024fb014064bc9fe8c715c18392f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17617_none_d284cf8418b69920\conhost.exe : 338,432 : 02/18/2012 09:58 AM : 28b04ed2c7f75723b1b4fc490f8a20d4 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17625_none_d277ff0418c08263\conhost.exe : 338,944 : 02/18/2012 09:59 AM : 0781b335c421a785520037365897f1bf [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17641_none_d25e5e0418d454e9\conhost.exe : 338,432 : 02/18/2012 09:02 AM : 448bf22538f1dfcb3412ae2b1cf123a9 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21728_none_d3049cad31db6e32\conhost.exe : 338,432 : 02/18/2012 09:58 AM : 5b738b95803cf1fd00cd8c5477dfbeae [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21738_none_d2f9ccc131e38a23\conhost.exe : 338,944 : 02/18/2012 09:59 AM : 13a1c354d7db71a4cd7da8eb4c760dae [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_d2e22c5531f58f57\conhost.exe : 338,432 : 02/18/2012 09:02 AM : e86156efe7acd220dc5e705f1f735e05 [Pos Repl] * C:\Windows\System32\cryptsvc.dll [NoSig] +-> C:\Windows\SysWOW64\cryptsvc.dll : 136,192 : 11/20/2010 09:18 AM : a585bebf7d054bd9618eda0922d5484a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll : 175,104 : 07/13/2009 09:40 PM : 8c57411b66282c01533cb776f98ad384 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll : 177,152 : 11/20/2010 09:26 AM : 15597883fbe9b056f276ada3ad87d9af [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll : 135,680 : 07/13/2009 09:15 PM : 9c231178ce4fb385f4b54b0a9080b8a4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll : 136,192 : 11/20/2010 09:18 AM : a585bebf7d054bd9618eda0922d5484a [Pos Repl] * C:\Windows\System32\csrss.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe : 7,680 : 07/13/2009 09:39 PM : 60c2862b4bf0fd9f582ef344c2b1ec72 [Pos Repl] * C:\Windows\System32\ctfmon.exe [NoSig] +-> C:\Windows\SysWOW64\ctfmon.exe : 8,704 : 07/13/2009 09:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe : 9,728 : 07/13/2009 09:39 PM : 42b6a94dd747df2b5f628a2752e62a98 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe : 8,704 : 07/13/2009 09:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl] * C:\Windows\System32\d3d8thk.dll [NoSig] +-> C:\Windows\SysWOW64\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d8thk.dll : 12,288 : 07/13/2009 09:40 PM : 3044d07abdf4bbea27e2ee7b1e0c0c65 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d8thk.dll : 12,288 : 07/13/2009 09:40 PM : 3044d07abdf4bbea27e2ee7b1e0c0c65 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl] * C:\Windows\System32\d3d9.dll [NoSig] +-> C:\Windows\SysWOW64\d3d9.dll : 1,828,352 : 11/20/2010 09:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d9.dll : 2,065,920 : 07/13/2009 09:40 PM : 318285f1590c4484e3253ba2b189d2df [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d9.dll : 2,067,456 : 11/20/2010 09:26 AM : 4c3daee652b005b483f16b8e9131c99d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll : 1,826,816 : 07/13/2009 09:15 PM : 7459301d21c2e21468823f73042d9f87 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll : 1,828,352 : 11/20/2010 09:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl] * C:\Windows\System32\ddraw.dll [NoSig] +-> C:\Windows\SysWOW64\ddraw.dll : 531,968 : 07/13/2009 09:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564\ddraw.dll : 569,344 : 07/13/2009 09:40 PM : a6c09924c6730de8deed9890a12aa691 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll : 531,968 : 07/13/2009 09:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl] * C:\Windows\System32\dllhost.exe [NoSig] +-> C:\Windows\SysWOW64\dllhost.exe : 7,168 : 07/13/2009 09:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe : 9,728 : 07/13/2009 09:39 PM : a8edb86fc2a4d6d1285e4c70384ac35a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7,168 : 07/13/2009 09:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl] * C:\Windows\System32\drivers\afd.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys : 500,224 : 07/13/2009 07:21 PM : b9384e03479d2506bc924c16a3db87bc [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys : 499,712 : 02/18/2012 07:55 AM : 6ef20ddf3172e97d69f596fb90602f29 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys : 499,712 : 02/18/2012 07:55 AM : fbff8b7c9d116229e9208a0d1caeb49b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys : 499,712 : 11/20/2010 07:23 AM : d31dc7a16dea4a9baf179f3d6fbdb38c [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys : 499,200 : 02/18/2012 07:55 AM : d5b031c308a409a0a576bff4cf083d30 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys : 499,200 : 02/18/2012 07:55 AM : f4ad06143eac303f55d0e86c40802976 [Pos Repl] * C:\Windows\System32\drivers\asyncmac.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys : 23,040 : 07/13/2009 08:10 PM : 769765ce2cc62867468cea93969b2242 [Pos Repl] * C:\Windows\System32\drivers\beep.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys : 6,656 : 07/13/2009 08:00 PM : 16a47ce2decc9b099349a5f840654746 [Pos Repl] * C:\Windows\System32\drivers\bridge.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridge.sys : 95,232 : 07/13/2009 09:01 PM : 5c2f352a4e961d72518261257aae204b [Pos Repl] * C:\Windows\System32\drivers\bthport.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthport.sys : 552,960 : 02/18/2012 00:56 AM : 64c198198501f7560ee41d8d1efa7952 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\bthport.sys : 552,448 : 11/20/2010 00:44 AM : 0d25b6d300ba26a5f2c3b2a8e96b158b [Pos Repl] +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.16385_none_ce39b5e2d5423e3c\bthport.sys : 551,936 : 07/13/2009 08:06 PM : a51fa9d0e85d5adabef72e67f386309c [Pos Repl] +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.16805_none_ce903ec0d5015077\bthport.sys : 552,448 : 02/18/2012 08:56 AM : 21084ceb85280468c9aca3c805c0f8cf [Pos Repl] +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.20955_none_cee3cbefee477bf6\bthport.sys : 552,448 : 02/18/2012 08:56 AM : 538392664fee486620dfea146f2500bc [Pos Repl] +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\bthport.sys : 552,448 : 11/20/2010 08:44 AM : 0d25b6d300ba26a5f2c3b2a8e96b158b [Pos Repl] +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_d0789c5ad225ef11\bthport.sys : 552,960 : 02/18/2012 08:56 AM : 64c198198501f7560ee41d8d1efa7952 [Pos Repl] +-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_d0f668efeb4c9175\bthport.sys : 552,960 : 02/18/2012 08:56 AM : 9f88e8f37c7d432a2ecaf24ee4e4714f [Pos Repl] * C:\Windows\System32\drivers\cdfs.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d\cdfs.sys : 92,160 : 07/13/2009 07:19 PM : b8bd2bb284668c84865658c77574381a [Pos Repl] * C:\Windows\System32\drivers\cdrom.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys : 147,456 : 11/20/2010 00:19 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl] +-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys : 147,456 : 07/13/2009 07:19 PM : 83d2d75e1efb81b3450c18131443f7db [Pos Repl] +-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys : 147,456 : 11/20/2010 07:19 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl] * C:\Windows\System32\drivers\CmBatt.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\CmBatt.sys : 17,664 : 07/13/2009 07:31 PM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl] +-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\CmBatt.sys : 17,664 : 07/13/2009 07:31 PM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl] * C:\Windows\System32\drivers\drmkaud.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmkaud.sys : 5,632 : 07/13/2009 08:06 PM : 9b19f34400d24df84c858a421c205754 [Pos Repl] +-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmkaud.sys : 5,632 : 07/13/2009 08:06 PM : 9b19f34400d24df84c858a421c205754 [Pos Repl] * C:\Windows\System32\drivers\drmk.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmk.sys : 116,224 : 07/13/2009 09:01 PM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl] +-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmk.sys : 116,224 : 07/13/2009 09:01 PM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl] * C:\Windows\System32\drivers\dxapi.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-useros_31bf3856ad364e35_6.1.7600.16385_none_2963a67886ddf81e\dxapi.sys : 16,896 : 07/13/2009 07:38 PM : bf24d6f2ed97fe830bfd52b246f98e67 [Pos Repl] * C:\Windows\System32\drivers\dxg.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_04e0334574ce0f74\dxg.sys : 98,816 : 07/13/2009 07:38 PM : fede0629ecb23650d48989517d4914da [Pos Repl] * C:\Windows\System32\drivers\fastfat.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys : 204,800 : 07/13/2009 07:23 PM : 0adc83218b66a6db380c330836f3e36d [Pos Repl] * C:\Windows\System32\drivers\fdc.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\fdc.sys : 29,696 : 07/13/2009 08:00 PM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl] +-> C:\Windows\winsxs\amd64_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_5d86a514fa18ed1d\fdc.sys : 29,696 : 07/13/2009 08:00 PM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl] * C:\Windows\System32\drivers\flpydisk.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\flpydisk.sys : 24,576 : 07/13/2009 08:00 PM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl] +-> C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\flpydisk.sys : 24,576 : 07/13/2009 08:00 PM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl] * C:\Windows\System32\drivers\hidclass.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidclass.sys : 76,800 : 11/20/2010 08:43 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl] +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidclass.sys : 76,288 : 07/13/2009 08:06 PM : 685fec2407fc121eb937cb658b3c0f35 [Pos Repl] +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidclass.sys : 76,800 : 11/20/2010 08:43 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl] * C:\Windows\System32\drivers\hidparse.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl] +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl] +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl] * C:\Windows\System32\drivers\hidusb.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidusb.sys : 30,208 : 11/20/2010 08:43 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl] +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidusb.sys : 30,208 : 07/13/2009 08:06 PM : b3bf6b5b50006def50b66306d99fcf6f [Pos Repl] +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidusb.sys : 30,208 : 11/20/2010 08:43 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl] * C:\Windows\System32\drivers\http.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7600.16385_none_08b5edf0328bf3bf\http.sys : 751,616 : 07/13/2009 07:22 PM : cee049cac4efa7f4e1e4ad014414a5d4 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys : 753,664 : 11/20/2010 07:25 AM : 0ea7de1acb728dd5a369fd742d6eee28 [Pos Repl] * C:\Windows\System32\drivers\i8042prt.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl] +-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl] +-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl] +-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl] * C:\Windows\System32\drivers\intelppm.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\intelppm.sys : 62,464 : 07/13/2009 07:19 PM : ada036632c664caa754079041cf1f8c1 [Pos Repl] +-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\intelppm.sys : 62,464 : 07/13/2009 07:19 PM : ada036632c664caa754079041cf1f8c1 [Pos Repl] * C:\Windows\System32\drivers\ipfltdrv.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7600.16385_none_435e758fd8e07660\ipfltdrv.sys : 82,944 : 07/13/2009 08:10 PM : 722dd294df62483cecaae6e094b4d695 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7601.17514_none_458f8957d5cef9fa\ipfltdrv.sys : 82,944 : 11/20/2010 08:52 AM : c9f0e1bd74365a8771590e9008d22ab6 [Pos Repl] * C:\Windows\System32\drivers\ipnat.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_b70d093f950ce2cf\ipnat.sys : 116,224 : 07/13/2009 08:10 PM : af9b39a7e7b6caa203b3862582e9f2d0 [Pos Repl] * C:\Windows\System32\drivers\irenum.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-irdaircomm_31bf3856ad364e35_6.1.7600.16385_none_84866db23e5a6f30\irenum.sys : 17,920 : 07/13/2009 08:08 PM : 3abf5e7213eb28966d55d58b515d5ce9 [Pos Repl] * C:\Windows\System32\drivers\ks.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16385_none_b375b3feaf9521f4\ks.sys : 243,200 : 07/13/2009 08:00 PM : 3e099cc843c4233e5af147c8ea8ba32b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e\ks.sys : 243,712 : 11/20/2010 08:33 AM : 24fbf5cc5c04150073c315a7c83521ee [Pos Repl] * C:\Windows\System32\drivers\mcd.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_249a5cc1e06b4240\mcd.sys : 22,016 : 07/13/2009 08:01 PM : 3c9f072f9dca856b9fb7a20cbd4281ac [Pos Repl] * C:\Windows\System32\drivers\modem.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_8bf97498085ce154\modem.sys : 40,448 : 07/13/2009 08:10 PM : 800ba92f7010378b09f9ed9270f07137 [Pos Repl] * C:\Windows\System32\drivers\mouhid.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys : 31,232 : 07/13/2009 08:00 PM : d3bf052c40b0c4166d9fd86a4288c1e6 [Pos Repl] +-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys : 31,232 : 07/13/2009 08:00 PM : d3bf052c40b0c4166d9fd86a4288c1e6 [Pos Repl] * C:\Windows\System32\drivers\mrxdav.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7600.16385_none_709fd6dedf6cab41\mrxdav.sys : 140,800 : 07/13/2009 07:23 PM : 30524261bb51d96d6fcbac20c810183c [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_72d0eaa6dc5b2edb\mrxdav.sys : 140,800 : 11/20/2010 07:26 AM : dc722758b8261e1abafd31a3c0a66380 [Pos Repl] * C:\Windows\System32\drivers\mrxsmb.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_db865edc6ace75ca\mrxsmb.sys : 157,184 : 07/13/2009 07:24 PM : cfdcd8ca87c2a657debc150ac35b5e08 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16765_none_db9c064c6abe3284\mrxsmb.sys : 157,696 : 02/18/2012 07:44 AM : b7f3d2c40bdf8ffb73ebfb19c77734e2 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_dbdfe8986a8ad40a\mrxsmb.sys : 157,696 : 02/18/2012 07:54 AM : 040d62a9d8ad28922632137acdd984f2 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20907_none_dc68851983a95a7d\mrxsmb.sys : 158,208 : 02/18/2012 07:44 AM : be3a495095cd3307de152efdac946c2a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_dc34761183d018e0\mrxsmb.sys : 158,208 : 02/18/2012 07:54 AM : 629086cabfdfbe0af7253cb6a494e35a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_ddb772a467bcf964\mrxsmb.sys : 158,208 : 11/20/2010 07:27 AM : faf015b07e3a2874a790a39b7d2c579f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_dd82635267e49e70\mrxsmb.sys : 158,208 : 02/18/2012 07:44 AM : c2b4651001a867ff3f8865863b592991 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_ddc344c067b3f3f1\mrxsmb.sys : 158,208 : 02/18/2012 07:54 AM : a5d9106a73dc88564c825d317cac68ac [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_de0d006781015791\mrxsmb.sys : 158,208 : 02/18/2012 07:44 AM : cd291e3c21c61e17972dfaf8e2e2e5da [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_de41115580da9655\mrxsmb.sys : 158,208 : 02/18/2012 07:54 AM : 8d841161a355809ef86819fd3c6361d3 [Pos Repl] * C:\Windows\System32\drivers\msfs.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42\msfs.sys : 26,112 : 07/13/2009 07:19 PM : aa3fb40e17ce1388fa1bedab50ea8f96 [Pos Repl] * C:\Windows\System32\drivers\MSKSSRV.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mskssrv.sys : 11,136 : 07/13/2009 08:00 PM : 49ccf2c4fea34ffad8b1b59d49439366 [Pos Repl] * C:\Windows\System32\drivers\MSPCLOCK.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspclock.sys : 7,168 : 07/13/2009 08:00 PM : bdd71ace35a232104ddd349ee70e1ab3 [Pos Repl] * C:\Windows\System32\drivers\MSPQM.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspqm.sys : 6,784 : 07/13/2009 08:00 PM : 4ed981241db27c3383d72092b618a1d0 [Pos Repl] * C:\Windows\System32\drivers\ndistapi.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\ndistapi.sys : 24,064 : 07/13/2009 08:10 PM : 30639c932d9fef22b31268fe25a1b6e5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndistapi.sys : 24,064 : 07/13/2009 08:10 PM : 30639c932d9fef22b31268fe25a1b6e5 [Pos Repl] * C:\Windows\System32\drivers\ndisuio.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7600.16385_none_c7e5f96b008f2488\ndisuio.sys : 56,320 : 07/13/2009 08:09 PM : f105ba1e22bf1f2ee8f005d4305e4bec [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822\ndisuio.sys : 56,832 : 11/20/2010 08:50 AM : 136185f9fb2cc61e573e676aa5402356 [Pos Repl] * C:\Windows\System32\drivers\ndiswan.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_4f2d826870fbcef5\ndiswan.sys : 164,352 : 07/13/2009 08:10 PM : 557dfab9ca1fcb036ac77564c010dad3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_515e96306dea528f\ndiswan.sys : 164,352 : 11/20/2010 08:52 AM : 53f7305169863f0a2bddc49e116c2e11 [Pos Repl] * C:\Windows\System32\drivers\ndproxy.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\ndproxy.sys : 57,856 : 07/13/2009 08:10 PM : 659b74fb74b86228d6338d643cd3e3cf [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndproxy.sys : 57,856 : 11/20/2010 08:52 AM : 015c0d8e0e0421b4cfd48cffe2825879 [Pos Repl] * C:\Windows\System32\drivers\netbios.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\netbios.sys : 44,544 : 07/13/2009 08:09 PM : 86743d9f5d2b1048062b14b1d84501c4 [Pos Repl] * C:\Windows\System32\drivers\netbt.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys : 259,072 : 07/13/2009 07:21 PM : 9162b273a44ab9dce5b44362731d062a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys : 261,632 : 11/20/2010 07:23 AM : 09594d1089c523423b32a4229263f068 [Pos Repl] * C:\Windows\System32\drivers\npfs.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-npfs_31bf3856ad364e35_6.1.7600.16385_none_02667684369c39b6\npfs.sys : 44,032 : 07/13/2009 07:19 PM : 1e4c4ab5c9b8dd13179bbdc75a2a01f7 [Pos Repl] * C:\Windows\System32\drivers\null.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys : 6,144 : 07/13/2009 07:19 PM : 9899284589f75fa8724ff3d16aed75c1 [Pos Repl] * C:\Windows\System32\drivers\parport.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\parport.sys : 97,280 : 07/13/2009 08:00 PM : 0086431c29c35be1dbc43f52cc273887 [Pos Repl] +-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\parport.sys : 97,280 : 07/13/2009 08:00 PM : 0086431c29c35be1dbc43f52cc273887 [Pos Repl] * C:\Windows\System32\drivers\portcls.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\portcls.sys : 230,400 : 07/13/2009 08:06 PM : 32e11315b5126921ffd9074840ef13d3 [Pos Repl] +-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\portcls.sys : 230,400 : 07/13/2009 08:06 PM : 32e11315b5126921ffd9074840ef13d3 [Pos Repl] * C:\Windows\System32\drivers\processr.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\processr.sys : 60,416 : 07/13/2009 07:19 PM : 0d922e23c041efb1c3fac2a6f943c9bf [Pos Repl] +-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\processr.sys : 60,416 : 07/13/2009 07:19 PM : 0d922e23c041efb1c3fac2a6f943c9bf [Pos Repl] * C:\Windows\System32\drivers\rasacd.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys : 14,848 : 07/13/2009 08:10 PM : 5a0da8ad5762fa2d91678a8a01311704 [Pos Repl] * C:\Windows\System32\drivers\rasl2tp.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7600.16385_none_f5d13e44019f50ed\rasl2tp.sys : 130,048 : 07/13/2009 08:10 PM : 87a6e852a22991580d6d39adc4790463 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487\rasl2tp.sys : 129,536 : 11/20/2010 08:52 AM : 471815800ae33e6f1c32fb1b97c490ca [Pos Repl] * C:\Windows\System32\drivers\raspppoe.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.1.7600.16385_none_b22875c7b448dfbb\raspppoe.sys : 92,672 : 07/13/2009 08:10 PM : 855c9b1cd4756c5e9a2aa58a15f58c25 [Pos Repl] * C:\Windows\System32\drivers\raspptp.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7600.16385_none_f5e410800187e3c3\raspptp.sys : 111,616 : 07/13/2009 08:10 PM : 27cc19e81ba5e3403c48302127bda717 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7601.17514_none_f8152447fe76675d\raspptp.sys : 111,104 : 11/20/2010 08:52 AM : f92a2c41117a11a00be01ca01a7fcde9 [Pos Repl] * C:\Windows\System32\drivers\rdbss.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7600.16385_none_b5c9c9737b1a763b\rdbss.sys : 309,248 : 07/13/2009 07:24 PM : 3bac8142102c15d59a87757c1d41dce5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5\rdbss.sys : 309,248 : 11/20/2010 07:27 AM : 77f665941019a1594d887a74f301fa2f [Pos Repl] * C:\Windows\System32\drivers\rdpcdd.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_30d015c257effe8b\RDPCDD.sys : 7,680 : 07/13/2009 08:16 PM : cea6cc257fc9b7715f1c2b4849286d24 [Pos Repl] * C:\Windows\System32\drivers\rdpwd.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys : 204,800 : 07/13/2009 08:16 PM : 8a3e6bea1c53ea6177fe2b6eba2c80d7 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys : 210,944 : 11/20/2010 08:04 AM : 15b66c206b5cb095bab980553f38ed23 [Pos Repl] * C:\Windows\System32\drivers\rmcast.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7600.16385_none_b072bdd8a19c0617\rmcast.sys : 145,920 : 07/13/2009 08:09 PM : 77b3b747eb2413072b8e4306018d0c9b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_b2a3d1a09e8a89b1\rmcast.sys : 146,432 : 11/20/2010 08:49 AM : caf88d6573d21cd2aa27001ddbfdc74d [Pos Repl] * C:\Windows\System32\drivers\rndismp.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7600.16385_none_3d23a154a5966360\RNDISMP.sys : 41,472 : 07/13/2009 08:09 PM : fc6d5c50d846b795335deb3fce8b33f3 [Pos Repl] * C:\Windows\System32\drivers\rootmdm.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_f08d2472ee3ef611\rootmdm.sys : 11,264 : 07/13/2009 08:10 PM : 388d3dd1a6457280f3badba9f3acd6b1 [Pos Repl] * C:\Windows\System32\drivers\serenum.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serenum.sys : 23,552 : 07/13/2009 08:00 PM : cb624c0035412af0debec78c41f5ca1b [Pos Repl] +-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serenum.sys : 23,552 : 07/13/2009 08:00 PM : cb624c0035412af0debec78c41f5ca1b [Pos Repl] * C:\Windows\System32\drivers\serial.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys : 94,208 : 07/13/2009 08:00 PM : c1d8e28b2c2adfaec4ba89e9fda69bd6 [Pos Repl] +-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys : 94,208 : 07/13/2009 08:00 PM : c1d8e28b2c2adfaec4ba89e9fda69bd6 [Pos Repl] * C:\Windows\System32\drivers\sffdisk.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl] +-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.16385_none_00307aaa039afa70\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl] +-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7601.17514_none_02618e7200897e0a\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl] * C:\Windows\System32\drivers\sffp_sd.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\sffp_sd.sys : 14,336 : 11/20/2010 08:34 AM : dd85b78243a19b59f0637dcf284da63c [Pos Repl] +-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.16385_none_00307aaa039afa70\sffp_sd.sys : 14,336 : 07/13/2009 08:01 PM : 5588b8c6193eb1522490c122eb94dffa [Pos Repl] +-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7601.17514_none_02618e7200897e0a\sffp_sd.sys : 14,336 : 11/20/2010 08:34 AM : dd85b78243a19b59f0637dcf284da63c [Pos Repl] * C:\Windows\System32\drivers\sfloppy.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys : 16,896 : 07/13/2009 08:01 PM : a9d601643a1647211a1ee2ec4e433ff4 [Pos Repl] +-> C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys : 16,896 : 07/13/2009 08:01 PM : a9d601643a1647211a1ee2ec4e433ff4 [Pos Repl] * C:\Windows\System32\drivers\smclib.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft.windows.s...smart_card_library_31bf3856ad364e35_6.1.7600.16385_none_55f89e9f01688dc0\smclib.sys : 20,992 : 07/13/2009 08:00 PM : a80348ba03e96c70852959655ca3e084 [Pos Repl] * C:\Windows\System32\drivers\srv.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16385_none_35ec5b0210249e7c\srv.sys : 465,408 : 07/13/2009 07:25 PM : ec8f67289105bf270498095f14963464 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16765_none_3602027210145b36\srv.sys : 461,312 : 02/18/2012 07:43 AM : 148d50904d2a0df29a19778715eb35bb [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_3643e42a0fe2ca0e\srv.sys : 461,312 : 02/18/2012 07:54 AM : 2408c0366d96bcdf63e8f1c78e4a29c5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20907_none_36ce813f28ff832f\srv.sys : 460,288 : 02/18/2012 07:43 AM : d388ebd2314a31e7bb7474f9c101cd1a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_369771592928f58d\srv.sys : 460,800 : 02/18/2012 07:54 AM : cf6efaeb9eb9823a0d27ede6d1af662d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\srv.sys : 468,992 : 11/20/2010 07:28 AM : 2098b8556d1cec2aca9a29cd479e3692 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17565_none_37e85f780d3ac722\srv.sys : 467,456 : 02/18/2012 07:43 AM : 65bbf4920148c2ee279055da7228fc7b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_382c41c40d0768a8\srv.sys : 467,456 : 02/18/2012 07:54 AM : 441fba48bff01fdb9d5969ebc1838f0b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21666_none_3872fc8d26578043\srv.sys : 467,456 : 02/18/2012 07:43 AM : 65784ff2d21f85a35e2590f65a6b2382 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys : 467,456 : 02/18/2012 07:54 AM : 10586f14752ace786ab120ff8bb6bda4 [Pos Repl] * C:\Windows\System32\drivers\stream.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_ba5987585153b623\stream.sys : 68,864 : 07/13/2009 08:06 PM : 001cc10fa5e71ae1119115e126c8750d [Pos Repl] * C:\Windows\System32\drivers\tape.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_6.1.7600.16385_none_ee1ec21ed6ff8107\tape.sys : 29,184 : 07/13/2009 08:01 PM : 6e316c01cba8b785fe495f5cc4f48c6f [Pos Repl] * C:\Windows\System32\drivers\tdi.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7600.16385_none_c2e33a334fa77fd1\tdi.sys : 26,624 : 07/13/2009 07:21 PM : 0ca6fe26acc7ffee1bd0463f40835f32 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7601.17514_none_c5144dfb4c96036b\tdi.sys : 26,624 : 11/20/2010 07:22 AM : 6f020a220388eca0ab6062dc27bd16b6 [Pos Repl] * C:\Windows\System32\drivers\tdpipe.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys : 15,872 : 07/13/2009 08:16 PM : 3371d21011695b16333a3934340c4e7c [Pos Repl] * C:\Windows\System32\drivers\tdtcp.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys : 23,552 : 07/13/2009 08:16 PM : e4245bda3190a582d55ed09e137401a9 [Pos Repl] * C:\Windows\System32\drivers\tdx.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys : 99,840 : 07/13/2009 07:21 PM : 079125c4b17b01fcaeebce0bcb290c0f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys : 119,296 : 11/20/2010 07:21 AM : ddad5a7ab24d8b65f8d724f5c20fd806 [Pos Repl] * C:\Windows\System32\drivers\udfs.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-udfs_31bf3856ad364e35_6.1.7600.16385_none_026e89ea3694b78b\udfs.sys : 327,168 : 07/13/2009 07:23 PM : d47baead86c65d4f4069d7ce0a4edceb [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-udfs_31bf3856ad364e35_6.1.7601.17514_none_049f9db233833b25\udfs.sys : 328,192 : 11/20/2010 07:26 AM : ff4232a1a64012baa1fd97c7b67df593 [Pos Repl] * C:\Windows\System32\drivers\usb8023.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_20e1b69f6c5c4250\usb8023.sys : 19,968 : 07/13/2009 08:09 PM : d0fe8cb5f84303e73ff0754437fad3d1 [Pos Repl] * C:\Windows\System32\drivers\usbcamd2.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7600.16385_none_fb7d533791ec1504\USBCAMD2.sys : 32,896 : 07/13/2009 08:06 PM : faec06c1d24e2770ecc4f7c37659824d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_fdae66ff8eda989e\USBCAMD2.sys : 32,896 : 11/20/2010 08:44 AM : 292a8e03b3fce04e39b5be9b14132030 [Pos Repl] * C:\Windows\System32\drivers\usbccgp.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys : 98,816 : 02/18/2012 08:52 AM : 6f1a3157a1c89435352ceb543cdb359c [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbccgp.sys : 98,816 : 11/20/2010 08:44 AM : 481dff26b4dca8f4cbac1f7dce1d6829 [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_26ed589d28235a16\usbccgp.sys : 98,816 : 07/13/2009 08:06 PM : b26afb54a534d634523c4fb66765b026 [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16788_none_26f0611328209ab7\usbccgp.sys : 98,816 : 02/18/2012 08:52 AM : 7b6a127c93ee590e4d79a5f2a76fe46f [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.20934_none_27ac0e3841194697\usbccgp.sys : 99,328 : 02/18/2012 08:52 AM : 537a4e03d7103c12d42dfd8ffdb5bdc9 [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbccgp.sys : 98,816 : 11/20/2010 08:44 AM : 481dff26b4dca8f4cbac1f7dce1d6829 [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbccgp.sys : 98,816 : 02/18/2012 08:52 AM : 6f1a3157a1c89435352ceb543cdb359c [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbccgp.sys : 99,328 : 02/18/2012 08:52 AM : 19ad7990c0b67e48dac5b26f99628223 [Pos Repl] * C:\Windows\System32\drivers\usbd.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys : 7,936 : 02/18/2012 08:52 AM : cca2ab1752a61f29c3c941cd79d78cea [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbd.sys : 7,936 : 07/13/2009 08:06 PM : 63c8d74bed9f80f4dd0aa7a3101eb639 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbd.sys : 7,936 : 07/13/2009 08:06 PM : 63c8d74bed9f80f4dd0aa7a3101eb639 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbd.sys : 7,936 : 02/18/2012 08:52 AM : 70b5a5a7e0ddd5ebaf6e35b7257a6b9d [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbd.sys : 7,936 : 02/18/2012 08:52 AM : f96f7835c8818895c47f6213e3a01f5d [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbd.sys : 7,936 : 07/13/2009 08:06 PM : 63c8d74bed9f80f4dd0aa7a3101eb639 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbd.sys : 7,936 : 02/18/2012 08:52 AM : cca2ab1752a61f29c3c941cd79d78cea [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbd.sys : 7,936 : 02/18/2012 08:52 AM : 9fed58941ec600a96cb0cc37ec841ffb [Pos Repl] * C:\Windows\System32\drivers\usbehci.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys : 52,736 : 02/18/2012 08:52 AM : c025055fe7b87701eb042095df1a2d7b [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbehci.sys : 52,224 : 11/20/2010 08:43 AM : 74ee782b1d9c241efe425565854c661c [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbehci.sys : 51,200 : 07/13/2009 08:06 PM : 2ea4aff7be7eb4632e3aa8595b0803b5 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbehci.sys : 52,224 : 02/18/2012 08:52 AM : 92969ba5ac44e229c55a332864f79677 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbehci.sys : 52,224 : 02/18/2012 08:52 AM : fbb21ebe49f6d560db37ac25fbc68e66 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbehci.sys : 52,224 : 11/20/2010 08:43 AM : 74ee782b1d9c241efe425565854c661c [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbehci.sys : 52,736 : 02/18/2012 08:52 AM : c025055fe7b87701eb042095df1a2d7b [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbehci.sys : 52,736 : 02/18/2012 08:52 AM : db1d7bfac2ae51766aad8f4edad753d0 [Pos Repl] * C:\Windows\System32\drivers\usbhub.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys : 343,040 : 11/20/2010 08:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbhub.sys : 343,040 : 11/20/2010 08:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_26ed589d28235a16\usbhub.sys : 343,040 : 07/13/2009 08:07 PM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16788_none_26f0611328209ab7\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : e7df1cfd28ca86b35ef5add0735ceef3 [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.20934_none_27ac0e3841194697\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 6b7a8a99c4a459e73c286a6763ea24cc [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbhub.sys : 343,040 : 11/20/2010 08:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl] +-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 8b892002d7b79312821169a14317ab86 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbhub.sys : 343,040 : 07/13/2009 08:07 PM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : e7df1cfd28ca86b35ef5add0735ceef3 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 6b7a8a99c4a459e73c286a6763ea24cc [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbhub.sys : 343,040 : 11/20/2010 08:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbhub.sys : 343,040 : 02/18/2012 08:52 AM : 8b892002d7b79312821169a14317ab86 [Pos Repl] * C:\Windows\System32\drivers\usbport.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys : 325,120 : 02/18/2012 08:52 AM : ae259c75f9a0b057b6bf9e9695632b09 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbport.sys : 325,120 : 11/20/2010 08:44 AM : b6d64ee607637301ff8c33139b4950de [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbport.sys : 324,608 : 07/13/2009 08:06 PM : a91291136d1e70966645252f6b828711 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbport.sys : 324,608 : 02/18/2012 08:52 AM : bbf36eb7117f6b976975c9d8d877df18 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbport.sys : 324,608 : 02/18/2012 08:52 AM : b37c3bf3ffc97177b1a9c016b7c8cdd6 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbport.sys : 325,120 : 11/20/2010 08:44 AM : b6d64ee607637301ff8c33139b4950de [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbport.sys : 325,120 : 02/18/2012 08:52 AM : ae259c75f9a0b057b6bf9e9695632b09 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbport.sys : 325,120 : 02/18/2012 08:52 AM : 985205ef2e427b4f5e464f0f0f8671f0 [Pos Repl] * C:\Windows\System32\drivers\USBSTOR.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\USBSTOR.SYS : 91,648 : 11/20/2010 08:44 AM : d76510cfa0fc09023077f22c2f979d86 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS : 91,648 : 02/18/2012 08:50 AM : fed648b01349a3c8395a5169db5fb7d6 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS : 89,600 : 07/13/2009 08:06 PM : 080d3820da6c046be82fc8b45a893e83 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16778_none_a48918bfb179469a\USBSTOR.SYS : 91,136 : 02/18/2012 08:50 AM : f39983647bc1f3e6100778ddfe9dce29 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.20921_none_a541c506ca74a675\USBSTOR.SYS : 91,136 : 02/18/2012 08:50 AM : 3a6cb8c3b8904f01e73d10081b7d0ec7 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS : 91,648 : 11/20/2010 08:44 AM : d76510cfa0fc09023077f22c2f979d86 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_a66e757baea0992f\USBSTOR.SYS : 91,648 : 02/18/2012 08:50 AM : fed648b01349a3c8395a5169db5fb7d6 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_a6e64054c7cca389\USBSTOR.SYS : 91,648 : 02/18/2012 08:50 AM : 36106ac439edfbb7b8bdbf99079c7590 [Pos Repl] * C:\Windows\System32\drivers\usbuhci.sys [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys : 30,720 : 02/18/2012 08:52 AM : 62069a34518bcf9c1fd9e74b3f6db7cd [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbuhci.sys : 30,720 : 02/18/2012 08:52 AM : bc3070350a491d84b518d7cca9abd36f [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbuhci.sys : 30,720 : 02/18/2012 08:52 AM : 0b5b3b2df3fd1709618acfa50b8392b0 [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbuhci.sys : 30,720 : 02/18/2012 08:52 AM : 62069a34518bcf9c1fd9e74b3f6db7cd [Pos Repl] +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbuhci.sys : 30,720 : 02/18/2012 08:52 AM : 23d13cd7d90e8857f06647fed5d0f3dd [Pos Repl] * C:\Windows\System32\drivers\vga.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-standardvga_31bf3856ad364e35_6.1.7600.16385_none_f881232cf3b0c322\vga.sys : 29,184 : 07/13/2009 07:38 PM : 53e92a310193cb3c03bea963de7d9cfc [Pos Repl] * C:\Windows\System32\drivers\videoprt.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-videoport_31bf3856ad364e35_6.1.7600.16385_none_180f3dba1e158073\videoprt.sys : 129,024 : 07/13/2009 07:38 PM : e7353d59c9842bc7299faeb7e7e09340 [Pos Repl] * C:\Windows\System32\drivers\wanarp.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\wanarp.sys : 88,576 : 07/13/2009 08:10 PM : 47ca49400643effd3f1c9a27e1d69324 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\wanarp.sys : 88,576 : 11/20/2010 08:52 AM : 356afd78a6ed4457169241ac3965230c [Pos Repl] * C:\Windows\System32\drivers\ws2ifsl.sys [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys : 21,504 : 07/13/2009 08:10 PM : 6bcc1d7d2fd2453957c5479a32364e52 [Pos Repl] * C:\Windows\System32\dsound.dll [NoSig] +-> C:\Windows\SysWOW64\dsound.dll : 453,632 : 07/13/2009 09:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_b490afff5b93e5a7\dsound.dll : 540,672 : 07/13/2009 09:40 PM : 9110ffad124283f37d38771bb60556af [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll : 453,632 : 07/13/2009 09:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl] * C:\Windows\System32\dwm.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe : 120,320 : 07/13/2009 09:39 PM : f162d5f5e845b9dc352dd1bad8cef1bc [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe : 120,320 : 07/13/2009 09:39 PM : f162d5f5e845b9dc352dd1bad8cef1bc [Pos Repl] * C:\Windows\System32\es.dll [NoSig] +-> C:\Windows\SysWOW64\es.dll : 271,360 : 07/13/2009 09:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll : 402,944 : 07/13/2009 09:40 PM : 4166f82be4d24938977dd1746be9b8a0 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll : 271,360 : 07/13/2009 09:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl] * C:\Windows\System32\hid.dll [NoSig] +-> C:\Windows\SysWOW64\hid.dll : 22,016 : 07/13/2009 09:15 PM : 63df770df74acb370ef5a16727069aaf [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede\hid.dll : 30,208 : 07/13/2009 09:41 PM : 896f15a6434d93edb42519d5e18e6b50 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_3cf5e466d58070d9\hid.dll : 22,016 : 07/13/2009 09:15 PM : 63df770df74acb370ef5a16727069aaf [Pos Repl] * C:\Windows\System32\hnetcfg.dll [NoSig] +-> C:\Windows\SysWOW64\hnetcfg.dll : 288,256 : 07/13/2009 09:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll : 424,448 : 07/13/2009 09:41 PM : 3b367397320c26dba890b260f80d1b1b [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_167fe1ade2ab4f33\hnetcfg.dll : 288,256 : 07/13/2009 09:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl] * C:\Windows\System32\ias.dll [NoSig] +-> C:\Windows\SysWOW64\ias.dll : 19,456 : 07/13/2009 09:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_54f5cc4b5c3749bf\ias.dll : 26,624 : 07/13/2009 09:41 PM : 39415b10172c431f5ab87488d79e9dc4 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_5726e0135925cd59\ias.dll : 26,624 : 07/13/2009 09:41 PM : 39415b10172c431f5ab87488d79e9dc4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll : 19,456 : 07/13/2009 09:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll : 19,456 : 07/13/2009 09:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl] * C:\Windows\System32\imm32.dll [NoSig] +-> C:\Windows\SysWOW64\imm32.dll : 119,808 : 11/20/2010 09:08 AM : a6f09e5669d9a19035f6d942caa15882 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll : 167,424 : 07/13/2009 09:41 PM : aa2c08ce85653b1a0d2e4ab407fa176c [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll : 119,808 : 07/13/2009 09:11 PM : 0de3069d6e09ba262856ef31c941befe [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll : 119,808 : 11/20/2010 09:08 AM : a6f09e5669d9a19035f6d942caa15882 [Pos Repl] * C:\Windows\System32\ipsecsvc.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_a003697905b64513\IPSECSVC.DLL : 500,224 : 07/13/2009 09:41 PM : 166eb40d1f5b47e615de3d0fffe5f243 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\IPSECSVC.DLL : 501,248 : 11/20/2010 09:26 AM : 4f15d75adf6156bf56eced6d4a55c389 [Pos Repl] * C:\Windows\System32\kernel32.dll [NoSig] +-> C:\Windows\SysWOW64\kernel32.dll : 1,114,112 : 02/18/2012 09:02 AM : 99c3f8e9cc59d95666eb8d8a8b4c2beb [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll : 1,162,240 : 07/13/2009 09:41 PM : 5b4b379ad10deda4eda01b8c6961b193 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll : 1,162,240 : 02/18/2012 09:58 AM : 98da1b7572dad6ba10296e0df0950b37 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll : 1,162,240 : 02/18/2012 09:02 AM : ddbd24dc04da5fd0edf45cf72b7c01e2 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll : 1,162,240 : 02/18/2012 09:58 AM : 8225958bac83eafcdb6bab6ee5edf6e6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll : 1,162,240 : 02/18/2012 09:02 AM : 06835b46d9676bedd80af25acf6845fd [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll : 1,161,216 : 11/20/2010 09:26 AM : 7a6326d96d53048fdec542df23d875a0 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll : 1,162,752 : 02/18/2012 09:58 AM : 0e1b2e16235aa7f89f064ee75dfc905e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll : 1,162,752 : 02/18/2012 09:02 AM : b9b42a302325537d7b9dc52d47f33a73 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll : 1,163,264 : 02/18/2012 09:58 AM : 6743e8705a96fcbf71279b5ae2ccfdbc [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll : 1,163,264 : 02/18/2012 09:02 AM : 27ac02d8ee4c02e7648c41cb880151da [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll : 836,608 : 07/13/2009 09:11 PM : 606ecb76a424cc535407e7a24e2a34bc [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll : 837,120 : 02/18/2012 09:58 AM : 40eacee0b6432cbe2459a11b298e9d88 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll : 1,048,576 : 02/18/2012 09:02 AM : 4ea99f1644627b1ebad99d0b93cdee1c [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll : 1,114,112 : 02/18/2012 09:58 AM : 6eb2aee15c20681e323e9a3e334fe6cf [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll : 1,114,112 : 02/18/2012 09:02 AM : 2113248db2d1af9ca790b09f3e6c6e85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll : 837,632 : 11/20/2010 09:08 AM : e80758cf485db142fca1ee03a34ead05 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll : 837,632 : 02/18/2012 09:58 AM : 166116134c58dc36400de59acd64fb39 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll : 1,114,112 : 02/18/2012 09:02 AM : 99c3f8e9cc59d95666eb8d8a8b4c2beb [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll : 837,632 : 02/18/2012 09:58 AM : cc5cbc069944e7ea70d8674478a70a37 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll : 1,114,112 : 02/18/2012 09:02 AM : d3cb12854171df61d117d7c2bf22c675 [Pos Repl] * C:\Windows\System32\ksuser.dll [NoSig] +-> C:\Windows\SysWOW64\ksuser.dll : 4,608 : 07/13/2009 09:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll : 5,120 : 07/13/2009 09:41 PM : 8560fffc8eb3a806dcd4f82252cfc8c6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll : 5,120 : 07/13/2009 09:41 PM : 8560fffc8eb3a806dcd4f82252cfc8c6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll : 4,608 : 07/13/2009 09:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll : 4,608 : 07/13/2009 09:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl] * C:\Windows\System32\linkinfo.dll [NoSig] +-> C:\Windows\SysWOW64\linkinfo.dll : 22,016 : 07/13/2009 09:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll : 29,696 : 07/13/2009 09:41 PM : a0a65d306a5490d2eb8e7de66898ecfd [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll : 22,016 : 07/13/2009 09:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl] * C:\Windows\System32\lpk.dll [NoSig] +-> C:\Windows\SysWOW64\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_05fd2109740fb383\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_065c7e6e8d4cdc68\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_1051cb5ba870757e\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_10b128c0c1ad9e63\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl] * C:\Windows\System32\lsass.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe : 31,232 : 07/13/2009 09:39 PM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe : 31,232 : 02/18/2012 09:12 AM : 156f6159457d0aa7e59b62681b56eb90 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe : 31,232 : 02/18/2012 09:12 AM : d21bd47e528cd62e79311fb5df0150e6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe : 31,232 : 07/13/2009 09:39 PM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe : 31,232 : 02/18/2012 09:12 AM : c118a82cd78818c29ab228366ebf81c3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe : 31,232 : 02/18/2012 09:12 AM : 0a10b74fbb437ff9a23f1d5de4446a83 [Pos Repl] * C:\Windows\System32\lsm.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7600.16385_none_0139be68243bb634\lsm.exe : 333,312 : 07/13/2009 09:39 PM : 04fca22b77a2e37332cc8226187af87b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce\lsm.exe : 343,040 : 11/20/2010 09:24 AM : 9662ee182644511439f1c53745dc1c88 [Pos Repl] * C:\Windows\System32\midimap.dll [NoSig] +-> C:\Windows\SysWOW64\midimap.dll : 16,896 : 07/13/2009 09:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\midimap.dll : 20,480 : 07/13/2009 09:41 PM : ca2a0750ed830678997695ff61b04c30 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll : 16,896 : 07/13/2009 09:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl] * C:\Windows\System32\mshtml.dll [NoSig] +-> C:\Windows\SysWOW64\mshtml.dll : 12,279,808 : 02/18/2012 09:10 AM : 66c0aee61d1c5c35bf1b4642a153b114 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_89f24b7ab2dc7a40\mshtml.dll : 9,271,296 : 07/13/2009 09:41 PM : 12c3f25ea578daa752024e1918d59313 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_8a3031bcb2ae7b31\mshtml.dll : 9,302,528 : 02/18/2012 09:41 AM : b26512f06ac6e6841f9092da5cd07b15 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_8a08f334b2cb5051\mshtml.dll : 9,311,744 : 02/18/2012 09:48 AM : f8f007bc2705cd11b2087635a5d0d3fd [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_8a8d8e8dcbed7168\mshtml.dll : 9,306,624 : 02/18/2012 09:41 AM : b9c8db637f63838b977ad44190677f43 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_8ad57201cbb6784a\mshtml.dll : 9,309,696 : 02/18/2012 09:48 AM : 2b300279e66420f30e68e7b613b5a03d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll : 8,988,160 : 11/20/2010 09:27 AM : 1c8b787baa52dead1a6fec1502d652f0 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll : 8,995,328 : 02/18/2012 09:41 AM : 688872e9cafcc2758e7fe92a0622b4f9 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_8be17f70affc8c29\mshtml.dll : 8,995,328 : 02/18/2012 09:48 AM : b2716dec935fd5c8eea66c1c0f7f5504 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll : 8,995,328 : 02/18/2012 09:41 AM : d0afd5813136f0eac80a048740553840 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_8c6e1d19c91777f8\mshtml.dll : 8,995,328 : 02/18/2012 09:48 AM : 929f6341d1743d018d15b574b18b0d97 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_87e150ddf4cd3dc7\mshtml.dll : 17,773,056 : 03/28/2011 07:24 PM : 82682ba2df50b94cd798b8315b3f7896 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16430_none_87d580a7f4d64061\mshtml.dll : 17,773,568 : 02/18/2012 07:53 AM : 8c18bfbf9a4a6ec794212bf266d4ef99 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_87d981cff4d2a5bd\mshtml.dll : 17,782,272 : 02/18/2012 07:03 AM : b721efcc393d76390a319a8a30b1b654 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll : 17,781,760 : 02/18/2012 07:06 AM : 02b4e6ccca443568764281391635f5a4 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll : 17,786,368 : 02/18/2012 07:10 AM : e7bd23bec69cf23436eede9b18de186d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20530_none_885f1d730df3e02b\mshtml.dll : 17,773,568 : 02/18/2012 07:53 AM : bb8e60ee55e3b48f893e71a09c2d420b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20534_none_88631e9b0df04587\mshtml.dll : 17,782,272 : 02/18/2012 07:03 AM : 79184cda49ef6a445ff152ec58c7eb5d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_88661f790ded918c\mshtml.dll : 17,781,760 : 02/18/2012 07:06 AM : 0254785c0a7715e478fe89540a992cb5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll : 17,786,368 : 02/18/2012 07:10 AM : 5770c4ba825c42d6efd9486029747108 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll : 5,957,632 : 07/13/2009 09:15 PM : 43592d31aff84dd957199248898d9430 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_9484dc0ee70f3d2c\mshtml.dll : 5,980,672 : 02/18/2012 09:41 AM : 6e9e2d2dc298fe9a3a3c164fb8a2c9ea [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_945d9d86e72c124c\mshtml.dll : 5,981,696 : 02/18/2012 09:48 AM : c75417dd80fe9d56a906dd9da791ed6f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_94e238e0004e3363\mshtml.dll : 5,980,672 : 02/18/2012 09:41 AM : a8b89a12e7a379ac443fb002f4aab51f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_952a1c5400173a45\mshtml.dll : 5,982,720 : 02/18/2012 09:48 AM : f861a76f208bd31031a91412aa77bd4f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll : 5,977,600 : 11/20/2010 09:19 AM : c50799f0d47dfb9774f721521b6c41d5 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll : 5,980,672 : 02/18/2012 09:41 AM : 1c6045d48179d15a843486d12bec0eaf [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_963629c2e45d4e24\mshtml.dll : 5,981,696 : 02/18/2012 09:48 AM : 3d2f69861d7b24a3c5b0473583fe3d9d [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll : 5,980,672 : 02/18/2012 09:41 AM : 1011333570e1cecae8fac34c8d9461bc [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_96c2c76bfd7839f3\mshtml.dll : 5,981,696 : 02/18/2012 09:48 AM : 5e87c06b924495f6fa381391fde0c9d4 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_9235fb30292dffc2\mshtml.dll : 12,268,544 : 03/28/2011 07:24 PM : 4def8126cabaa6cdc12103cd74c6a919 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16430_none_922a2afa2937025c\mshtml.dll : 12,269,056 : 02/18/2012 07:53 AM : 3f63f95c998f7e1af409bc74e83d45e5 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll : 12,273,664 : 02/18/2012 07:03 AM : e6d5c7e4aac0c682169aa5021386eff3 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_92312d002930b3bd\mshtml.dll : 12,275,200 : 02/18/2012 07:06 AM : 04e0cd31a63dfc0d73725a3d1768fb5a [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll : 12,279,808 : 02/18/2012 07:10 AM : 66c0aee61d1c5c35bf1b4642a153b114 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20530_none_92b3c7c54254a226\mshtml.dll : 12,269,056 : 02/18/2012 07:53 AM : 858ad7ec121dbc3d39d4abfe2e7e789c [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20534_none_92b7c8ed42510782\mshtml.dll : 12,273,664 : 02/18/2012 07:03 AM : f2966190d2c20c585a730f9c0b3c7373 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_92bac9cb424e5387\mshtml.dll : 12,275,200 : 02/18/2012 07:06 AM : 8c93aed0a332209434b62162d03c38c9 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_92acf90142592373\mshtml.dll : 12,279,808 : 02/18/2012 07:10 AM : a21b983e40578d0e6cfa9864ac4e1219 [Pos Repl] * C:\Windows\System32\msimg32.dll [NoSig] +-> C:\Windows\SysWOW64\msimg32.dll : 4,608 : 07/13/2009 09:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll : 8,192 : 07/13/2009 09:41 PM : e424b3ef666b184cee0b6871aaa8c9f6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll : 4,608 : 07/13/2009 09:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl] * C:\Windows\System32\msprivs.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.1.7600.16385_none_680de2b99516e12e\msprivs.dll : 2,048 : 07/13/2009 09:29 PM : 02b64609f865a39365ff88580df11738 [Pos Repl] * C:\Windows\System32\msvcrt.dll [NoSig] +-> C:\Windows\SysWOW64\msvcrt.dll : 690,688 : 07/13/2009 09:15 PM : e46d48a7fe961401f1cbf85531cdf05d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll : 634,880 : 07/13/2009 09:41 PM : 7319bb10fa1f86e49e3dcf4136f6c957 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll : 690,688 : 07/13/2009 09:15 PM : e46d48a7fe961401f1cbf85531cdf05d [Pos Repl] * C:\Windows\System32\mswsock.dll [NoSig] +-> C:\Windows\SysWOW64\mswsock.dll : 232,448 : 11/20/2010 09:19 AM : 8999b8631c7fd9f7f9ec3cafd953ba24 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll : 320,000 : 07/13/2009 09:41 PM : fc76fe3c1e1fdb761244d4f74ef560fd [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll : 326,144 : 11/20/2010 09:27 AM : 1d5185a4c7e6695431ae4b55c3d7d333 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll : 232,448 : 07/13/2009 09:15 PM : 11a41f17527ed75d6b758fdd7f4fd00d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll : 232,448 : 11/20/2010 09:19 AM : 8999b8631c7fd9f7f9ec3cafd953ba24 [Pos Repl] * C:\Windows\System32\netlogon.dll [NoSig] +-> C:\Windows\SysWOW64\netlogon.dll : 563,712 : 11/20/2010 09:20 AM : c1809b9907adedaf16f50c894100883b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll : 692,736 : 07/13/2009 09:41 PM : 956d030d375f207b22fb111e06ef9c35 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll : 695,808 : 11/20/2010 09:27 AM : aa339dd8bb128ef66660dfbbb59043d3 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll : 563,712 : 07/13/2009 09:16 PM : eaa75d9000b71f10eec04d2ae6c60e81 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll : 563,712 : 11/20/2010 09:20 AM : c1809b9907adedaf16f50c894100883b [Pos Repl] * C:\Windows\System32\netman.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll : 360,448 : 07/13/2009 09:41 PM : 847d3ae376c0817161a14a82c8922a9e [Pos Repl] * C:\Windows\System32\ole32.dll [NoSig] +-> C:\Windows\SysWOW64\ole32.dll : 1,414,144 : 11/20/2010 09:20 AM : 928cf7268086631f54c3d8e17238c6dd [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_081299030c02672b\ole32.dll : 2,084,352 : 07/13/2009 09:41 PM : 4b25dde615ac2cabab73169ca7da96e6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll : 2,086,912 : 11/20/2010 09:27 AM : 6c60b5aca7442efb794082cdacfc001c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll : 1,412,608 : 07/13/2009 09:16 PM : 4acb903ad1693858a918907358cbd9e4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll : 1,414,144 : 11/20/2010 09:20 AM : 928cf7268086631f54c3d8e17238c6dd [Pos Repl] * C:\Windows\System32\perfctrs.dll [NoSig] +-> C:\Windows\SysWOW64\perfctrs.dll : 39,424 : 07/13/2009 09:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_8d682f6a76cad93f\perfctrs.dll : 44,544 : 07/13/2009 09:41 PM : 8056a3e51b569c3f437a5026a0abe66d [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll : 39,424 : 07/13/2009 09:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl] * C:\Windows\System32\powrprof.dll [NoSig] +-> C:\Windows\SysWOW64\powrprof.dll : 145,408 : 07/13/2009 09:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll : 167,424 : 07/13/2009 09:41 PM : 716175021bda290504ce434273f666bc [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll : 145,408 : 07/13/2009 09:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl] * C:\Windows\System32\psbase.dll [NoSig] +-> C:\Windows\SysWOW64\psbase.dll : 50,688 : 07/13/2009 09:16 PM : 274992d0945889a6b56d0e1bd4288a6e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b\psbase.dll : 52,224 : 07/13/2009 09:41 PM : ab95fbae4f9a5a56b177cec427b2b35e [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_ae92b0937e708d46\psbase.dll : 50,688 : 07/13/2009 09:16 PM : 274992d0945889a6b56d0e1bd4288a6e [Pos Repl] * C:\Windows\System32\pstorsvc.dll [NoSig] +-> C:\Windows\SysWOW64\pstorsvc.dll : 23,552 : 07/13/2009 09:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b\pstorsvc.dll : 36,352 : 07/13/2009 09:41 PM : 35ba5aa671887fe8a62b88a9a6229fd5 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_ae92b0937e708d46\pstorsvc.dll : 23,552 : 07/13/2009 09:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [Pos Repl] * C:\Windows\System32\qmgr.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll : 848,384 : 07/13/2009 09:41 PM : 7f0c323fe3da28aa4aa1bda3f575707f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll : 849,920 : 11/20/2010 09:27 AM : 1ea7969e3271cbc59e1730697dc74682 [Pos Repl] * C:\Windows\System32\rasadhlp.dll [NoSig] +-> C:\Windows\SysWOW64\rasadhlp.dll : 11,776 : 07/13/2009 09:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasadhlp.dll : 16,384 : 07/13/2009 09:41 PM : 88351b29b622b30962d2feb6ca8d860b [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll : 11,776 : 07/13/2009 09:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl] * C:\Windows\System32\regsvc.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll : 159,232 : 07/13/2009 09:41 PM : e4d94f24081440b5fc5aa556c7c62702 [Pos Repl] * C:\Windows\System32\rpcss.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 09:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 09:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl] * C:\Windows\System32\scecli.dll [NoSig] +-> C:\Windows\SysWOW64\scecli.dll : 175,616 : 11/20/2010 09:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll : 232,448 : 07/13/2009 09:41 PM : 398712dddaefb85edf61df6a07b65c79 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll : 232,960 : 11/20/2010 09:27 AM : ed78427259134c63ed69804d2132b86c [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll : 175,616 : 07/13/2009 09:16 PM : 26073302daea83cc5b944c546d6b47d2 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll : 175,616 : 11/20/2010 09:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [Pos Repl] * C:\Windows\System32\schannel.dll [NoSig] +-> C:\Windows\SysWOW64\schannel.dll : 224,768 : 02/18/2012 09:12 AM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_7e0b3cb56ef3dd68\schannel.dll : 348,672 : 07/13/2009 09:41 PM : 5a148b1574be77742d337ec81c23fc7a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_7e56f78d6ebb08bb\schannel.dll : 340,992 : 02/18/2012 09:12 AM : 65238bdc2ec498ef5bc52ccf0ac2736b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_7e86ea56881c7223\schannel.dll : 339,456 : 02/18/2012 09:12 AM : 4abe93525123ba830a3d33ea0d5d93ad [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_803c507d6be26102\schannel.dll : 340,992 : 11/20/2010 09:27 AM : a199de544bf5c61c134b22c7592226fc [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098\schannel.dll : 340,992 : 02/18/2012 09:12 AM : fbd1d2169aceee3073861f8ca3a28c49 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_808ce09a852b3aca\schannel.dll : 340,992 : 02/18/2012 09:12 AM : ed848d806f639ce611b3bedc6c958140 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_885fe707a3549f63\schannel.dll : 220,160 : 07/13/2009 09:16 PM : 0a53fd4ebbd92002ccc362a9b8087885 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_88aba1dfa31bcab6\schannel.dll : 224,768 : 02/18/2012 09:12 AM : 83041697ae93aa4b783ae8746904edd2 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_88db94a8bc7d341e\schannel.dll : 224,768 : 02/18/2012 09:12 AM : cb6b6b1f8d283de4540445c5313cb445 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_8a90facfa04322fd\schannel.dll : 224,256 : 11/20/2010 09:21 AM : 135f7ac9be35ab1df727faf2e60e92f8 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_8a872ef9a04a5293\schannel.dll : 224,768 : 02/18/2012 09:12 AM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_8ae18aecb98bfcc5\schannel.dll : 224,768 : 02/18/2012 09:12 AM : 3dbcbd8adb406c43a2127544d7ba974e [Pos Repl] * C:\Windows\System32\schedsvc.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll : 1,104,384 : 07/13/2009 09:41 PM : ec56b171f85c7e855e7b0588ac503eea [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll : 1,110,016 : 11/20/2010 09:27 AM : 262f6592c3299c005fd6bec90fc4463a [Pos Repl] * C:\Windows\System32\services.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe : 328,704 : 07/13/2009 09:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl] * C:\Windows\System32\setupapi.dll [NoSig] +-> C:\Windows\SysWOW64\setupapi.dll : 1,667,584 : 11/20/2010 09:21 AM : 10fb16b50affda6d44588f3c445dc273 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_90ea4b57dfeee0fc\setupapi.dll : 1,899,520 : 07/13/2009 09:41 PM : 6a4ea4c29fbf78112ae20013fb71e9c1 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_931b5f1fdcdd6496\setupapi.dll : 1,900,544 : 11/20/2010 09:27 AM : 5d8e6c95156ed1f79a63d1eade6f9ed5 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_9b3ef5aa144fa2f7\setupapi.dll : 1,668,608 : 07/13/2009 09:16 PM : 41323ab614a2b66ad77b1121d24ac895 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\setupapi.dll : 1,667,584 : 11/20/2010 09:21 AM : 10fb16b50affda6d44588f3c445dc273 [Pos Repl] * C:\Windows\System32\sfc.dll [NoSig] +-> C:\Windows\SysWOW64\sfc.dll : 2,560 : 07/13/2009 09:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll : 3,072 : 07/13/2009 09:33 PM : c6dcd1d11ed6827f05c00773c3e7053c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll : 2,560 : 07/13/2009 09:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl] * C:\Windows\System32\shsvcs.dll [NoSig] +-> C:\Windows\SysWOW64\shsvcs.dll : 328,192 : 11/20/2010 09:21 AM : 414da952a35bf5d50192e28263b40577 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll : 369,664 : 07/13/2009 09:41 PM : 0298ac45d0efffb2db4baa7dd186e7bf [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll : 370,688 : 11/20/2010 09:27 AM : aaf932b4011d14052955d4b212a4da8d [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_3379f9236aff5f84\shsvcs.dll : 328,192 : 07/13/2009 09:16 PM : cd2e48fa5b29ee2b3b5858056d246ef2 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll : 328,192 : 11/20/2010 09:21 AM : 414da952a35bf5d50192e28263b40577 [Pos Repl] * C:\Windows\System32\smss.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe : 112,640 : 07/13/2009 09:39 PM : 1911a3356fa3f77ccc825ccbac038c2a [Pos Repl] * C:\Windows\System32\spoolsv.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe : 558,080 : 07/13/2009 09:39 PM : 89e8550c5862999fcf482ea562b0e98e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe : 559,104 : 11/20/2010 09:25 AM : b96c17b5dc1424d56eea3a99e97428cd [Pos Repl] * C:\Windows\System32\ssdpsrv.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll : 193,024 : 07/13/2009 09:41 PM : 51b52fbd583cde8aa9ba62b8b4298f33 [Pos Repl] * C:\Windows\System32\svchost.exe [NoSig] +-> C:\Windows\SysWOW64\svchost.exe : 20,992 : 07/13/2009 09:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe : 27,136 : 07/13/2009 09:39 PM : c78655bc80301d76ed4fef1c1ea40a7d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe : 20,992 : 07/13/2009 09:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl] * C:\Windows\System32\tapisrv.dll [NoSig] +-> C:\Windows\SysWOW64\tapisrv.dll : 242,176 : 11/20/2010 09:21 AM : 613bf4820361543956909043a265c6ac [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll : 316,416 : 07/13/2009 09:41 PM : 884264ac597b690c5707c89723bb8e7b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll : 316,928 : 11/20/2010 09:27 AM : 40f0849f65d13ee87b9a9ae3c1dd6823 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll : 241,664 : 07/13/2009 09:16 PM : 2f46b0c70a4adc8c90cf825da3b4feaf [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll : 242,176 : 11/20/2010 09:21 AM : 613bf4820361543956909043a265c6ac [Pos Repl] * C:\Windows\System32\taskeng.exe [NoSig] +-> C:\Windows\SysWOW64\taskeng.exe : 192,000 : 11/20/2010 09:17 AM : 4f2659160afcca990305816946f69407 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_41a13ed5d88b73fe\taskeng.exe : 463,872 : 07/13/2009 09:39 PM : c1bdc97e8c9404245de87f1ef08d1764 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe : 464,384 : 11/20/2010 09:25 AM : 65ea57712340c09b1b0c427b4848ae05 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe : 190,464 : 07/13/2009 09:14 PM : de5dacebd4c89834ec6d2c41c8643cda [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe : 192,000 : 11/20/2010 09:17 AM : 4f2659160afcca990305816946f69407 [Pos Repl] * C:\Windows\System32\taskhost.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_84339a007406dfa0\taskhost.exe : 69,120 : 07/13/2009 09:39 PM : 3eefb971d61ef9638fd21f14c703ca11 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe : 69,120 : 11/20/2010 09:25 AM : 517110bd83835338c037269e603db55d [Pos Repl] * C:\Windows\System32\termsrv.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll : 706,560 : 07/13/2009 09:41 PM : 0f05ec2887bfe197ad82a13287d2f404 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll : 680,960 : 11/20/2010 09:27 AM : 2e648163254233755035b46dd7b89123 [Pos Repl] * C:\Windows\System32\upnphost.dll [NoSig] +-> C:\Windows\SysWOW64\upnphost.dll : 266,752 : 07/13/2009 09:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476\upnphost.dll : 353,792 : 07/13/2009 09:41 PM : d47ec6a8e81633dd18d2436b19baf6de [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll : 266,752 : 07/13/2009 09:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl] * C:\Windows\System32\user32.dll [NoSig] +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 11/20/2010 09:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1,008,640 : 07/13/2009 09:41 PM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 09:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833,024 : 07/13/2009 09:11 PM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 09:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl] * C:\Windows\System32\userinit.exe [NoSig] +-> C:\Windows\SysWOW64\userinit.exe : 26,624 : 11/20/2010 09:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe : 30,208 : 07/13/2009 09:39 PM : 6f8f1376a13114cc10c0e69274f5a4de [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe : 30,720 : 11/20/2010 09:25 AM : bafe84e637bf7388c96ef48d4d3fdd53 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe : 26,112 : 07/13/2009 09:14 PM : 6de80f60d7de9ce6b8c2ddfdf79ef175 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe : 26,624 : 11/20/2010 09:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [Pos Repl] * C:\Windows\System32\usp10.dll [NoSig] +-> C:\Windows\SysWOW64\usp10.dll : 626,176 : 11/20/2010 09:21 AM : 804aaafebb3ad5f49334dd906bcb1de5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll : 801,280 : 07/13/2009 09:41 PM : 5f2bdca5fa0f20a6f452cf0ee2a2b18c [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll : 800,256 : 11/20/2010 09:27 AM : 2f8b1e3ee3545d3b5a8d56fa1ae07b65 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll : 627,200 : 07/13/2009 09:16 PM : 0ba19f3198c40ac4e8cc66ee02eda6c6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll : 626,176 : 11/20/2010 09:21 AM : 804aaafebb3ad5f49334dd906bcb1de5 [Pos Repl] * C:\Windows\System32\UxTheme.dll [NoSig] +-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 09:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl] * C:\Windows\System32\version.dll [NoSig] +-> C:\Windows\SysWOW64\version.dll : 21,504 : 07/13/2009 09:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_70f340d66a96c29b\version.dll : 29,184 : 07/13/2009 09:41 PM : 94e026870a55aaeaff7853c1754091e9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll : 21,504 : 07/13/2009 09:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl] * C:\Windows\System32\w32time.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll : 381,952 : 07/13/2009 09:41 PM : 1c9d80cc3849b3788048078c26486e1a [Pos Repl] * C:\Windows\System32\wbem\wmiprvse.exe [NoSig] +-> C:\Windows\SysWOW64\wbem\WmiPrvSE.exe : 257,536 : 11/20/2010 09:17 AM : 4fb491ac8d46aaf22ba8bc5c73dabef7 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7600.16385_none_6c57b032a516106e\WmiPrvSE.exe : 368,640 : 07/13/2009 09:39 PM : 64d757051b5b273e55c93e4503ea4f3e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe : 372,736 : 11/20/2010 09:25 AM : 619a67c9f617b7e69315bb28ecd5e1df [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7600.16385_none_76ac5a84d976d269\WmiPrvSE.exe : 254,976 : 07/13/2009 09:14 PM : 203c3380a744ca5b9b1a9caeb57f7d57 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe : 257,536 : 11/20/2010 09:17 AM : 4fb491ac8d46aaf22ba8bc5c73dabef7 [Pos Repl] * C:\Windows\System32\wdigest.dll [NoSig] +-> C:\Windows\SysWOW64\wdigest.dll : 171,520 : 07/13/2009 09:16 PM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_96c23cbe96661a70\wdigest.dll : 210,432 : 07/13/2009 09:41 PM : 95fb6ca4374e343ddd653fcc43f9d26b [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_a116e710cac6dc6b\wdigest.dll : 171,520 : 07/13/2009 09:16 PM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl] * C:\Windows\System32\wiaservc.dll [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_8e892cb8cd0462ae\wiaservc.dll : 578,560 : 07/13/2009 09:41 PM : 52d0e33b681bd0f33fdc08812fee4f7d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_90ba4080c9f2e648\wiaservc.dll : 580,096 : 11/20/2010 09:27 AM : 8dd52e8e6128f4b2da92ce27402871c1 [Pos Repl] * C:\Windows\System32\wininet.dll [NoSig] +-> C:\Windows\SysWOW64\wininet.dll : 1,127,424 : 02/18/2012 09:10 AM : 02f98b5c0e397ad06124d84428cf8f1a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll : 1,193,472 : 07/13/2009 09:41 PM : b1037f0131c9a010d611f6914e03cd92 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_78d6129e325811fb\wininet.dll : 1,197,056 : 02/18/2012 09:41 AM : 8178d4c37f236bf810b2178415fe4949 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_78aed4163274e71b\wininet.dll : 1,197,056 : 02/18/2012 09:48 AM : 4daeeee0248f5d85751b05d9c6da28cc [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_79336f6f4b970832\wininet.dll : 1,198,080 : 02/18/2012 09:41 AM : 7ec667385c0d726c9d91d966886b7cfd [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_797b52e34b600f14\wininet.dll : 1,198,592 : 02/18/2012 09:48 AM : 5a33324b358d9b7e39424505ee242377 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll : 1,188,864 : 11/20/2010 09:27 AM : f6c5302e1f4813d552f41a0ac82455e5 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll : 1,188,864 : 02/18/2012 09:48 AM : ab026a724960570803e90dc370893bd0 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll : 1,189,376 : 02/18/2012 09:48 AM : 93679dc9407bfc602d7e6bfc027455e0 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll : 1,389,056 : 03/28/2011 07:24 PM : 1bf2bcc7e3c26fd4c8ef0c9efb0cc25d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll : 1,389,056 : 02/18/2012 07:03 AM : 0732b49b250e306f7a6591029af9885b [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll : 1,389,056 : 02/18/2012 07:06 AM : 271e8fb1354aa205a214f280a6766e30 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll : 1,390,080 : 02/18/2012 07:10 AM : 69151e566295e5a977fe71ffafd3b3f8 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20534_none_7708ff7c8d99dc51\wininet.dll : 1,389,056 : 02/18/2012 07:03 AM : 1a5a6898e90546b476d4e8a56626fc96 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll : 1,389,056 : 02/18/2012 07:06 AM : 1b2d2d8e611de70ceb13f104d39814ba [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll : 1,390,080 : 02/18/2012 07:10 AM : 244d45f786e33c169a93f70ba63babf8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll : 977,920 : 07/13/2009 09:16 PM : 0d874f3bc751cc2198af2e6783fb8b35 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll : 981,504 : 02/18/2012 09:41 AM : f019fca21f609e34b79ae130681d08f7 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll : 981,504 : 02/18/2012 09:48 AM : 214605c48ae416bc067c39d227cfcc57 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll : 981,504 : 02/18/2012 09:41 AM : 025031c16d3a486f6afe1c9b2fb1ade0 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll : 982,016 : 02/18/2012 09:48 AM : da2950bad7306006eba77dd93cc42690 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll : 980,992 : 11/20/2010 09:21 AM : 44214c94911c7cfb1d52cb64d5e8368d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll : 981,504 : 02/18/2012 09:48 AM : a5b19b240901cab0c8e7767d2873613e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll : 981,504 : 02/18/2012 09:48 AM : edeb2904636b657782f824d8ff97d0b8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll : 1,126,912 : 03/28/2011 07:24 PM : a1236375b74ea63c75657d564890c436 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll : 1,126,912 : 02/18/2012 07:03 AM : 2c7332c222d1fe1fc57d622699a8c001 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll : 1,126,912 : 02/18/2012 07:06 AM : d3788d91530cfa005bd516189a4c676e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll : 1,127,424 : 02/18/2012 07:10 AM : 02f98b5c0e397ad06124d84428cf8f1a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20534_none_1aea63f8d53c6b1b\wininet.dll : 1,126,912 : 02/18/2012 07:03 AM : aa75f065975fce762fc9bbf5a3c08368 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_1aed64d6d539b720\wininet.dll : 1,126,912 : 02/18/2012 07:06 AM : c0fcee8d760c70db6ef858bb2262288e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll : 1,127,424 : 02/18/2012 07:10 AM : 32569df2f9bef05dd7d56e30590edfd9 [Pos Repl] * C:\Windows\System32\wininit.exe [NoSig] +-> C:\Windows\SysWOW64\wininit.exe : 96,256 : 07/13/2009 09:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe : 129,024 : 07/13/2009 09:39 PM : 94355c28c1970635a31b3fe52eb7ceba [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe : 96,256 : 07/13/2009 09:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl] * C:\Windows\System32\winlogon.exe [NoSig] +-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe : 389,120 : 07/13/2009 09:39 PM : 132328df455b0028f13bf0abee51a63a [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390,656 : 11/20/2010 09:25 AM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl] * C:\Windows\System32\ws2_32.dll [NoSig] +-> C:\Windows\SysWOW64\ws2_32.dll : 206,848 : 11/20/2010 09:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll : 296,448 : 07/13/2009 09:41 PM : 7083f463788cb34fcc42f565d56f89e8 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll : 297,984 : 11/20/2010 09:27 AM : 4bbfa57f594f7e8a8edc8f377184c3f0 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll : 206,336 : 07/13/2009 09:16 PM : daae8a9b8c0acc7f858454132553c30d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll : 206,848 : 11/20/2010 09:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [Pos Repl] * C:\Windows\System32\ws2help.dll [NoSig] +-> C:\Windows\SysWOW64\ws2help.dll : 4,608 : 07/13/2009 09:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll : 4,608 : 07/13/2009 09:34 PM : 8396c6c26aaddfe4590ccef0f419b6b7 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll : 4,608 : 07/13/2009 09:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl] * C:\Windows\explorer.exe [NoSig] +-> C:\Windows\SysWOW64\explorer.exe : 2,616,320 : 02/18/2012 09:49 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/13/2009 09:39 PM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe : 2,870,272 : 02/18/2012 09:49 AM : 0862495e0c825893db75ef44faea8e93 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe : 2,870,784 : 02/18/2012 09:49 AM : e38899074d4951d31b4040e994dd7c8d [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2,872,320 : 11/20/2010 09:24 AM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/18/2012 09:49 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/18/2012 09:49 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/13/2009 09:14 PM : 15bc38a7492befe831966adb477cf76f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe : 2,614,784 : 02/18/2012 09:49 AM : 2af58d15edc06ec6fdacce1f19482bbf [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe : 2,614,784 : 02/18/2012 09:49 AM : 255cf508d7cfb10e0794d6ac93280bd8 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2,616,320 : 11/20/2010 09:17 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/18/2012 09:49 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/18/2012 09:49 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 04/14/2013 01:26:22 PM Execution time: 0 hours(s), 32 minute(s), and 13 seconds(s) I also ran the windows tweaking program in safe mode and it had multiple registry changes that it was going through and fixing. I cannot find the log anywhere though upon reboot. My iphone is also compromised as well as these computers. I have looked up my phones network address and it is always changing but it consistently comes up as the UK not Ontario Canada, where I am. The ip search if I trace it online of this computer goes all over the us before it ends up as my ISP ip. Does this perhaps help define the type of virus/trojan etc. that is messing things up. Upon reboot, many system changes as per usual with all of the computers, like remote desktop connections etc. etc. I also cannot access apple.com no matter how i try to search it to download itunes. Here is a trace of the IP that I am using on the computer(shared ip from ISP). Is this normal? 64.201.57.120 is from Canada(CA) in region North America TraceRoute from Network-Tools.com to 64.201.57.120 [silowireless-brt-kaa-unused120.fibrewired.on.ca] Hop (ms) (ms) (ms) IP Address Host name 1 0 0 0 206.123.64.42 - 2 0 0 0 64.124.196.225 xe-4-2-0.er2.dfw2.us.above.net 3 15 0 0 64.125.26.205 xe-0-0-0.er1.dfw2.us.above.net 4 1 1 0 64.125.12.170 - 5 1 1 1 154.54.7.45 te0-0-0-3.ccr21.dfw01.atlas.cogentco.com 6 11 11 11 154.54.5.170 te0-2-0-3.ccr21.mci01.atlas.cogentco.com 7 22 21 21 154.54.25.82 te0-1-0-2.ccr21.ord01.atlas.cogentco.com 8 44 44 43 154.54.30.237 te0-7-0-7.ccr21.yyz02.atlas.cogentco.com 9 44 44 43 154.54.40.154 te4-1.mag01.yyz02.atlas.cogentco.com 10 47 47 46 38.112.1.50 hamiltonhydroservices.demarc.cogentco.com 11 47 48 50 66.207.112.70 bb1-core-bra-kaa-g11-v3982.fibrewired.ca 12 47 47 47 64.201.57.22 silomail.com 13 Timed out Timed out Timed out - 14 Timed out Timed out Timed out Thanks so much for your help.

#12 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 01:40 PM

Sorry duplicate post

Edited by Kitkat1, 14 April 2013 - 01:45 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:00 AM

Posted 14 April 2013 - 03:10 PM

Everything you show so far is completely normal. So, if I understand you correctly the only problem you currently have in normal mode is that the computer can't connect to the internet?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 04:51 PM

I thank you for your patience in reading through these logs, but I find it hard to believe that these logs show absolutely nothing suspicious. This is a brand new 64 bit computer purchased from a store 6 days ago. I connected to the internet for probably 2 hours prior to the format and reinstall that happened yesterday. I have quickly connected and disconnected the internet between posts and responded on my phone for some replies to minimize internet use. I have only downloaded about 10 programs like gmer hijack this etc to get some log files. I have a hidden partition on the drive, and there are so many updates and programs on here that I have not downloaded. It should not freeze up and hide files, it is refusing me access to files with a lock icon, it has froze up and shut down about 6 times since yesterday at 4 pm when I picked it up from the repair store. I have taken the liberty of making a log with the show hidden program, and rogue killer to show you there is definitely a real problem here. I would really appreciate any insight into the problem with this less than 7 day old computer. Show hidden program log results Show Hidden by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com Show Hidden will display all hidden folders on your computer. You can use the -f argument to display hidden files as well. Program started at: 04/14/2013 04:40:23 PM Windows Version: Windows 7 Please be patient while your hard drives are scanned. Scanning the C:\ drive * C:\$Recycle.Bin * C:\$Recycle.Bin\S-1-5-21-1744270960-2220387155-2936850786-1000 * C:\$Recycle.Bin\S-1-5-21-1744270960-2220387155-2936850786-500 * C:\Boot * C:\Program Files (x86)\Common Files\Windows Live\.cache * C:\ProgramData\Microsoft\DRM\Server * C:\ProgramData\Microsoft\Windows\DRM * C:\ProgramData\Microsoft\Windows\DRM\Cache * C:\Recovery * C:\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa * C:\System Volume Information * C:\Users\All Users\Microsoft\DRM\Server * C:\Users\All Users\Microsoft\Windows\DRM * C:\Users\All Users\Microsoft\Windows\DRM\Cache * C:\Users\Public\Recorded TV\TempRec\TempSBE * C:\Users\user\AppData\Local\Microsoft\Feeds Cache * C:\Users\user\AppData\Local\Microsoft\Feeds Cache\AUS493TV * C:\Users\user\AppData\Local\Microsoft\Feeds Cache\CNNH0ONL * C:\Users\user\AppData\Local\Microsoft\Feeds Cache\HWHUH0WC * C:\Users\user\AppData\Local\Microsoft\Feeds Cache\KBGKKDLV * C:\Users\user\AppData\Local\Microsoft\Windows\History * C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5 * C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013041320130414 * C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013041420130415 * C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5 * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\010N3YAC * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PWGUV5O * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPEMZ3OA * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJYOHXGT * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8HQXY3HB * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2W25U3K * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OOEG6SVM * C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X26TZ98T * C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies * C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache * C:\Windows\Globalization\MCT * C:\Windows\Installer * C:\Windows\Installer\$PatchCache$ * C:\Windows\Installer\$PatchCache$\Managed * C:\Windows\Installer\$PatchCache$\Managed\019EAD8727ACE054DA2277C21B0A6087 * C:\Windows\Installer\$PatchCache$\Managed\019EAD8727ACE054DA2277C21B0A6087\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\01A2F000FDC9FB74C92FA98C57764B33 * C:\Windows\Installer\$PatchCache$\Managed\01A2F000FDC9FB74C92FA98C57764B33\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\0550E26E890C2A345BB430BFE1364438 * C:\Windows\Installer\$PatchCache$\Managed\0550E26E890C2A345BB430BFE1364438\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\06F372D55250AB845ABF0DAC4A9A25EA * C:\Windows\Installer\$PatchCache$\Managed\06F372D55250AB845ABF0DAC4A9A25EA\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\0BF568C2E15022D4CA2624E830A5AE0F * C:\Windows\Installer\$PatchCache$\Managed\0BF568C2E15022D4CA2624E830A5AE0F\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\0C0EC885B0688A94FAFCC39664B543F5 * C:\Windows\Installer\$PatchCache$\Managed\0C0EC885B0688A94FAFCC39664B543F5\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\0C8D398C0AB171541BC18EB9567EF207 * C:\Windows\Installer\$PatchCache$\Managed\0C8D398C0AB171541BC18EB9567EF207\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49 * C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\1E183A529BA0A7E4CAECAB945D91FCE4 * C:\Windows\Installer\$PatchCache$\Managed\1E183A529BA0A7E4CAECAB945D91FCE4\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\24199FEE7533C2042B89ED3C301ED229 * C:\Windows\Installer\$PatchCache$\Managed\24199FEE7533C2042B89ED3C301ED229\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF * C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\27A0F3573C95EC143AA62FFD029772C5 * C:\Windows\Installer\$PatchCache$\Managed\27A0F3573C95EC143AA62FFD029772C5\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\31BAE7FECF64DD94E8C3AA8F2A685CBB * C:\Windows\Installer\$PatchCache$\Managed\31BAE7FECF64DD94E8C3AA8F2A685CBB\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\327CF605C6E87144C9FF53F199314052 * C:\Windows\Installer\$PatchCache$\Managed\327CF605C6E87144C9FF53F199314052\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\41FDE30982E43644AAE5A4EE170C62B3 * C:\Windows\Installer\$PatchCache$\Managed\41FDE30982E43644AAE5A4EE170C62B3\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\42E3739227CAE424F8A2BFF049632FF1 * C:\Windows\Installer\$PatchCache$\Managed\42E3739227CAE424F8A2BFF049632FF1\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\433AE891F3A82BC4D916C6018B61A8F6 * C:\Windows\Installer\$PatchCache$\Managed\433AE891F3A82BC4D916C6018B61A8F6\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\4BF1F1488FDFC1644A69E3C1DF480C5B * C:\Windows\Installer\$PatchCache$\Managed\4BF1F1488FDFC1644A69E3C1DF480C5B\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\5DB8CED64757AF740B0894B2BB2EEF3A * C:\Windows\Installer\$PatchCache$\Managed\5DB8CED64757AF740B0894B2BB2EEF3A\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722 * C:\Windows\Installer\$PatchCache$\Managed\675B0CE09F093C34F8DA4A09D24F8B4F * C:\Windows\Installer\$PatchCache$\Managed\675B0CE09F093C34F8DA4A09D24F8B4F\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\7430F8847A4C4734197A0318B8DE7A01 * C:\Windows\Installer\$PatchCache$\Managed\7430F8847A4C4734197A0318B8DE7A01\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\80319B0A66669424F86FE111FA7DF51E * C:\Windows\Installer\$PatchCache$\Managed\80319B0A66669424F86FE111FA7DF51E\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\88C162D0B454EF644BB346E026B1AD11 * C:\Windows\Installer\$PatchCache$\Managed\88C162D0B454EF644BB346E026B1AD11\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\90663BC66A3EC6443A1C7CE113D1B2C9 * C:\Windows\Installer\$PatchCache$\Managed\90663BC66A3EC6443A1C7CE113D1B2C9\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\AD29A9B3473627846B6452F38126D4F5 * C:\Windows\Installer\$PatchCache$\Managed\AD29A9B3473627846B6452F38126D4F5\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\AEA7747775758D74B83339F9348D2281 * C:\Windows\Installer\$PatchCache$\Managed\AEA7747775758D74B83339F9348D2281\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\BC67EDCFD98923E47993A672D2B2E07D * C:\Windows\Installer\$PatchCache$\Managed\BC67EDCFD98923E47993A672D2B2E07D\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\C2CEB8632A7B26742931D248565D33AC * C:\Windows\Installer\$PatchCache$\Managed\C2CEB8632A7B26742931D248565D33AC\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\CA65D7133BD05F8429A92430D2CAA97D * C:\Windows\Installer\$PatchCache$\Managed\CA65D7133BD05F8429A92430D2CAA97D\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\CBEE5117B7ADC4348BC1AEB562AEA949 * C:\Windows\Installer\$PatchCache$\Managed\CBEE5117B7ADC4348BC1AEB562AEA949\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\CC973E50626FD7E438456483563B30FB * C:\Windows\Installer\$PatchCache$\Managed\CC973E50626FD7E438456483563B30FB\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\CFE4A58E2F28EEC4A8E826DFDA53A366 * C:\Windows\Installer\$PatchCache$\Managed\CFE4A58E2F28EEC4A8E826DFDA53A366\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\D724708686D803D4FAB5B0838F9F848C * C:\Windows\Installer\$PatchCache$\Managed\D724708686D803D4FAB5B0838F9F848C\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0 * C:\Windows\Installer\$PatchCache$\Managed\D791992DAEDC6A143A365F23ED1441DF * C:\Windows\Installer\$PatchCache$\Managed\D791992DAEDC6A143A365F23ED1441DF\15.4.3508 * C:\Windows\Installer\$PatchCache$\Managed\D8D1423071227F24F9BCA6861D141CD4 * C:\Windows\Installer\$PatchCache$\Managed\D8D1423071227F24F9BCA6861D141CD4\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\D8E6EAF9686E5F945A47A085FD9D85C0 * C:\Windows\Installer\$PatchCache$\Managed\D8E6EAF9686E5F945A47A085FD9D85C0\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\DA84FEAD8C9839A41BDD547B4EBF0617 * C:\Windows\Installer\$PatchCache$\Managed\DA84FEAD8C9839A41BDD547B4EBF0617\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\DBE289B7710D7254FBA1CF84E96C1B00 * C:\Windows\Installer\$PatchCache$\Managed\DBE289B7710D7254FBA1CF84E96C1B00\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04 * C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\E5CD0C84A0282F4498E0926BE8DDC387 * C:\Windows\Installer\$PatchCache$\Managed\E5CD0C84A0282F4498E0926BE8DDC387\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\E807A14A6EB3165458D54420C7C10F8F * C:\Windows\Installer\$PatchCache$\Managed\E807A14A6EB3165458D54420C7C10F8F\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\E888F0737A241194E943D74736E271BE * C:\Windows\Installer\$PatchCache$\Managed\E888F0737A241194E943D74736E271BE\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\EC9BCB90B469ADB4EA645B0ABAFED1F3 * C:\Windows\Installer\$PatchCache$\Managed\EC9BCB90B469ADB4EA645B0ABAFED1F3\1.0.0 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\F1F913432FC79CC43B75A17E2DFFA35C * C:\Windows\Installer\$PatchCache$\Managed\F1F913432FC79CC43B75A17E2DFFA35C\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\F9B7C1D7447288341B82C5578BCBCC48 * C:\Windows\Installer\$PatchCache$\Managed\F9B7C1D7447288341B82C5578BCBCC48\15.4.3502 * C:\Windows\Installer\$PatchCache$\Managed\FB3C816B2415036418DD9F86469FC7E7 * C:\Windows\Installer\$PatchCache$\Managed\FB3C816B2415036418DD9F86469FC7E7\15.4.3502 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies * C:\Windows\winsxs\Temp\PendingDeletes Finished scanning the C:\ drive. 201 hidden items found. Scanning the D:\ drive * D:\$RECYCLE.BIN * D:\$RECYCLE.BIN\S-1-5-21-1744270960-2220387155-2936850786-1000 * D:\$RECYCLE.BIN\S-1-5-21-1744270960-2220387155-2936850786-500 * D:\$RECYCLE.BIN\S-1-5-21-4018556152-950672434-2018225997-1000 * D:\$RECYCLE.BIN\S-1-5-21-4018556152-950672434-2018225997-500 * D:\System Volume Information Finished scanning the D:\ drive. 6 hidden items found. Program finished at: 04/14/2013 04:40:39 PM Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s) ROGUEKILLER LOGS- for some reason there are 6 of them from one time running it just now- NOTE HIDDEN PARTITION AND REGISTRY KEYS DELETED RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Admin rights] Mode : DNSFix -- Date : 04/14/2013 16:48:37 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ Finished : << RKreport[1]_DN_04142013_02d1648.txt >> RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Admin rights] Mode : HOSTSFix -- Date : 04/14/2013 16:48:45 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ Reset HOSTS: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[3]_H_04142013_02d1648.txt >> RKreport[1]_DN_04142013_02d1648.txt ; RKreport[2]_PR_04142013_02d1648.txt ; RKreport[3]_H_04142013_02d1648.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Admin rights] Mode : Scan -- Date : 04/14/2013 16:51:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 5f7db7d1829f2f70d0840ccc08aee004 [BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 128028 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 314632192 | Size: 151615 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_S_04142013_02d1651.txt >> RKreport[1]_DN_04142013_02d1648.txt ; RKreport[2]_PR_04142013_02d1648.txt ; RKreport[3]_H_04142013_02d1648.txt ; RKreport[4]_S_04142013_02d1651.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Admin rights] Mode : Shortcuts HJfix -- Date : 04/14/2013 16:51:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 0 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 2 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 21 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 80 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped Finished : << RKreport[5]_SC_04142013_02d1651.txt >> RKreport[1]_DN_04142013_02d1648.txt ; RKreport[2]_PR_04142013_02d1648.txt ; RKreport[3]_H_04142013_02d1648.txt ; RKreport[4]_S_04142013_02d1651.txt ; RKreport[5]_SC_04142013_02d1651.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Admin rights] Mode : Remove -- Date : 04/14/2013 16:53:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 5f7db7d1829f2f70d0840ccc08aee004 [BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 128028 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 314632192 | Size: 151615 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[6]_D_04142013_02d1653.txt >> RKreport[1]_DN_04142013_02d1648.txt ; RKreport[2]_PR_04142013_02d1648.txt ; RKreport[3]_H_04142013_02d1648.txt ; RKreport[4]_S_04142013_02d1651.txt ; RKreport[5]_SC_04142013_02d1651.txt ; RKreport[6]_D_04142013_02d1653.txt

#15 Kitkat1

Kitkat1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 14 April 2013 - 05:21 PM

I could not get combofix to run except in safe mode, same as gmer.

Here is the combofix log I just ran in safe mode


ComboFix 13-04-14.01 - user 04/14/2013 17:56:06.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.3307 [GMT -4:00]
Running from: c:\users\user\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14

)))))))))))))))))))))))))))))))
.
.
2013-04-14 22:04 . 2013-04-14 22:04 -------- d-----w- c:\users\Default\AppData

\Local\temp
2013-04-14 21:03 . 2013-04-14 21:03 -------- d-----w- c:\program files

(x86)\Trend Micro
2013-04-14 20:42 . 2013-04-14 22:03 -------- d-----w- c:\windows

\system32\catroot2
2013-04-14 20:41 . 2013-04-14 20:41 -------- d-----w- C:\TEMP
2013-04-14 20:15 . 2013-04-14 20:15 1038 ----a-w- C:\temp499.bat
2013-04-14 20:13 . 2013-04-14 20:13 1153 ----a-w- C:\temp186.bat
2013-04-14 19:51 . 2013-04-14 21:12 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-14 16:37 . 2013-04-14 21:12 -------- d-----w- C:

\filefolderwithmiscfilesapr14
2013-04-14 16:31 . 2013-04-14 16:31 -------- d-----w- c:\windows\Profiles
2013-04-14 15:47 . 2013-04-14 19:54 -------- d-----w- c:\windows\SysWow64\wbem

\Performance
2013-04-14 13:46 . 2013-04-14 13:46 -------- d-----w- C:\ASUS WebStorage
2013-04-14 13:34 . 2013-04-14 13:34 -------- d-----w- c:\program files

(x86)\Tweaking.com
2013-04-13 20:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-04-13 20:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-04-13 20:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-04-13 20:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-04-13 20:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-04-13 20:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-04-13 20:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-04-13 20:30 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-04-13 20:30 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-04-13 20:30 . 2013-04-13 20:30 -------- d-----w- c:\program files\ESET
2013-04-13 20:03 . 2013-04-13 20:05 -------- d-----w- c:\program files

(x86)\CyberLink
2013-04-13 20:03 . 2013-04-13 20:03 -------- d-----w- c:\programdata\CyberLink
2013-04-13 20:03 . 2013-04-13 20:03 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-04-13 20:01 . 2011-03-03 23:57 379520 ----a-w- c:\windows\system32\FBAgent.exe
2013-04-13 20:01 . 2013-04-13 20:01 520192 ----a-w- c:\windows

\SysWow64\ASUS_Screensaver.scr
2013-04-13 20:01 . 2013-04-13 20:01 -------- d-----w- c:\windows

\SysWow64\ASUS_Screensaver dir
2013-04-13 20:01 . 2013-04-13 20:01 3058304 ----a-w- c:\windows\AsScrPro.exe
2013-04-13 20:01 . 2012-02-21 21:49 162456 ----a-w- c:\windows\SysWow64\ACEngSvr.exe
2013-04-13 20:01 . 2012-02-17 01:06 217216 ----a-w- c:\program files\Windows Sidebar

\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll
2013-04-13 20:00 . 2010-08-03 22:30 196224 ----a-w- c:\program files\Windows Sidebar

\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2013-04-13 20:00 . 2013-04-13 20:01 -------- d-----w- c:\program files\ASUS
2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\programdata\P4G
2013-04-13 20:00 . 2012-02-04 04:57 1838656 ----a-w- c:\windows\system32\drivers

\netr28x.sys
2013-04-13 20:00 . 2012-01-11 16:11 327008 ----a-w- c:\windows\system32\RaCoInstx.dll
2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\programdata\Ralink

Driver
2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\programdata\SonicFocus
2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\program files\Realtek
2013-04-13 19:57 . 2013-04-13 19:57 -------- d-----w- c:\programdata\AmUStor
2013-04-13 19:57 . 2013-04-13 19:57 -------- d-----w- c:\program files

(x86)\AmIcoSingLun
2013-04-13 19:56 . 2013-04-13 19:56 -------- d-----w- c:\program files

(x86)\ASM104xUSB3
2013-04-13 19:56 . 2013-04-13 19:56 -------- d-----w- c:\program files

\Synaptics
2013-04-13 19:55 . 2010-12-21 01:08 8192 ----a-w- c:\windows\system32\drivers

\IntelMEFWVer.dll
2013-04-13 19:55 . 2013-04-13 19:55 -------- d-----w- c:\program files

(x86)\Common Files\postureAgent
2013-04-13 19:55 . 2010-10-19 23:34 56344 ----a-w- c:\windows\system32\drivers

\HECIx64.sys
2013-04-13 19:55 . 2013-04-13 20:05 -------- d-----w- c:\program files

(x86)\InstallShield Installation Information
2013-04-13 19:55 . 2013-04-13 19:55 -------- d-----w- c:\program files\Common

Files\Intel
2013-04-13 19:55 . 2013-04-13 19:55 -------- d-----w- c:\program files

(x86)\Common Files\Intel
2013-04-13 19:54 . 2013-04-13 19:55 -------- d-----w- c:\program files

(x86)\Intel
2013-04-13 19:54 . 2011-07-29 06:15 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-04-13 19:54 . 2013-04-13 19:55 -------- d-----w- C:\Intel
2013-04-13 19:52 . 2011-01-28 19:03 180736 ----a-w- c:\windows\system32\ifsutil.dll
2013-04-13 19:52 . 2011-01-28 05:46 148992 ----a-w- c:\windows\SysWow64\ifsutil.dll
2013-04-13 19:52 . 2010-12-29 10:57 951680 ----a-w- c:\windows\system32\drivers

\ndis.sys
2013-04-13 19:47 . 2013-04-13 20:01 -------- d-----w- C:\eSupport
2013-04-13 19:45 . 2013-03-19 09:50 9311288 ----a-w- c:\programdata\Microsoft\Windows

Defender\Definition Updates\{02A314F1-6539-47E1-B4FB-81D65EB3D6D5}\mpengine.dll
2013-04-13 19:45 . 2013-03-12 05:10 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 19:35 . 2013-04-13 19:35 -------- d-----w- c:\programdata

\Malwarebytes
2013-04-13 19:35 . 2013-04-13 19:35 -------- d-----w- c:\program files

(x86)\Malwarebytes' Anti-Malware
2013-04-13 19:35 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers

\mbam.sys
2013-04-13 17:59 . 2013-04-13 17:59 -------- d-----w- c:\programdata\FolderView
2013-04-13 17:59 . 2013-04-14 18:49 -------- d-----w- C:\ASUS.DAT
2013-04-13 17:59 . 2013-04-14 20:44 -------- d-----w- c:\users\user
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 15:07 . 2013-02-20 15:07 213416 ----a-w- c:\windows\system32\drivers

\eamonm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011

-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10

984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19

105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19

2319536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-18

549040]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-

7CEF13914131}\_77B5857C27147149171BE7.exe [2013-4-13 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI

\atkwmiacpi64.sys [2011-09-07 17536]
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-20 213416]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03

15416]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB

\InsOnSrv.exe [2012-02-17 277120]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-03-21 1341664]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-01-10 139768]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files

(x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

[2012-02-04 1838656]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

[2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20

31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh

\wlcrasvc.exe [2010-09-23 57184]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows

\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer

\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage

\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer

\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage

\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bleepingcomputer.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
Completion time: 2013-04-14 18:06:33
ComboFix-quarantined-files.txt 2013-04-14 22:06
.
Pre-Run: 96,754,814,976 bytes free
Post-Run: 96,603,901,952 bytes free
.
- - End Of File - - 8400D1608E3517477DF30BCE3DF6D545


Here is the OTL scan that I also could only run in SAFE MODE, I just ran it with the settings as opened, but I did check RUN SCAN FOR ALL USERS.

OTL logfile created on: 4/14/2013 5:14:22 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user

\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type

= NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date

Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.55 Gb Available Physical Memory |

65.20% Memory free
7.81 Gb Paging File | 6.13 Gb Available in Paging File | 78.43% Paging

File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:

\Program Files (x86)
Drive C: | 125.03 Gb Total Space | 90.51 Gb Free Space | 72.39% Space

Free | Partition Type: NTFS
Drive D: | 148.06 Gb Total Space | 147.97 Gb Free Space | 99.94% Space

Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company

Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/14 09:30:39 | 000,816,128 | ---- | M] () -- C:\Users

\user\Downloads\RogueKiller.exe
PRC - [2013/04/14 09:29:04 | 000,602,112 | ---- | M] (OldTimer Tools)

-- C:\Users\user\Downloads\OTL.exe
PRC - [2013/04/13 16:01:26 | 003,058,304 | ---- | M] (ASUS) -- C:

\Windows\AsScrPro.exe
PRC - [2013/04/01 21:39:54 | 001,908,736 | ---- | M] (Tweaking.com) --

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in

One)\Repair_Windows.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:

\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012/02/21 17:49:04 | 000,102,568 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/02/21 17:49:00 | 000,162,456 | ---- | M] (ASUSTeK) -- C:

\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/02/16 21:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/02/16 21:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2011/12/23 19:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer

Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey

\HControl.exe
PRC - [2011/12/22 22:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer

Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/11/07 23:02:58 | 001,036,344 | ---- | M] (Google Inc.) --

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/10/24 20:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2011/10/18 21:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel

Corporation) -- C:\Program Files (x86)\Intel\Intel® Management

Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel

Corporation) -- C:\Program Files (x86)\Intel\Intel® Management

Engine Components\LMS\LMS.exe
PRC - [2010/08/20 12:57:06 | 000,107,816 | ---- | M] (CyberLink) --

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010/07/10 01:45:00 | 000,984,400 | ---- | M] (Virage Logic

Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus

\SonicFocusTray.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:

\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/21 17:49:00 | 000,009,216 | ---- | M] () -- C:\Program

Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/11/07 23:02:56 | 000,420,920 | ---- | M] () -- C:\Program

Files (x86)\Google\Chrome\Application

\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 23:02:55 | 003,702,840 | ---- | M] () -- C:\Program

Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 23:01:20 | 000,122,952 | ---- | M] () -- C:\Program

Files (x86)\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 23:01:19 | 000,222,280 | ---- | M] () -- C:\Program

Files (x86)\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 23:01:17 | 001,746,504 | ---- | M] () -- C:\Program

Files (x86)\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2010/08/20 12:57:06 | 000,619,816 | ---- | M] () -- C:\Program

Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 12:57:00 | 000,013,096 | ---- | M] () -- C:\Program

Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/07/12 14:11:54 | 001,163,264 | ---- | M] () -- C:\Program

Files (x86)\ASUS\Wireless Console 3\acAuth.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M]

(ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/03/03 19:57:58 | 000,379,520 | ---- | M]

(ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative

\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M]

(Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files

\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M]

(Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows

Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/16 21:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto |

Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

-- (ASUS InstantOn)
SRV - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto |

Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey

\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto |

Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX

\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel

Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel®

Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel

Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel®

Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft

Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft

Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET

\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========



DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M]

(ESET) [File_System | System | Running] -- C:\Windows\SysNative

\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M]

(ESET) [Kernel | Auto | Stop_Pending] -- C:\Windows\SysNative\drivers

\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M]

(ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers

\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/02/18 02:50:33 | 000,107,904 | ---- | M]

(Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/18 02:50:33 | 000,027,008 | ---- | M]

(Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows

\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/04 00:57:58 | 001,838,656 | ---- | M]

(Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/11/22 18:21:46 | 000,395,752 | ---- | M]

(ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/22 18:21:46 | 000,130,024 | ---- | M]

(ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/11/03 06:09:48 | 000,317,440 | ---- | M]

(Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/03 06:09:22 | 012,310,112 | ---- | M]

(Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 19:37:54 | 000,048,488 | ---- | M]

(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/05 08:32:56 | 001,439,792 | ---- | M]

(Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/25 23:07:36 | 000,557,848 | ---- | M]

(Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative

\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 09:33:36 | 000,078,720 | ---- | M]

(Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:06 | 000,059,392 | ---- | M]

(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:07:06 | 000,031,232 | ---- | M]

(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M]

(Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows

\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 05:55:44 | 000,076,912 | ---- | M]

(Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:

\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( )

[Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M]

(AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M]

(LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M]

(Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows

\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M]

(Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M]

(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M]

(Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M]

(LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M]

(Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] --

C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M]

(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M]

(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M]

(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows

\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M]

(Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M]

(Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:

\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 12:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel |

System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK

WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft

Corporation) [File_System | On_Demand | Stopped] -- C:\Windows

\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel |

Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX

\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========




========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer

\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776

-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-

E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}

&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion

\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:

\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-

E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:

"URL" = http://www.bing.com/search?q={searchTerms}

&form=ASUTDF&pc=NP06&src=IE-SearchBox






IE - HKU\S-1-5-21-1744270960-2220387155-2936850786-1000\SOFTWARE

\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://asus.msn.com
IE - HKU\S-1-5-21-1744270960-2220387155-2936850786-1000\SOFTWARE

\Microsoft\Internet Explorer\Main,Start Page =

http://www.bleepingcomputer.com/
IE - HKU\S-1-5-21-1744270960-2220387155-2936850786-1000\..

\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1744270960-2220387155-2936850786-1000\Software

\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows

\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:

C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll (

Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins

\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins

\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google

Update;version=3: C:\Program Files (x86)\Google\Update

\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google

Update;version=9: C:\Program Files (x86)\Google\Update

\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions

\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA

THUNDERBIRD [2013/04/13 16:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\

\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla

Thunderbird [2013/04/13 16:30:24 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?

{google:RLZ}{google:acceptedSuggestion}

{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}

{google:instantFieldTrialGroupParameter}sourceid=chrome&ie=

{inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}

search?{google:searchFieldtrialParameter}

{google:instantFieldTrialGroupParameter}client=chrome&hl={language}

&q={searchTerms}
CHR - homepage: http://www.bleepingcomputer.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files

(x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows

\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe

\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files

(x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google

\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files

(x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google

\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program

Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2013/04/14 16:48:45 | 000,000,841 | ---- | M]) - C:

\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID

value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files

(x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32

Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative

\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative

\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek

\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files

\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE

(ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS

WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package

\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package

\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK

Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic

Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS

\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows

Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows

Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:

ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:

ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer

\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer

\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer

\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer

\Restrictions present
O7 - HKU\S-1-5-21-1744270960-2220387155-2936850786-1000\Software

\Policies\Microsoft\Internet Explorer\Restrictions present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8C1952-

59A1-476A-86CC-5978B11B7C7D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:

\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows

\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft

Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows

\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows

\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -

C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-

00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No

CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows:

(ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows:

(ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days

==========


[2013/04/14 17:03:09 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/04/14 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Trend Micro
[2013/04/14 16:42:53 | 000,000,000 | ---D | C] -- C:\Windows

\SysNative\catroot2
[2013/04/14 16:41:07 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/04/14 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\RK_Quarantine
[2013/04/14 15:51:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:

\Windows\PSEXESVC.EXE
[2013/04/14 14:46:11 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Safemodeapr14Traceroute, Ping, Domain Name Server (DNS)

Lookup, WHOIS trace 64.201.57.120_files
[2013/04/14 13:48:49 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\renamedfiles
[2013/04/14 12:56:56 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\rkill
[2013/04/14 12:37:57 | 000,000,000 | ---D | C] -- C:

\filefolderwithmiscfilesapr14
[2013/04/14 12:31:42 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013/04/14 12:27:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/14 12:15:17 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\TCP and UDP Ports Explained_files
[2013/04/14 12:12:22 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Battling the Google Redirect virus TechRepublic_files
[2013/04/14 12:12:07 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Google redirect notice - how to make it... Apple Support

Communities_files
[2013/04/14 12:12:00 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Google Redirect Issues Apple Support Communities_files
[2013/04/14 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\I am having trouble with a redirect... Apple Support

Communities_files
[2013/04/14 12:11:49 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Browser Hijack Redirect Yahoo YQL... Apple Support

Communities_files
[2013/04/14 12:11:42 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Google redirect issue Apple Support Communities_files
[2013/04/14 11:53:24 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\DNS Lookup for 25.1.45.167 DomainTools_files
[2013/04/14 11:52:17 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\DNS Lookup for 23.30.206.33 DomainTools_files
[2013/04/14 11:48:40 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\DomainTools.net - DomainTools.htm apr14_files
[2013/04/14 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Traceroute for 64.201.57.120 DomainTools_files
[2013/04/14 11:47:20 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\64.201.57.1 IP Address WHOIS DomainTools.com_files
[2013/04/14 11:46:43 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\My IP Address Learn Your Own IP Address DomainTools_files
[2013/04/14 11:46:26 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\DNS Lookup for 216.237.3.33 DomainTools_files
[2013/04/14 11:38:11 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\Security Snapshots Malware Myths_files
[2013/04/14 09:46:32 | 000,000,000 | ---D | C] -- C:\ASUS WebStorage
[2013/04/14 09:43:20 | 000,000,000 | ---D | C] -- C:\Users\user

\Desktop\miscellaneous
[2013/04/14 09:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/14 09:34:10 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Tweaking.com
[2013/04/14 09:22:49 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\Macromedia
[2013/04/14 09:22:48 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\Adobe
[2013/04/14 09:21:24 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\Google
[2013/04/13 16:31:09 | 002,622,464 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wucltux.dll
[2013/04/13 16:31:09 | 000,057,880 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wuauclt.exe
[2013/04/13 16:31:09 | 000,044,056 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wups2.dll
[2013/04/13 16:30:58 | 000,701,976 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wuapi.dll
[2013/04/13 16:30:58 | 000,099,840 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wudriver.dll
[2013/04/13 16:30:58 | 000,038,424 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wups.dll
[2013/04/13 16:30:53 | 000,186,752 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wuwebv.dll
[2013/04/13 16:30:53 | 000,036,864 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\wuapp.exe
[2013/04/13 16:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/13 16:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/13 16:30:23 | 000,000,000 | ---D | C] -- C:\Program Files

\ESET
[2013/04/13 16:27:26 | 000,254,152 | ---- | C] (Secure By Design Inc.)

-- C:\Users\user\Desktop\Ninite Malwarebytes Installer.exe
[2013/04/13 16:27:15 | 001,263,344 | ---- | C] (ESET) -- C:\Users

\user\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/04/13 16:26:55 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\ASUS WebStorage
[2013/04/13 16:05:16 | 000,000,000 | R--D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[2013/04/13 16:03:52 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\CyberLink
[2013/04/13 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/04/13 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData

\CyberLink
[2013/04/13 16:01:46 | 000,379,520 | ---- | C] (ASUSTeK Computer Inc.)

-- C:\Windows\SysNative\FBAgent.exe
[2013/04/13 16:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\ASUS Utility
[2013/04/13 16:01:29 | 000,520,192 | ---- | C] (ScreenTime Media) --

C:\Windows\SysWow64\ASUS_Screensaver.scr
[2013/04/13 16:01:29 | 000,000,000 | ---D | C] -- C:\Windows

\SysWow64\ASUS_Screensaver dir
[2013/04/13 16:01:26 | 003,058,304 | ---- | C] (ASUS) -- C:\Windows

\AsScrPro.exe
[2013/04/13 16:01:19 | 000,162,456 | ---- | C] (ASUSTeK) -- C:

\Windows\SysWow64\ACEngSvr.exe
[2013/04/13 16:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2013/04/13 16:00:51 | 000,000,000 | ---D | C] -- C:\Program Files

\ASUS
[2013/04/13 16:00:27 | 001,838,656 | ---- | C] (Ralink Technology,

Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2013/04/13 16:00:27 | 000,327,008 | ---- | C] (Ralink Technology,

Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2013/04/13 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData

\Ralink Driver
[2013/04/13 16:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp
[2013/04/13 16:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData

\SonicFocus
[2013/04/13 16:00:05 | 000,000,000 | ---D | C] -- C:\Windows

\SysWow64\RTCOM
[2013/04/13 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files

\Realtek
[2013/04/13 15:59:53 | 002,604,376 | ---- | C] (Waves Audio Ltd.) --

C:\Windows\SysNative\WavesGUILib.dll
[2013/04/13 15:59:53 | 002,519,656 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/04/13 15:59:53 | 001,560,168 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013/04/13 15:59:53 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:

\Windows\SysNative\SRSTSX64.dll
[2013/04/13 15:59:53 | 000,332,392 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013/04/13 15:59:53 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:

\Windows\SysNative\SFNHK64.dll
[2013/04/13 15:59:53 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:

\Windows\SysNative\SRSTSH64.dll
[2013/04/13 15:59:53 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:

\Windows\SysNative\SRSHP64.dll
[2013/04/13 15:59:53 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) --

C:\Windows\SysNative\SFProc64.dll
[2013/04/13 15:59:53 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:

\Windows\SysNative\SRSWOW64.dll
[2013/04/13 15:59:53 | 000,149,608 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013/04/13 15:59:53 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) --

C:\Windows\SysNative\SFComm64.dll
[2013/04/13 15:59:53 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) --

C:\Windows\SysNative\SFSAPO64.dll
[2013/04/13 15:59:53 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) --

C:\Windows\SysNative\SFHAPO64.dll
[2013/04/13 15:59:53 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) --

C:\Windows\SysNative\SFDAPO64.dll
[2013/04/13 15:59:53 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:

\Windows\SysNative\SFCOM64.dll
[2013/04/13 15:59:53 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:

\Windows\SysNative\SFAPO64.dll
[2013/04/13 15:59:53 | 000,074,064 | ---- | C] (Virage Logic

Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013/04/13 15:59:52 | 003,201,128 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/04/13 15:59:52 | 001,881,704 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013/04/13 15:59:52 | 001,510,912 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013/04/13 15:59:52 | 001,247,848 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013/04/13 15:59:52 | 000,375,128 | ---- | C] (Dolby Laboratories,

Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/04/13 15:59:52 | 000,310,104 | ---- | C] (Dolby Laboratories,

Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/04/13 15:59:52 | 000,310,104 | ---- | C] (Dolby Laboratories,

Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/04/13 15:59:52 | 000,204,120 | ---- | C] (Dolby Laboratories,

Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/04/13 15:59:52 | 000,101,208 | ---- | C] (Dolby Laboratories,

Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/04/13 15:59:52 | 000,097,896 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013/04/13 15:59:52 | 000,078,680 | ---- | C] (Dolby Laboratories,

Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/04/13 15:59:51 | 002,132,824 | ---- | C] (Waves Audio Ltd.) --

C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/04/13 15:59:51 | 000,318,808 | ---- | C] (Waves Audio Ltd.) --

C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/04/13 15:59:50 | 002,085,440 | ---- | C] (Fortemedia

Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/04/13 15:59:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSS2SpeakerDLL64.dll
[2013/04/13 15:59:49 | 001,568,360 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSS2HeadphoneDLL64.dll
[2013/04/13 15:59:49 | 001,486,952 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSBoostDLL64.dll
[2013/04/13 15:59:49 | 000,728,680 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSBassEnhancementDLL64.dll
[2013/04/13 15:59:49 | 000,693,352 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSVoiceClarityDLL64.dll
[2013/04/13 15:59:49 | 000,491,112 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSNeoPCDLL64.dll
[2013/04/13 15:59:49 | 000,432,744 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSLimiterDLL64.dll
[2013/04/13 15:59:49 | 000,428,648 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSGainCompensatorDLL64.dll
[2013/04/13 15:59:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSLFXAPO64.dll
[2013/04/13 15:59:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows

\SysNative\DTSGFXAPO64.dll
[2013/04/13 15:59:49 | 000,200,800 | ---- | C] (Andrea Electronics

Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/04/13 15:59:49 | 000,108,960 | ---- | C] (Andrea Electronics

Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013/04/13 15:59:49 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Temp
[2013/04/13 15:59:49 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Realtek
[2013/04/13 15:59:48 | 001,698,408 | ---- | C] (Realtek Semiconductor

Corp.) -- C:\Windows\RtlExUpd.dll
[2013/04/13 15:59:46 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Common Files\InstallShield
[2013/04/13 15:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/04/13 15:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData

\AmUStor
[2013/04/13 15:57:32 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\AmIcoSingLun
[2013/04/13 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\ASM104xUSB3
[2013/04/13 15:56:25 | 000,000,000 | ---D | C] -- C:\Program Files

\Synaptics
[2013/04/13 15:55:49 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Common Files\postureAgent
[2013/04/13 15:55:45 | 000,056,344 | ---- | C] (Intel Corporation) --

C:\Windows\SysNative\drivers\HECIx64.sys
[2013/04/13 15:55:44 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\InstallShield Installation Information
[2013/04/13 15:55:38 | 000,000,000 | R--D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Intel
[2013/04/13 15:55:36 | 000,000,000 | ---D | C] -- C:\Program Files

\Common Files\Intel
[2013/04/13 15:55:34 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Common Files\Intel
[2013/04/13 15:54:29 | 000,053,248 | ---- | C] (Windows XP Bundled

build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/04/13 15:54:29 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Intel
[2013/04/13 15:54:17 | 000,000,000 | ---D | C] -- C:\Intel
[2013/04/13 15:52:55 | 000,180,736 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysNative\ifsutil.dll
[2013/04/13 15:52:55 | 000,148,992 | ---- | C] (Microsoft Corporation)

-- C:\Windows\SysWow64\ifsutil.dll
[2013/04/13 15:47:54 | 000,000,000 | -HSD | C] -- C:\System Volume

Information
[2013/04/13 15:47:08 | 000,000,000 | ---D | C] -- C:\eSupport
[2013/04/13 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\Malwarebytes
[2013/04/13 15:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/13 15:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData

\Malwarebytes
[2013/04/13 15:35:55 | 000,025,928 | ---- | C] (Malwarebytes

Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/13 15:35:55 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\Programs
[2013/04/13 15:35:55 | 000,000,000 | ---D | C] -- C:\Program Files

(x86)\Malwarebytes' Anti-Malware
[2013/04/13 14:02:44 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\Power2Go
[2013/04/13 14:02:26 | 000,000,000 | R--D | C] -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/13 14:02:26 | 000,000,000 | R--D | C] -- C:\Users\user

\Searches
[2013/04/13 14:02:26 | 000,000,000 | R--D | C] -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative

Tools
[2013/04/13 14:02:26 | 000,000,000 | ---D | C] -- C:\Users\user

\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/13 14:02:18 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\Identities
[2013/04/13 14:02:15 | 000,000,000 | R--D | C] -- C:\Users\user

\Contacts
[2013/04/13 14:02:11 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\VirtualStore
[2013/04/13 13:59:44 | 000,000,000 | R-SD | C] -- C:\Users\Public

\Desktop\ASUS
[2013/04/13 13:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData

\FolderView
[2013/04/13 13:59:43 | 000,000,000 | ---D | C] -- C:\ASUS.DAT
[2013/04/13 13:59:31 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\ASUS
[2013/04/13 13:59:29 | 000,000,000 | --SD | C] -- C:\Users\user

\AppData\Roaming\Microsoft
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user\Saved

Games
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\Pictures
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\Favorites
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\Downloads
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\Documents
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\Desktop
[2013/04/13 13:59:29 | 000,000,000 | R--D | C] -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\AppData\Local\Temporary Internet Files
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\Templates
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user\Start

Menu
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\PrintHood
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\NetHood
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\Documents\My Videos
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\Documents\My Pictures
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\Documents\My Music
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user\My

Documents
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user\Local

Settings
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\AppData\Local\History
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\Cookies
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\Application Data
[2013/04/13 13:59:29 | 000,000,000 | -HSD | C] -- C:\Users\user

\AppData\Local\Application Data
[2013/04/13 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\Temp
[2013/04/13 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Local\Microsoft
[2013/04/13 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData\Roaming\Media Center Programs
[2013/04/13 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\user

\AppData

========== Files - Modified Within 30 Days ==========



[2013/04/14 17:12:35 | 000,181,064 | ---- | M] (Sysinternals) -- C:

\Windows\PSEXESVC.EXE
[2013/04/14 17:03:09 | 000,002,971 | ---- | M] () -- C:\Users\user

\Desktop\HiJackThis.lnk
[2013/04/14 16:48:45 | 000,000,841 | ---- | M] () -- C:\Windows

\SysNative\drivers\etc\hosts
[2013/04/14 16:15:45 | 000,001,038 | ---- | M] () -- C:\temp499.bat
[2013/04/14 16:13:11 | 000,001,153 | ---- | M] () -- C:\temp186.bat
[2013/04/14 15:55:53 | 000,714,318 | ---- | M] () -- C:\Windows

\SysNative\prfh0816.dat
[2013/04/14 15:55:53 | 000,394,984 | ---- | M] () -- C:\Windows

\SysNative\prfh0404.dat
[2013/04/14 15:55:53 | 000,370,432 | ---- | M] () -- C:\Windows

\SysNative\prfh0804.dat
[2013/04/14 15:55:53 | 000,147,300 | ---- | M] () -- C:\Windows

\SysNative\prfc0816.dat
[2013/04/14 15:55:53 | 000,116,606 | ---- | M] () -- C:\Windows

\SysNative\prfc0404.dat
[2013/04/14 15:55:53 | 000,114,466 | ---- | M] () -- C:\Windows

\SysNative\prfc0804.dat
[2013/04/14 15:55:52 | 000,730,782 | ---- | M] () -- C:\Windows

\SysNative\perfh00C.dat
[2013/04/14 15:55:52 | 000,730,626 | ---- | M] () -- C:\Windows

\SysNative\perfh00A.dat
[2013/04/14 15:55:52 | 000,647,674 | ---- | M] () -- C:\Windows

\SysNative\perfh009.dat
[2013/04/14 15:55:52 | 000,152,736 | ---- | M] () -- C:\Windows

\SysNative\perfc00A.dat
[2013/04/14 15:55:52 | 000,143,704 | ---- | M] () -- C:\Windows

\SysNative\perfc00C.dat
[2013/04/14 15:55:52 | 000,116,606 | ---- | M] () -- C:\Windows

\SysNative\perfc009.dat
[2013/04/14 15:55:50 | 004,432,860 | ---- | M] () -- C:\Windows

\SysNative\PerfStringBackup.INI
[2013/04/14 15:55:13 | 004,432,860 | ---- | M] () -- C:\Windows

\SysWow64\PerfStringBackup.INI
[2013/04/14 14:55:46 | 000,009,696 | ---- | M] () -- C:\Windows

\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-

439d-8115-601632D005A0
[2013/04/14 14:55:46 | 000,009,696 | ---- | M] () -- C:\Windows

\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-

439d-8115-601632D005A0
[2013/04/14 14:49:40 | 000,000,387 | ---- | M] () -- C:\Users\user

\AppData\Roaming\sp_data.sys
[2013/04/14 14:49:00 | 000,067,584 | --S- | M] () -- C:\Windows

\bootstat.dat
[2013/04/14 14:48:47 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 14:46:11 | 000,019,487 | ---- | M] () -- C:\Users\user

\Desktop\Safemodeapr14Traceroute, Ping, Domain Name Server (DNS)

Lookup, WHOIS trace 64.201.57.120.htm
[2013/04/14 12:27:43 | 000,274,320 | ---- | M] () -- C:\Windows

\SysNative\FNTCACHE.DAT
[2013/04/14 12:15:17 | 000,044,963 | ---- | M] () -- C:\Users\user

\Desktop\TCP and UDP Ports Explained.htm
[2013/04/14 12:12:21 | 000,164,780 | ---- | M] () -- C:\Users\user

\Desktop\Battling the Google Redirect virus TechRepublic.htm
[2013/04/14 12:12:07 | 000,091,800 | ---- | M] () -- C:\Users\user

\Desktop\Google redirect notice - how to make it... Apple Support

Communities.htm
[2013/04/14 12:12:00 | 000,083,862 | ---- | M] () -- C:\Users\user

\Desktop\Google Redirect Issues Apple Support Communities.htm
[2013/04/14 12:11:55 | 000,156,054 | ---- | M] () -- C:\Users\user

\Desktop\I am having trouble with a redirect... Apple Support

Communities.htm
[2013/04/14 12:11:49 | 000,128,390 | ---- | M] () -- C:\Users\user

\Desktop\Browser Hijack Redirect Yahoo YQL... Apple Support

Communities.htm
[2013/04/14 12:11:42 | 000,201,532 | ---- | M] () -- C:\Users\user

\Desktop\Google redirect issue Apple Support Communities.htm
[2013/04/14 11:57:49 | 000,036,650 | ---- | M] () -- C:\Users\user

\Desktop\About Memorychromeapr14.htm
[2013/04/14 11:53:24 | 000,016,833 | ---- | M] () -- C:\Users\user

\Desktop\DNS Lookup for 25.1.45.167 DomainTools.htm
[2013/04/14 11:52:17 | 000,016,846 | ---- | M] () -- C:\Users\user

\Desktop\DNS Lookup for 23.30.206.33 DomainTools.htm
[2013/04/14 11:48:40 | 000,056,225 | ---- | M] () -- C:\Users\user

\Desktop\DomainTools.net - DomainTools.htm apr14.htm
[2013/04/14 11:48:19 | 000,025,033 | ---- | M] () -- C:\Users\user

\Desktop\Traceroute for 64.201.57.120 DomainTools.htm
[2013/04/14 11:47:20 | 000,015,708 | ---- | M] () -- C:\Users\user

\Desktop\64.201.57.1 IP Address WHOIS DomainTools.com.htm
[2013/04/14 11:46:43 | 000,021,889 | ---- | M] () -- C:\Users\user

\Desktop\My IP Address Learn Your Own IP Address DomainTools.htm
[2013/04/14 11:46:26 | 000,016,966 | ---- | M] () -- C:\Users\user

\Desktop\DNS Lookup for 216.237.3.33 DomainTools.htm
[2013/04/14 11:38:11 | 000,086,720 | ---- | M] () -- C:\Users\user

\Desktop\Security Snapshots Malware Myths.htm
[2013/04/14 10:08:06 | 000,015,360 | ---- | M] () -- C:\Windows

\SysNative\umstartup.etl
[2013/04/14 09:57:09 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013/04/14 09:34:17 | 000,002,165 | ---- | M] () -- C:\Users\user

\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/04/13 23:58:02 | 000,007,642 | ---- | M] () -- C:\Users\user

\AppData\Local\resmon.resmoncfg
[2013/04/13 21:15:53 | 000,000,908 | ---- | M] () -- C:\Windows\tasks

\GoogleUpdateTaskMachineCore.job
[2013/04/13 21:15:51 | 000,000,912 | ---- | M] () -- C:\Windows\tasks

\GoogleUpdateTaskMachineUA.job
[2013/04/13 16:59:02 | 000,108,227 | ---- | M] () -- C:\Windows

\SysWow64\license.rtf
[2013/04/13 16:59:02 | 000,108,227 | ---- | M] () -- C:\Windows

\SysNative\license.rtf
[2013/04/13 16:37:22 | 000,001,362 | ---- | M] () -- C:\Windows

\SysNative\ServiceFilter.ini
[2013/04/13 16:37:21 | 000,001,818 | ---- | M] () -- C:\Windows

\SysNative\AutoRunFilter.ini
[2013/04/13 16:03:41 | 000,000,000 | ---- | M] () -- C:\Windows

\SysWow64\drivers\1043_ASUSTEK_K54C_V40_WIN7.MRK
[2013/04/13 16:03:18 | 000,045,056 | ---- | M] () -- C:\Windows

\SysWow64\acovcnt.exe
[2013/04/13 16:01:44 | 000,002,617 | ---- | M] () -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2013/04/13 16:01:29 | 000,520,192 | ---- | M] (ScreenTime Media) --

C:\Windows\SysWow64\ASUS_Screensaver.scr
[2013/04/13 16:01:26 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows

\AsScrPro.exe
[2013/04/13 16:01:08 | 000,000,716 | ---- | M] () -- C:\Users\Public

\Desktop\eManual.Lnk
[2013/04/13 16:00:18 | 000,002,745 | ---- | M] () -- C:\Users\Public

\Desktop\ASUS Sonic Focus.lnk
[2013/04/13 15:59:37 | 000,015,422 | ---- | M] () -- C:\Windows

\SysNative\results.xml
[2013/04/13 15:56:29 | 000,000,000 | ---- | M] () -- C:\Windows

\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/04/13 15:48:56 | 000,000,000 | ---- | M] () -- C:\Users\user

\Documents\Default.rdp
[2013/04/13 15:35:59 | 000,001,115 | ---- | M] () -- C:\Users\Public

\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 14:15:14 | 000,000,080 | ---- | M] () -- C:\Windows

\SysNative\Defrag.ini
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes

Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========



[2013/04/14 17:03:09 | 000,002,971 | ---- | C] () -- C:\Users\user

\Desktop\HiJackThis.lnk
[2013/04/14 16:15:45 | 000,001,038 | ---- | C] () -- C:\temp499.bat
[2013/04/14 16:13:11 | 000,001,153 | ---- | C] () -- C:\temp186.bat
[2013/04/14 15:50:43 | 000,000,042 | ---- | C] () -- C:

\repairs_running.dat
[2013/04/14 14:46:11 | 000,019,487 | ---- | C] () -- C:\Users\user

\Desktop\Safemodeapr14Traceroute, Ping, Domain Name Server (DNS)

Lookup, WHOIS trace 64.201.57.120.htm
[2013/04/14 12:15:16 | 000,044,963 | ---- | C] () -- C:\Users\user

\Desktop\TCP and UDP Ports Explained.htm
[2013/04/14 12:12:13 | 000,164,780 | ---- | C] () -- C:\Users\user

\Desktop\Battling the Google Redirect virus TechRepublic.htm
[2013/04/14 12:12:05 | 000,091,800 | ---- | C] () -- C:\Users\user

\Desktop\Google redirect notice - how to make it... Apple Support

Communities.htm
[2013/04/14 12:11:59 | 000,083,862 | ---- | C] () -- C:\Users\user

\Desktop\Google Redirect Issues Apple Support Communities.htm
[2013/04/14 12:11:54 | 000,156,054 | ---- | C] () -- C:\Users\user

\Desktop\I am having trouble with a redirect... Apple Support

Communities.htm
[2013/04/14 12:11:48 | 000,128,390 | ---- | C] () -- C:\Users\user

\Desktop\Browser Hijack Redirect Yahoo YQL... Apple Support

Communities.htm
[2013/04/14 12:11:39 | 000,201,532 | ---- | C] () -- C:\Users\user

\Desktop\Google redirect issue Apple Support Communities.htm
[2013/04/14 11:57:49 | 000,036,650 | ---- | C] () -- C:\Users\user

\Desktop\About Memorychromeapr14.htm
[2013/04/14 11:53:24 | 000,016,833 | ---- | C] () -- C:\Users\user

\Desktop\DNS Lookup for 25.1.45.167 DomainTools.htm
[2013/04/14 11:52:17 | 000,016,846 | ---- | C] () -- C:\Users\user

\Desktop\DNS Lookup for 23.30.206.33 DomainTools.htm
[2013/04/14 11:48:39 | 000,056,225 | ---- | C] () -- C:\Users\user

\Desktop\DomainTools.net - DomainTools.htm apr14.htm
[2013/04/14 11:48:19 | 000,025,033 | ---- | C] () -- C:\Users\user

\Desktop\Traceroute for 64.201.57.120 DomainTools.htm
[2013/04/14 11:47:19 | 000,015,708 | ---- | C] () -- C:\Users\user

\Desktop\64.201.57.1 IP Address WHOIS DomainTools.com.htm
[2013/04/14 11:46:42 | 000,021,889 | ---- | C] () -- C:\Users\user

\Desktop\My IP Address Learn Your Own IP Address DomainTools.htm
[2013/04/14 11:46:25 | 000,016,966 | ---- | C] () -- C:\Users\user

\Desktop\DNS Lookup for 216.237.3.33 DomainTools.htm
[2013/04/14 11:38:10 | 000,086,720 | ---- | C] () -- C:\Users\user

\Desktop\Security Snapshots Malware Myths.htm
[2013/04/14 09:57:09 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013/04/14 09:34:17 | 000,002,165 | ---- | C] () -- C:\Users\user

\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/04/13 23:38:59 | 000,007,642 | ---- | C] () -- C:\Users\user

\AppData\Local\resmon.resmoncfg
[2013/04/13 16:03:41 | 000,000,000 | ---- | C] () -- C:\Windows

\SysWow64\drivers\1043_ASUSTEK_K54C_V40_WIN7.MRK
[2013/04/13 16:03:18 | 000,045,056 | ---- | C] () -- C:\Windows

\SysWow64\acovcnt.exe
[2013/04/13 16:01:46 | 000,001,818 | ---- | C] () -- C:\Windows

\SysNative\AutoRunFilter.ini
[2013/04/13 16:01:46 | 000,001,362 | ---- | C] () -- C:\Windows

\SysNative\ServiceFilter.ini
[2013/04/13 16:01:46 | 000,000,105 | ---- | C] () -- C:\Windows

\SysNative\FastBoot.ini
[2013/04/13 16:01:46 | 000,000,080 | ---- | C] () -- C:\Windows

\SysNative\Defrag.ini
[2013/04/13 16:01:46 | 000,000,052 | ---- | C] () -- C:\Windows

\SysNative\RemoveFont.ini
[2013/04/13 16:01:46 | 000,000,015 | ---- | C] () -- C:\Windows

\SysNative\BootTime.ini
[2013/04/13 16:01:44 | 000,002,617 | ---- | C] () -- C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2013/04/13 16:01:08 | 000,000,716 | ---- | C] () -- C:\Users\Public

\Desktop\eManual.Lnk
[2013/04/13 16:01:00 | 000,003,116 | ---- | C] () -- C:\Windows

\SysNative\wimfltr.inf
[2013/04/13 16:00:27 | 000,014,119 | ---- | C] () -- C:\Windows

\SysWow64\RaCoInst.dat
[2013/04/13 16:00:27 | 000,014,119 | ---- | C] () -- C:\Windows

\SysNative\RaCoInst.dat
[2013/04/13 16:00:18 | 000,002,745 | ---- | C] () -- C:\Users\Public

\Desktop\ASUS Sonic Focus.lnk
[2013/04/13 15:59:37 | 000,015,422 | ---- | C] () -- C:\Windows

\SysNative\results.xml
[2013/04/13 15:56:29 | 000,000,000 | ---- | C] () -- C:\Windows

\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/04/13 15:55:55 | 000,008,192 | ---- | C] () -- C:\Windows

\SysNative\drivers\IntelMEFWVer.dll
[2013/04/13 15:48:56 | 000,000,000 | ---- | C] () -- C:\Users\user

\Documents\Default.rdp
[2013/04/13 15:47:54 | 3145,826,304 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/13 15:35:59 | 000,001,115 | ---- | C] () -- C:\Users\Public

\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 14:03:18 | 000,000,387 | ---- | C] () -- C:\Users\user

\AppData\Roaming\sp_data.sys
[2013/04/13 14:02:31 | 000,001,415 | ---- | C] () -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet

Explorer (64-bit).lnk
[2013/04/13 14:02:28 | 000,001,449 | ---- | C] () -- C:\Users\user

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet

Explorer.lnk
[2013/04/13 13:59:29 | 000,002,237 | ---- | C] () -- C:\Users\user

\Application Data\Microsoft\Internet Explorer\Quick Launch\Google

Chrome.lnk
[2013/04/13 13:59:29 | 000,000,290 | ---- | C] () -- C:\Users\user

\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows

Desktop.lnk
[2013/04/13 13:59:29 | 000,000,272 | ---- | C] () -- C:\Users\user

\Application Data\Microsoft\Internet Explorer\Quick Launch\Window

Switcher.lnk
[2012/03/04 21:24:03 | 000,066,856 | ---- | C] () -- C:\Windows

\SysWow64\SynTPEnhPS.dll
[2012/03/04 21:23:54 | 000,963,116 | ---- | C] () -- C:\Windows

\SysWow64\igkrng600.bin
[2012/03/04 21:23:53 | 000,217,536 | ---- | C] () -- C:\Windows

\SysWow64\igfcg600m.bin
[2012/03/04 21:23:53 | 000,056,832 | ---- | C] () -- C:\Windows

\SysWow64\igdde32.dll
[2012/03/04 21:23:52 | 013,903,872 | ---- | C] () -- C:\Windows

\SysWow64\ig4icd32.dll
[2012/03/04 21:23:52 | 000,145,804 | ---- | C] () -- C:\Windows

\SysWow64\igcompkrng600.bin
[2012/02/18 03:36:19 | 004,432,860 | ---- | C] () -- C:\Windows

\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows

\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-

0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-

41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-

409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-

4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-

0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/02/18 03:07:35 |

014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188

-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/02/18 03:07:35 |

012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-

D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 |

000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-

774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 08:19:04 |

000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-

85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 |

000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52

-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users