Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill stopped by NT AUTHORITY\SYSTEM.


  • Please log in to reply
15 replies to this topic

#1 Rob 3

Rob 3

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 29 May 2013 - 10:16 AM

Windows XP 32.
 
Following receipt of what I believed to be a surreptitious acceptance response to share a DropBox folder; which flashed on my screen but did not then appear in Outlook.  AVG triggered an immediate threat response.  I emailed the contact in Moscow and he said he had been using one a friends kids computers that might be dirty and would advise that they get it looked at!
 
I ran rkill and Malwarebytes with nothing found, but subsequently I have occasionally noticed my hard drives have been working overtime and also I’m now receiving spam from country code .ru!
 
I’ve run Malwarebytes a number of times subsequent to this event, which located and removed 4 Trojans.  Today the hard drives were again excessively busy so with more time I decided to run rkill and then Malwarebytes. Immediately I ran rkill a window appeared NT AUTHORITY\SYSTEM. With a countdown to shut the computer down which occurred. I repeated the task with the same result.
 
My search on Google to find reference to this issue did not located it specifically, though I did find similar conditions and a suggestion to use HitmanPro36 in safe mode and then a renamed rkill program. Again though the NT popup appeared.
 
Is this an issue that anyone can suggest a remedy too?
 
Thanks.

 

Edit: Moved topic from XP to the more appropriate forum. ~ Animal



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 29 May 2013 - 10:34 AM

Can you post the rkill log, even if its only partially there, as a reply to this topic?

You can also run rkill in debug mode to see the process its killing write before you receive that message.

To run rkill in debug mode, use the -d flag.

So if its saved on your desktop, you would run by clicking on the start button and then selecting Run. Then type and press the ok button:

C:\Documents and settings\<login name>\Desktop\Rkill -d

#3 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 29 May 2013 - 12:48 PM

Hello Lawrence,

 

Thanks for responding. I've had no luck with Run - 'nothing found'. Incidentally the last  time I ran Rkill successfully I did not see the option to save the log! But that might just be me.

 

I have taken screen shots of the latest Rkill runs which I was hoping I could attach as a pdf. I've tried pasting them here but they do not show. What would you suggest as I'm not able to otherwise copy/grab the text.

 

Thanks,

 

Rob



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 29 May 2013 - 02:09 PM

Where is the rkill.exe file located?

#5 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 29 May 2013 - 02:31 PM

Hello Grinder,

 

My apologies for misnaming you earlier.

 

The file as you had antisipated is on the desktop.



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 29 May 2013 - 02:40 PM

Lawrence is fine :)

Open the run box again and type:

%userprofile%\Desktop\rkill.exe -d

This should run rkill in debug mode. As it checks each process, it will display a process path and name and pause for you to press any key. I need the full process name and path that is displayed right before you get the rebooting message.

#7 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 29 May 2013 - 07:09 PM

Sorry not working. Just to confirm the path for Rkill is: C:\Documents and Settings\WocUser\desktop

 

Typing %userprofile%\Desktop\rkill.exe -d

 

     I get: Windows cannot find 'C:\Documents.



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 29 May 2013 - 07:16 PM

Sorry ... try this:

"%userprofile%\Desktop\rkill.exe" -d

Notice the addition of the quotes.

#9 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 30 May 2013 - 02:36 AM

Success: * C:\WINDOWS\system32\services.exe (PID: 1020) WD-HEUR

Processing :C:\WINDOWS\system32\lsass.exe



#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 30 May 2013 - 09:22 AM

OK great. Download http://live.sysinternals.com/sigcheck.exe and save it to your desktop.

Then download the attached batch file to your desktop and double-click on it. After you double-click on it, there will be a notepad window that opens. Please post the contents of that notepad window.

Attached Files



#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 30 May 2013 - 09:56 AM

As well as doing the above steps, please also download a new copy of rkill from here:

http://www.bleepingcomputer.com/download/rkill/dl/10/

Then run it. Let me know if it restarts your computer again. If not, please post the resulting log.

I think I found a bug that was causing your restarts, but I still there that your services.exe is unsigned, which is what was causing it. That file should not be unsigned.

#12 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 30 May 2013 - 10:24 AM

Thanks for that Grinder, the specified download worked.

 

I see that there are now many missing 'signed'! The cause, any idea and how does one remedy that?

 

 

 

 

Rkill 2.5.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/30/2013 04:06:27 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\system32\Ati2evxx.exe (PID: 1216) [WD-HEUR]
 * C:\WINDOWS\system32\Ati2evxx.exe (PID: 252) [WD-HEUR]
 * C:\WINDOWS\System32\alg.exe (PID: 1652) [WD-HEUR]
 
3 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\WINDOWS\system32\services.exe
 * C:\WINDOWS\system32\lsass.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\spoolsv.exe
 * C:\WINDOWS\system32\ctfmon.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\browser.dll [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2705219\SP3QFE\browser.dll : 78,336 : 07/06/2012 02:58 PM : 
 
fc6d1d80588d371f0321e15a75b2f8f2 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2705219$\browser.dll : 77,824 : 04/14/2008 00:41 AM : 
 
a06ce3399d16db864f55faeb1f1927a9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\browser.dll : 78,336 : 07/06/2012 02:58 PM : 
 
cfd4e51402da9838b5a04ae680af54a0 [Pos Repl]
 
 * C:\WINDOWS\System32\clipsrv.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\clipsrv.exe : 33,280 : 04/14/2008 02:42 AM : 
 
34cbe729f38138217f9c80212a2a0c82 [Pos Repl]
 
 * C:\WINDOWS\System32\comctl32.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\comctl32.dll : 617,472 : 08/23/2010 05:12 PM : 
 
93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
 +-> C:\WINDOWS\WinSxS\InstallTemp\73366\comctl32.dll : 921,088 : 08/04/2004 01:00 PM : 
 
aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\InstallTemp\9788097\comctl32.dll : 1,054,208 : 08/23/2010 05:12 PM : 
 
736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.
 
dll : 921,088 : 02/28/2006 05:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\com
 
ctl32.dll : 1,050,624 : 08/04/2004 01:00 PM : 5af68a5e44734a082442668e9c787743 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\com
 
ctl32.dll : 1,054,208 : 08/25/2006 04:45 PM : c4e80875c1cf1222fc5efd0314ae5c01 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\com
 
ctl32.dll : 1,054,208 : 04/14/2008 04:42 AM : bd38d1ebe24a46bd3eda059560afba12 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\com
 
ctl32.dll : 1,054,208 : 08/23/2010 05:12 PM : 736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]
 
 * C:\WINDOWS\System32\comres.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\comres.dll : 792,064 : 04/14/2008 05:41 AM : 
 
1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
 
 * C:\WINDOWS\System32\cryptsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cryptsvc.dll : 62,464 : 04/14/2008 05:41 AM : 
 
3d4e199942e29207970e04315d02ad3b [Pos Repl]
 
 * C:\WINDOWS\System32\csrss.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\csrss.exe : 6,144 : 04/14/2008 05:42 AM : 
 
44f275c64738ea2056e3d9580c23b60f [Pos Repl]
 
 * C:\WINDOWS\System32\ctfmon.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ctfmon.exe : 15,360 : 04/14/2008 05:42 AM : 
 
5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\d3d8.dll : 1,179,648 : 04/14/2008 05:41 AM : 
 
f099b129022170f2df9e1c0185c9bcfb [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8thk.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\d3d8thk.dll : 8,192 : 04/14/2008 05:41 AM : 
 
31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d9.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\d3d9.dll : 1,689,088 : 04/14/2008 05:41 AM : 
 
0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]
 
 * C:\WINDOWS\System32\ddraw.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ddraw.dll : 279,552 : 04/14/2008 05:41 AM : 
 
a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
 
 * C:\WINDOWS\System32\dllhost.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dllhost.exe : 5,120 : 04/14/2008 05:42 AM : 
 
0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\acpiec.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\acpiec.sys : 11,648 : 02/28/2006 05:00 AM : 
 
9859c0f6936e723e4892d7141b1327d5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\acpi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\acpi.sys : 187,776 : 04/14/2008 05:06 AM : 
 
8fd99680a539792a30e97944fdaecf17 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\aec.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\aec.sys : 142,592 : 04/14/2008 05:51 AM : 
 
8bed39e3c35d6a489438b8141717a557 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\afd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 02:49 PM : 
 
1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\agp440.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\agp440.sys : 42,368 : 04/13/2008 07:36 PM : 
 
08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\amdk6.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\amdk6.sys : 37,376 : 04/14/2008 07:51 AM : 
 
d7701d7e72243286cc88c9973d891057 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\amdk7.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\amdk7.sys : 37,760 : 04/14/2008 07:51 AM : 
 
8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\arp1394.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\arp1394.sys : 60,800 : 04/14/2008 07:51 AM : 
 
b5b8a80875c1dededa8b02765642c32f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\asyncmac.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\asyncmac.sys : 14,336 : 04/14/2008 07:27 AM : 
 
b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\atapi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 07:10 AM : 
 
9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\audstub.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\audstub.sys : 3,072 : 08/17/2001 02:59 PM : 
 
d9f724aa26c010a217c97606b160ed68 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\beep.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 02/28/2006 02:00 AM : 
 
da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bridge.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\bridge.sys : 71,552 : 04/14/2008 02:23 AM : 
 
f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bthport.sys [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 02:05 AM : 
 
662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 02:05 AM : 
 
662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cbidf2k.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cbidf2k.sys : 13,952 : 02/28/2006 02:00 AM : 
 
90a673fc8e12a79afbed2576f6a7aaf9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdaudio.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cdaudio.sys : 18,688 : 02/28/2006 02:00 AM : 
 
c1b486a7658353d33a10cc15211a873b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdfs.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cdfs.sys : 63,744 : 04/14/2008 02:44 AM : 
 
c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdrom.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cdrom.sys : 62,976 : 04/14/2008 02:10 AM : 
 
1f4260cc5b42272d71f79e570a27a4fe [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\classpnp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\classpnp.sys : 49,536 : 04/14/2008 02:46 AM : 
 
fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cpqdap01.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cpqdap01.sys : 11,776 : 02/28/2006 02:00 AM : 
 
9624293e55ad405415862b504ca95b73 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\crusoe.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\crusoe.sys : 36,736 : 04/14/2008 02:51 AM : 
 
f50d9bdbb25cce075e514dc07472a22f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\diskdump.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\diskdump.sys : 14,208 : 04/14/2008 02:10 AM : 
 
e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\disk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\disk.sys : 36,352 : 04/14/2008 02:10 AM : 
 
044452051f3e02e7963599fc8f4f3e25 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmboot.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmboot.sys : 799,744 : 04/14/2008 02:14 AM : 
 
d992fe1274bde0f84ad826acae022a41 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmio.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmio.sys : 153,344 : 04/14/2008 02:14 AM : 
 
7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmload.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 02/28/2006 02:00 AM : 
 
e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\DMusic.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmusic.sys : 52,864 : 04/13/2008 07:45 PM : 
 
8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmkaud.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 07:51 AM : 
 
8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/14/2008 07:51 AM : 
 
6cb08593487f5701d2d2254e693eafce [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxapi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 02/28/2006 07:00 AM : 
 
fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxg.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxg.sys : 71,168 : 04/14/2008 07:08 AM : 
 
ac7280566a7bb85cb3291f04ddc1198e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxgthk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 02/28/2006 07:00 AM : 
 
a73f5d6705b1d820c19b18782e176efd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fastfat.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fastfat.sys : 143,744 : 04/14/2008 07:44 AM : 
 
38d332a6d56af32635675f132548343e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fdc.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fdc.sys : 27,392 : 04/14/2008 07:10 AM : 
 
92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fips.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fips.sys : 44,544 : 04/14/2008 07:03 AM : 
 
d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\flpydisk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\flpydisk.sys : 20,480 : 04/14/2008 07:10 AM : 
 
9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fltMgr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fltmgr.sys : 129,792 : 04/14/2008 07:03 AM : 
 
b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fs_rec.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 02/28/2006 07:00 AM : 
 
3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fsvga.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fsvga.sys : 12,160 : 02/28/2006 07:00 AM : 
 
455f778ee14368468560bd7cb8c854d0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ftdisk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ftdisk.sys : 125,056 : 02/28/2006 07:00 AM : 
 
6ac26732762483366c3969c9e4d2259d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidclass.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\hidclass.sys : 36,864 : 04/14/2008 07:15 AM : 
 
1af592532532a402ed7c060f6954004f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidparse.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\hidparse.sys : 24,960 : 04/14/2008 07:15 AM : 
 
96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidusb.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\hidusb.sys : 10,368 : 04/14/2008 07:15 AM : 
 
ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\http.sys [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 05:20 PM : 
 
f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 05:20 PM : 
 
f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\i8042prt.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\i8042prt.sys : 52,480 : 04/14/2008 05:48 AM : 
 
4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\imapi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\imapi.sys : 42,112 : 04/14/2008 05:11 AM : 
 
083a052659f5310dd8b6a6cb05edcf8e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelppm.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\intelppm.sys : 36,352 : 04/14/2008 05:01 AM : 
 
8c953733d8f36eb2133f5bb58808b66b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ip6fw.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ip6fw.sys : 36,608 : 04/14/2008 05:23 AM : 
 
3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipfltdrv.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 02/28/2006 05:00 AM : 
 
731f22ba402ee4b62748adaf6363c182 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipinip.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipinip.sys : 20,864 : 04/14/2008 05:27 AM : 
 
b87ab476dcf76e72010632b5550955f5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipnat.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipnat.sys : 152,832 : 04/14/2008 05:27 AM : 
 
cc748ea12c6effde940ee98098bf96bb [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipsec.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipsec.sys : 75,264 : 04/14/2008 05:49 AM : 
 
23c74d75e36e7158768dd63d92789a91 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\irenum.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\irenum.sys : 11,264 : 04/14/2008 05:24 AM : 
 
c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\isapnp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\isapnp.sys : 37,248 : 04/14/2008 05:06 AM : 
 
05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\kbdclass.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\kbdclass.sys : 24,576 : 04/14/2008 05:09 AM : 
 
463c1ec80cd17420a542b7f36a36f128 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\kmixer.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 05:51 AM : 
 
692bcf44383d056aed41b045a323d378 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ksecdd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 05:18 AM : 
 
b467646c54cc746128904e1654c750c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ks.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/14/2008 05:51 AM : 
 
0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mcd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 02/28/2006 05:00 AM : 
 
d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mf.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mf.sys : 63,744 : 04/14/2008 05:51 AM : 
 
a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mnmdd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 02/28/2006 05:00 AM : 
 
4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\modem.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\modem.sys : 30,080 : 04/14/2008 05:51 AM : 
 
dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mouclass.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mouclass.sys : 23,040 : 04/14/2008 05:51 AM : 
 
35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mouhid.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mouhid.sys : 12,160 : 08/17/2001 02:48 PM : 
 
b1c303e17fb9d46e87a98e4ba6769685 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mountmgr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mountmgr.sys : 42,368 : 04/14/2008 02:09 AM : 
 
a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxdav.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mrxdav.sys : 180,608 : 04/14/2008 02:02 AM : 
 
11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxsmb.sys [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 02:29 PM : 
 
7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 02:29 PM : 
 
7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\msfs.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msfs.sys : 19,072 : 04/14/2008 02:02 AM : 
 
c941ea2454ba8350021d774daf0f1027 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\msgpc.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msgpc.sys : 35,072 : 04/14/2008 02:26 AM : 
 
0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSKSSRV.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mskssrv.sys : 7,552 : 04/14/2008 02:51 AM : 
 
d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSPCLOCK.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mspclock.sys : 5,376 : 04/14/2008 02:51 AM : 
 
325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSPQM.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mspqm.sys : 4,992 : 04/14/2008 02:51 AM : 
 
bad59648ba099da4a17680b39730cb3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mssmbios.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mssmbios.sys : 15,488 : 04/14/2008 02:51 AM : 
 
af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mup.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 02:37 PM : 
 
de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndis.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ndis.sys : 182,656 : 04/14/2008 02:50 AM : 
 
1df7f42665c94b825322fae71721130d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndistapi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 03:02 PM : 
 
0109c4f3850dfbab279542515386ae22 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndisuio.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ndisuio.sys : 14,592 : 04/14/2008 03:51 AM : 
 
f927a4434c5028758a842943ef1a3849 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndiswan.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ndiswan.sys : 91,520 : 04/14/2008 03:50 AM : 
 
edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndproxy.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/02/2010 03:17 PM : 
 
9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\netbios.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\netbios.sys : 34,688 : 04/14/2008 03:26 AM : 
 
5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\netbt.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\netbt.sys : 162,816 : 04/14/2008 03:51 AM : 
 
74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nic1394.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nic1394.sys : 61,824 : 04/14/2008 03:51 AM : 
 
e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nikedrv.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nikedrv.sys : 12,032 : 02/28/2006 03:00 AM : 
 
be984d604d91c217355cdd3737aad25d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nmnt.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nmnt.sys : 40,320 : 04/14/2008 03:23 AM : 
 
1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\npfs.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\npfs.sys : 30,848 : 04/14/2008 03:02 AM : 
 
3182d64ae053d6fb034f44b6def8034a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ntfs.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ntfs.sys : 574,976 : 04/14/2008 03:45 AM : 
 
78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\null.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 02/28/2006 03:00 AM : 
 
73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkflt.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 02/28/2006 03:00 AM : 
 
b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkfwd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 02/28/2006 03:00 AM : 
 
c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkipx.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkipx.sys : 88,320 : 04/14/2008 03:26 AM : 
 
8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnknb.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 02/28/2006 03:00 AM : 
 
56d34a67c05e94e16377c60609741ff8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkspx.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 02/28/2006 03:00 AM : 
 
c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\oprghdlr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\oprghdlr.sys : 3,456 : 02/28/2006 03:00 AM : 
 
4bb30ddc53ebc76895e38694580cdfe9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\p3.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\p3.sys : 42,752 : 04/14/2008 03:51 AM : 
 
c90018bafdc7098619a4a95b046b30f3 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parport.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\parport.sys : 80,128 : 04/14/2008 03:51 AM : 
 
5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\partmgr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\partmgr.sys : 19,712 : 04/14/2008 03:10 AM : 
 
beb3ba25197665d82ec7065b724171c6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parvdm.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 02/28/2006 03:00 AM : 
 
70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pciidex.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pciidex.sys : 24,960 : 04/14/2008 03:10 AM : 
 
52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pci.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pci.sys : 68,224 : 04/14/2008 03:06 AM : 
 
a219903ccf74233761d92bef471a07b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pcmcia.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pcmcia.sys : 120,192 : 04/14/2008 03:06 AM : 
 
9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\portcls.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/14/2008 03:51 AM : 
 
e82a496c3961efc6828b508c310ce98f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\processr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\processr.sys : 35,840 : 04/14/2008 03:51 AM : 
 
a32bebaf723557681bfc6bd93e98bd26 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\psched.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\psched.sys : 69,120 : 04/14/2008 03:26 AM : 
 
09298ec810b07e5d582cb3a3f9255424 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ptilink.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 02/28/2006 03:00 AM : 
 
80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasacd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 02/28/2006 03:00 AM : 
 
fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasl2tp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasl2tp.sys : 51,328 : 04/14/2008 03:49 AM : 
 
11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspppoe.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspppoe.sys : 41,472 : 04/14/2008 03:27 AM : 
 
5bc962f2654137c9909c3d4603587dee [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspptp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspptp.sys : 48,384 : 04/14/2008 03:49 AM : 
 
efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspti.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 02/28/2006 03:00 AM : 
 
fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rawwan.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 02/28/2006 03:00 AM : 
 
01524cd237223b18adbb48f70083f101 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdbss.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdbss.sys : 175,744 : 04/14/2008 03:58 AM : 
 
7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpcdd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 02/28/2006 03:00 AM : 
 
4912d5b403614ce99c28420f75353332 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpdr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdpdr.sys : 196,224 : 04/14/2008 03:02 AM : 
 
15cabd0f7c00c47c70124907916af3f1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpwd.sys [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys : 139,784 : 01/09/2012 04:19 PM : 
 
2d293b720c206473a05950ce007db12a [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2685939\SP3QFE\rdpwd.sys : 139,656 : 05/02/2012 02:45 PM : 
 
997c59b9955f911ec460241dd9e01b04 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2723135\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 02:59 PM : 
 
c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2621440$\rdpwd.sys : 139,656 : 06/24/2011 03:10 PM : 
 
fc105dd312ed64eb66bff111e8ec6eac [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2685939$\rdpwd.sys : 139,784 : 01/09/2012 04:20 PM : 
 
5b3055daa788bd688594d2f5981f2a83 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2723135$\rdpwd.sys : 139,656 : 05/02/2012 02:46 PM : 
 
6589db6e5969f8eee594cf71171c5028 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/04/2012 03:05 PM : 
 
43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\redbook.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\redbook.sys : 57,600 : 04/13/2008 07:40 PM : 
 
f828dd7e1419b6653894a8f97a0094c5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rmcast.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 03:02 PM : 
 
96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rndismp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rndismp.sys : 30,592 : 04/14/2008 03:26 AM : 
 
601844cbcf617ff8c868130ca5b2039d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rootmdm.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 02/28/2006 03:00 AM : 
 
d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\scsiport.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\scsiport.sys : 96,384 : 04/14/2008 03:10 AM : 
 
76c465f570e90c28942d52ccb2580a10 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sdbus.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sdbus.sys : 79,232 : 04/14/2008 03:06 AM : 
 
8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serenum.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\serenum.sys : 15,744 : 04/14/2008 03:10 AM : 
 
0f29512ccd6bead730039fb4bd2c85ce [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serial.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\serial.sys : 64,512 : 04/14/2008 03:45 AM : 
 
cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sffdisk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sffdisk.sys : 11,904 : 04/14/2008 03:10 AM : 
 
0fa803c64df0914b41f807ea276bf2a6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sffp_sd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sffp_sd.sys : 11,008 : 04/14/2008 03:10 AM : 
 
c17c331e435ed8737525c86a7557b3ac [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sfloppy.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sfloppy.sys : 11,392 : 04/14/2008 03:10 AM : 
 
8e6b8c671615d126fdc553d1e2de5562 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\smclib.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 02/28/2006 03:00 AM : 
 
017daecf0ed3aa731313433601ec40fa [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sonydcam.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sonydcam.sys : 25,344 : 04/14/2008 03:51 AM : 
 
489703624dac94ed943c2abda022a1cd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\splitter.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\splitter.sys : 6,272 : 04/13/2008 07:45 PM : 
 
ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sr.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sr.sys : 73,472 : 04/14/2008 07:06 AM : 
 
76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\srv.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 01:18 PM : 
 
47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\stream.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/14/2008 01:51 AM : 
 
3e5d89099ded9e86e5639f411693218f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\swenum.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\swenum.sys : 4,352 : 04/14/2008 01:51 AM : 
 
3941d127aef12e93addf6fe6ee027e0f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\swmidi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 01:51 AM : 
 
8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sysaudio.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 01:51 AM : 
 
8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tape.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tape.sys : 14,976 : 04/14/2008 01:10 AM : 
 
fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tcpip6.sys [NoSig]
 +-> C:\WINDOWS\SoftwareDistribution\Download\6cc2419f863b96ecc5577f90f84a26db\sp3qfe\tcpip6.sys : 
 
226,880 : 02/11/2010 00:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 01:02 AM : 
 
4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]
 
 * C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 01:51 AM : 
 
9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tdi.sys : 19,072 : 04/14/2008 01:30 AM : 
 
0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdpipe.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tdpipe.sys : 12,040 : 04/14/2008 01:43 AM : 
 
6471a66807f5e104e4885f5b67349397 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdtcp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tdtcp.sys : 21,896 : 04/14/2008 01:43 AM : 
 
c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\termdd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\termdd.sys : 40,840 : 04/14/2008 01:43 AM : 
 
88155247177638048422893737429d9e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tosdvd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tosdvd.sys : 51,712 : 02/28/2006 01:00 AM : 
 
699450901c5ccfd82357cbc531cedd23 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tunmp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tunmp.sys : 12,288 : 04/14/2008 01:51 AM : 
 
8f861eda21c05857eb8197300a92501c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\udfs.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\udfs.sys : 66,048 : 04/14/2008 01:02 AM : 
 
5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\update.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\update.sys : 384,768 : 04/14/2008 01:09 AM : 
 
402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usb8023.sys [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/12/2013 02:43 AM : 
 
c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2807986$\usb8023.sys : 12,800 : 04/14/2008 02:26 AM : 
 
bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/12/2013 01:32 AM : 
 
2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbcamd2.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbcamd2.sys : 25,728 : 04/14/2008 01:51 AM : 
 
ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbcamd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbcamd.sys : 25,600 : 04/14/2008 01:51 AM : 
 
1c1a47b40c23358245aa8d0443b6935e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbccgp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,128 : 04/14/2008 01:15 AM : 
 
173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbd.sys : 4,736 : 02/28/2006 01:00 AM : 
 
596eb39b50d6ebd9b734dc4ae0544693 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbehci.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbehci.sys : 30,208 : 04/14/2008 01:15 AM : 
 
65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbhub.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 
 
1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbintel.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbintel.sys : 15,872 : 04/14/2008 01:51 AM : 
 
290913dc4f1125e5a82de52579a44c43 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbport.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 
 
791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\USBSTOR.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbstor.sys : 26,368 : 04/14/2008 01:15 AM : 
 
a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\vga.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\vga.sys : 20,992 : 04/14/2008 01:14 AM : 
 
0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\videoprt.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\videoprt.sys : 81,664 : 04/14/2008 01:14 AM : 
 
e28726b72c46821a28830e077d39a55b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\volsnap.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\volsnap.sys : 52,352 : 04/14/2008 01:11 AM : 
 
4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wanarp.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wanarp.sys : 34,560 : 04/14/2008 01:27 AM : 
 
e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wdmaud.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 01:51 AM : 
 
6768acf64b18196494413695f0c3a00f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wmilib.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 02/28/2006 01:00 AM : 
 
2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ws2ifsl.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 02/28/2006 01:00 AM : 
 
6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
 
 * C:\WINDOWS\System32\dsound.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dsound.dll : 367,616 : 04/14/2008 01:41 AM : 
 
4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
 
 * C:\WINDOWS\System32\dssenh.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dssenh.dll : 138,752 : 04/13/2008 11:07 PM : 
 
fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]
 
 * C:\WINDOWS\System32\es.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\es.dll : 253,952 : 07/07/2008 09:26 PM : 
 
d4991d98f2db73c60d042f1aef79efae [Pos Repl]
 
 * C:\WINDOWS\System32\eventlog.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\eventlog.dll : 56,320 : 04/14/2008 09:41 AM : 
 
6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
 
 * C:\WINDOWS\System32\hid.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\hid.dll : 20,992 : 04/14/2008 09:51 AM : 
 
8973122796e3b5d6b5900fc186e55fea [Pos Repl]
 
 * C:\WINDOWS\System32\hnetcfg.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\hnetcfg.dll : 344,064 : 04/14/2008 09:41 AM : 
 
3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]
 
 * C:\WINDOWS\System32\imm32.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\imm32.dll : 110,080 : 04/14/2008 09:41 AM : 
 
0da85218e92526972a821587e6a8bf8f [Pos Repl]
 
 * C:\WINDOWS\System32\ipsecsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipsecsvc.dll : 183,808 : 04/14/2008 09:41 AM : 
 
332760fba1655fcfd35bd6f4fd871300 [Pos Repl]
 
 * C:\WINDOWS\System32\kernel32.dll [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll : 991,744 : 10/03/2012 02:57 AM : 
 
6cbfeeb384f04681af75f495aa48dd32 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll : 989,696 : 03/21/2009 02:06 PM : 
 
b921fb870c9ac0d509b2ccabbbbe95f3 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\kernel32.dll : 990,208 : 10/03/2012 09:58 AM : 
 
6fe42512ab1b89f32a7407f261b1d2d0 [Pos Repl]
 
 * C:\WINDOWS\System32\ksuser.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ksuser.dll : 4,096 : 04/14/2008 09:11 AM : 
 
9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
 
 * C:\WINDOWS\System32\linkinfo.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\linkinfo.dll : 19,968 : 04/14/2008 09:41 AM : 
 
2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
 
 * C:\WINDOWS\System32\lpk.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\lpk.dll : 22,016 : 04/14/2008 09:41 AM : 
 
012df358cebaa23acb26d82077820817 [Pos Repl]
 
 * C:\WINDOWS\System32\lsass.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\lsass.exe : 13,312 : 04/14/2008 09:42 AM : 
 
bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
 
 * C:\WINDOWS\System32\mfc40u.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/18/2010 09:53 AM : 
 
e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]
 
 * C:\WINDOWS\System32\midimap.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\midimap.dll : 18,944 : 04/14/2008 09:41 AM : 
 
5c12660a97822f6e61576943b49aaad6 [Pos Repl]
 
 * C:\WINDOWS\System32\msgsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msgsvc.dll : 33,792 : 04/14/2008 09:42 AM : 
 
986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
 
 * C:\WINDOWS\System32\mshtml.dll [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll : 5,978,624 : 11/04/2011 07:19 PM : 
 
699421e2e1313c18671a703953cae14b [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll : 5,980,160 : 12/17/2011 07:45 PM : 
 
49b88a833eca99efbffc5aae5cc998ed [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll : 5,980,672 : 03/01/2012 07:58 AM : 
 
5dbb0c997ad276bce9d30cd609bdbf67 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll : 6,009,344 : 05/11/2012 03:41 PM : 
 
55f148b94246a77fb4ac33346671cac8 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll : 6,010,368 : 07/02/2012 06:48 PM : 
 
df599ac52b62de001e42d36f92b45e68 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll : 6,010,368 : 08/28/2012 04:13 PM : 
 
cf6b381c3518ab328382429cae206d64 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll : 6,010,880 : 11/13/2012 04:23 AM : 
 
02d8509e2362d777debffc05c022cbf2 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll : 6,011,904 : 01/09/2013 04:03 AM : 
 
99e9e2606fb13adb711935fe8e8e29c1 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll : 6,011,392 : 01/06/2013 04:33 AM : 
 
14fd1caefb6d2749019ac2f54859568c [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll : 6,012,928 : 03/01/2013 04:31 AM : 
 
ae3a26c04c794e5451adf6872f7d48f4 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll : 6,013,440 : 03/02/2013 04:05 AM : 
 
990f4518e1607f445969c12f014e4e29 [Pos Repl]
 +-> C:\WINDOWS\ie7\mshtml.dll : 3,058,688 : 09/14/2006 02:31 AM : cefea1c301139a817931be132f0359fe [Pos 
 
Repl]
 +-> C:\WINDOWS\ie7updates\KB2586448-IE7\mshtml.dll : 3,578,368 : 06/12/2008 09:22 AM : 
 
c6ec2493346ed8888a549f59210a8ed3 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB933566-IE7\mshtml.dll : 3,577,856 : 11/07/2006 09:03 PM : 
 
cbf04597f9cf7739e572276a2698fdd3 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll : 3,583,488 : 05/08/2007 09:24 AM : 
 
5d90a7200f72dace663ee78de234fcc7 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll : 3,584,512 : 08/20/2007 09:04 AM : 
 
e267ee248cda7667c19001c069de867b [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll : 3,592,192 : 12/08/2007 09:21 AM : 
 
a097c36412455f0c7e42377faf8809b7 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll : 3,591,680 : 03/01/2008 05:36 PM : 
 
ab2c88167d78d71d93558acecb24cc7a [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll : 3,591,680 : 04/23/2008 10:16 PM : 
 
8976cab317105f7431b08ea32ab73c65 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll : 3,592,192 : 06/24/2008 10:57 AM : 
 
ec936148284f557f19c333178768109b [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB960714-IE7\mshtml.dll : 3,593,216 : 08/27/2008 10:24 AM : 
 
1ad035e04a7068ec2820b055a3131ed8 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB961260-IE7\mshtml.dll : 3,593,216 : 12/13/2008 10:40 AM : 
 
121ec39a64d64205a88c2c45b034b455 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB963027-IE7\mshtml.dll : 3,594,752 : 01/16/2009 09:35 PM : 
 
3b413267da8ae71c20e5ef3e54f74728 [Pos Repl]
 +-> C:\WINDOWS\ie8\mshtml.dll : 3,615,744 : 09/05/2011 02:48 AM : 56a67300c652cdf66e575b707f8b9397 [Pos 
 
Repl]
 +-> C:\WINDOWS\ie8updates\KB2559049-IE8\mshtml.dll : 5,950,976 : 05/06/2010 09:41 AM : 
 
c7b7a88cc7d7aba5c395145bf92f46f7 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2586448-IE8\mshtml.dll : 5,950,976 : 05/06/2010 09:41 AM : 
 
c7b7a88cc7d7aba5c395145bf92f46f7 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2618444-IE8\mshtml.dll : 5,971,456 : 10/03/2011 09:35 AM : 
 
4963cb503600fc3bcbdbfba51fba1fac [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2647516-IE8\mshtml.dll : 5,978,112 : 11/04/2011 07:20 PM : 
 
dd8d655e1881b70a5259a23a6018a6c2 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2675157-IE8\mshtml.dll : 5,979,136 : 12/17/2011 07:46 PM : 
 
a9259cd226283cd4f798c00909754a94 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2699988-IE8\mshtml.dll : 5,978,624 : 03/01/2012 07:01 AM : 
 
dade53318d8e5335ee2e1745f1c3fc4d [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2722913-IE8\mshtml.dll : 6,007,808 : 05/11/2012 03:42 PM : 
 
886b62a906b3967cbbf0fd2c833a30bf [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2744842-IE8\mshtml.dll : 6,008,320 : 07/02/2012 06:49 PM : 
 
13d2e016b784730a98f24d6e5beed22f [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2761465-IE8\mshtml.dll : 6,008,832 : 08/28/2012 04:14 PM : 
 
df3c3ca94cbc9de07ac3eb49440a8d45 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2792100-IE8\mshtml.dll : 6,009,856 : 01/06/2013 04:34 AM : 
 
bdf6cc938c0644fe3643bc0d6a678e26 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2799329-IE8\mshtml.dll : 6,008,832 : 11/12/2012 07:57 PM : 
 
9c46e5c82f94d9aedd2ce798f0df1158 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2809289-IE8\mshtml.dll : 6,010,368 : 01/08/2013 08:34 PM : 
 
727c9e97cb26879c17a30484c2c76e98 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2817183-IE8\mshtml.dll : 6,011,392 : 03/01/2013 08:33 AM : 
 
937091e40652c6b1b6c1a71eb90c08e1 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2847204-IE8\mshtml.dll : 6,012,416 : 03/02/2013 08:06 AM : 
 
85fe43a44239e406d7bb9513569d4d00 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll : 5,937,152 : 03/08/2009 08:41 AM : 
 
d469a0eba2ef5c6bee8065b7e3196e5e [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\a6311a8aaa709f294df621f1ff00a15b\SP3GDR\mshtml.dll : 
 
5,971,456 : 10/03/2011 00:35 AM : 4963cb503600fc3bcbdbfba51fba1fac [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\a6311a8aaa709f294df621f1ff00a15b\SP3QFE\mshtml.dll : 
 
5,972,992 : 10/03/2011 00:34 AM : 1240a6b7b470bed0aa6c9fec7ab0ea26 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll : 
 
5,950,976 : 05/06/2010 00:41 AM : c7b7a88cc7d7aba5c395145bf92f46f7 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll : 
 
5,953,024 : 05/06/2010 00:36 AM : 9be28f749a7fe7f8f177c6aa2e9da609 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mshtml.dll : 6,015,488 : 05/07/2013 08:27 AM : 
 
6dd9251c4d427de5eb828e0bffb95c5a [Pos Repl]
 
 * C:\WINDOWS\System32\msimg32.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msimg32.dll : 4,608 : 04/14/2008 08:42 AM : 
 
affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
 
 * C:\WINDOWS\System32\mspmsnsv.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll : 25,088 : 
 
01/28/2005 09:44 PM : 140ef97b64f560fd78643cae2cdad838 [Pos Repl]
 +-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll : 
 
52,224 : 08/04/2004 01:00 PM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mspmsnsv.dll : 25,088 : 01/28/2005 09:44 PM : 
 
140ef97b64f560fd78643cae2cdad838 [Pos Repl]
 
 * C:\WINDOWS\System32\msprivs.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msprivs.dll : 48,128 : 04/13/2008 09:53 PM : 
 
c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]
 
 * C:\WINDOWS\System32\msvcrt.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msvcrt.dll : 343,040 : 04/14/2008 09:42 AM : 
 
355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.d
 
ll : 322,560 : 02/28/2006 09:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\ms
 
vcrt.dll : 343,040 : 08/04/2004 01:00 PM : 98ec447e00229afd88d5161a25d065da [Pos Repl]
 +-> 
 
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\ms
 
vcrt.dll : 343,040 : 04/14/2008 01:42 AM : d7075e95aa599ee77b7a89d39296bd3d [Pos Repl]
 
 * C:\WINDOWS\System32\mswsock.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mswsock.dll : 245,248 : 06/20/2008 05:02 PM : 
 
943337d786a56729263071623bbb9de5 [Pos Repl]
 
 * C:\WINDOWS\System32\netlogon.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\netlogon.dll : 407,040 : 04/14/2008 05:42 AM : 
 
1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]
 
 * C:\WINDOWS\System32\netman.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\netman.dll : 198,144 : 04/14/2008 05:42 AM : 
 
13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
 
 * C:\WINDOWS\System32\ntkrnlpa.exe [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe : 2,069,376 : 10/25/2011 01:52 PM : 
 
db19fff0c805664cb95062c027b11fe9 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe : 2,069,120 : 04/11/2012 01:42 PM : 
 
063a0f8a90d8e2b802e5243fe9aabcf3 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe : 2,069,120 : 05/04/2012 01:41 PM : 
 
8e99a0ce02c1beda6c0935a4dde9ceaa [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe : 2,069,632 : 08/21/2012 02:05 PM : 
 
b326d5e256d2f32b23e64f49debce31b [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe : 2,069,760 : 01/07/2013 02:45 AM : 
 
1251d608dfce4b6801ad27a59b74985c [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe : 2,070,016 : 03/07/2013 02:53 AM : 
 
9ebeda306e5eabdabcff8b695fcd4cd6 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2633171$\ntkrnlpa.exe : 2,027,008 : 12/09/2010 01:07 PM : 
 
9ed77e2307f6ec6f174c063c15aa3b8c [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe : 2,027,008 : 10/25/2011 01:52 PM : 
 
36cac3c8c4c10f4e21bfeabbfe7acffc [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2707511$\ntkrnlpa.exe : 2,026,496 : 04/11/2012 01:35 PM : 
 
61cce48f7bd00e0e4d5cde206f2ddc1b [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2724197$\ntkrnlpa.exe : 2,026,496 : 05/04/2012 01:32 PM : 
 
87763bb6c95901818050e52c378c9e15 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2799494$\ntkrnlpa.exe : 2,027,520 : 08/21/2012 01:58 PM : 
 
61027ee2d9859a2b41d588d92f256cfb [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2813170$\ntkrnlpa.exe : 2,027,520 : 01/07/2013 01:37 AM : 
 
2c9091c3350e369bbb2464aabe2fd7ca [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2,070,016 : 03/07/2013 05:50 AM : 
 
9c8e896fcf103f943eb3f405a974447d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntkrnlpa.exe : 2,070,016 : 03/07/2013 05:50 AM : 
 
9c8e896fcf103f943eb3f405a974447d [Pos Repl]
 
 * C:\WINDOWS\System32\ntmssvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ntmssvc.dll : 435,200 : 04/14/2008 05:42 AM : 
 
156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
 
 * C:\WINDOWS\System32\ntoskrnl.exe [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe : 2,192,768 : 10/25/2011 02:34 PM : 
 
f512c662874d7545e5bd8005e6800a44 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe : 2,192,640 : 04/11/2012 02:22 PM : 
 
8d061bb825bc606c2b1c6f7452d1baaa [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe : 2,192,640 : 05/04/2012 02:20 PM : 
 
099a0f80a563ebe935f4a9750f96c219 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe : 2,193,024 : 08/21/2012 02:48 PM : 
 
eca5980e1a78dbf9cb7f49f76791c0d1 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe : 2,193,152 : 01/07/2013 02:28 AM : 
 
ae2fee63789f5df6b19dd9a39e26d03e [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe : 2,193,536 : 03/07/2013 02:31 AM : 
 
9fc16e5ebfe88f3c844ffe2e6cb7f1e8 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe : 2,148,864 : 12/09/2010 01:42 PM : 
 
60e16152d847d7a7b7d3da4c4b8e2120 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe : 2,148,864 : 10/25/2011 02:37 PM : 
 
3b663b9b193d7e1de39a466020f1fd91 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe : 2,148,352 : 04/11/2012 02:14 PM : 
 
a144d60b35e6dd14ccb9649b5e0d1092 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe : 2,148,352 : 05/04/2012 02:16 PM : 
 
ac4b3c4a6dc31867034c66663b9b8a38 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2799494$\ntoskrnl.exe : 2,148,864 : 08/21/2012 02:33 PM : 
 
b9a14d5875ce262774388bd43ba56ff3 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2813170$\ntoskrnl.exe : 2,148,864 : 01/07/2013 02:19 AM : 
 
dd5a89274b47499ccff7adca3a3c560e [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2,193,408 : 03/07/2013 05:28 AM : 
 
3fd65320312c8411b72e33da8661d36a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntoskrnl.exe : 2,193,408 : 03/07/2013 05:28 AM : 
 
3fd65320312c8411b72e33da8661d36a [Pos Repl]
 
 * C:\WINDOWS\System32\oakley.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\oakley.dll : 270,336 : 10/13/2009 05:30 AM : 
 
c5ff8682eada5b3b27a865f1c3ef9270 [Pos Repl]
 
 * C:\WINDOWS\System32\ole32.dll [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll : 1,289,216 : 11/01/2011 04:05 PM : 
 
7d9dde1ab4b00ddb173f5a16e9206517 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll : 1,288,192 : 07/16/2010 01:05 PM : 
 
7a6a7900b5e322763430ba6fd9a31224 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ole32.dll : 1,288,704 : 11/01/2011 04:07 PM : 
 
6bad1bed9872e62049e487fb91ae2f3a [Pos Repl]
 
 * C:\WINDOWS\System32\olepro32.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\olepro32.dll : 84,992 : 04/14/2008 04:42 AM : 
 
5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
 
 * C:\WINDOWS\System32\perfctrs.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\perfctrs.dll : 39,936 : 04/14/2008 04:42 AM : 
 
dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
 
 * C:\WINDOWS\System32\powrprof.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\powrprof.dll : 17,408 : 04/14/2008 04:42 AM : 
 
50a166237a0fa771261275a405646cc0 [Pos Repl]
 
 * C:\WINDOWS\System32\psbase.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\psbase.dll : 96,768 : 04/14/2008 04:42 AM : 
 
22d89d84e8e081cda529dbf8c0255a38 [Pos Repl]
 
 * C:\WINDOWS\System32\pstorsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pstorsvc.dll : 34,304 : 04/14/2008 04:42 AM : 
 
853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]
 
 * C:\WINDOWS\System32\qmgr.dll [NoSig]
 +-> C:\WINDOWS\system32\bits\qmgr.dll : 409,088 : 04/14/2008 04:12 AM : 
 
574738f61fca2935f5265dc4e5691314 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\qmgr.dll : 409,088 : 04/14/2008 04:42 AM : 
 
574738f61fca2935f5265dc4e5691314 [Pos Repl]
 
 * C:\WINDOWS\System32\rasadhlp.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasadhlp.dll : 7,680 : 04/14/2008 04:42 AM : 
 
6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
 
 * C:\WINDOWS\System32\regsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\regsvc.dll : 59,904 : 04/14/2008 04:42 AM : 
 
5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
 
 * C:\WINDOWS\System32\rpcss.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rpcss.dll : 401,408 : 02/09/2009 04:10 AM : 
 
6b27a5c03dfb94b4245739065431322c [Pos Repl]
 
 * C:\WINDOWS\System32\scecli.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\scecli.dll : 181,248 : 04/14/2008 04:42 AM : 
 
a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
 
 * C:\WINDOWS\System32\schannel.dll [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll : 152,064 : 11/16/2011 02:20 PM : 
 
d444009f7cd704c89f7f9e62396ed4f1 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2655992\SP3QFE\schannel.dll : 153,088 : 06/04/2012 02:31 AM : 
 
26f1193092b9ac2586deb38dd1cbb25c [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2585542$\schannel.dll : 151,552 : 04/29/2011 06:25 PM : 
 
abeedd547e939ad827b2e29dec754206 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2655992$\schannel.dll : 152,064 : 11/16/2011 02:21 PM : 
 
a645a78fcdabad67067324d7e6cd9f79 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\schannel.dll : 152,576 : 06/04/2012 04:32 AM : 
 
0f64207b49390c8063c36ae7cbf9c2db [Pos Repl]
 
 * C:\WINDOWS\System32\schedsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\schedsvc.dll : 192,512 : 04/14/2008 04:42 AM : 
 
0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
 
 * C:\WINDOWS\System32\services.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\services.exe : 110,592 : 02/06/2009 04:11 AM : 
 
65df52f5b8b6e9bbd183505225c37315 [Pos Repl]
 
 * C:\WINDOWS\System32\setupapi.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\setupapi.dll : 985,088 : 04/14/2008 04:42 AM : 
 
24192246760e0e64435522e246b1d6c2 [Pos Repl]
 
 * C:\WINDOWS\System32\sfc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sfc.dll : 5,120 : 04/14/2008 04:42 AM : 
 
96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
 
 * C:\WINDOWS\System32\sfcfiles.dll [NoSig]
 
 * C:\WINDOWS\System32\shsvcs.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\shsvcs.dll : 135,168 : 07/28/2009 04:17 AM : 
 
99bc0b50f511924348be19c7c7313bbf [Pos Repl]
 
 * C:\WINDOWS\System32\smss.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\smss.exe : 50,688 : 04/14/2008 04:42 AM : 
 
5f816c1f539266d2d4c78694239da0b5 [Pos Repl]
 
 * C:\WINDOWS\System32\spoolsv.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\spoolsv.exe : 58,880 : 08/17/2010 02:17 PM : 
 
60784f891563fb1b767f70117fc2428f [Pos Repl]
 
 * C:\WINDOWS\System32\srsvc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\srsvc.dll : 171,008 : 04/14/2008 02:42 AM : 
 
3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]
 
 * C:\WINDOWS\System32\ssdpsrv.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ssdpsrv.dll : 71,680 : 04/14/2008 02:42 AM : 
 
0a5679b3714edab99e357057ee88fca6 [Pos Repl]
 
 * C:\WINDOWS\System32\svchost.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\svchost.exe : 14,336 : 04/14/2008 02:42 AM : 
 
27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
 
 * C:\WINDOWS\System32\tapisrv.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tapisrv.dll : 249,856 : 04/14/2008 02:42 AM : 
 
3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]
 
 * C:\WINDOWS\System32\termsrv.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\termsrv.dll : 295,424 : 04/14/2008 02:42 AM : 
 
ff3477c03be7201c294c35f684b3479f [Pos Repl]
 
 * C:\WINDOWS\System32\upnphost.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\upnphost.dll : 185,856 : 04/14/2008 02:42 AM : 
 
1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]
 
 * C:\WINDOWS\System32\user32.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\user32.dll : 578,560 : 04/14/2008 02:42 AM : 
 
b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
 
 * C:\WINDOWS\System32\userinit.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\userinit.exe : 26,112 : 04/14/2008 02:42 AM : 
 
a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
 
 * C:\WINDOWS\System32\usp10.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usp10.dll : 406,016 : 04/16/2010 04:36 PM : 
 
9e03dc5ab51cfd0190541ce2038d819d [Pos Repl]
 
 * C:\WINDOWS\System32\UxTheme.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218,624 : 04/14/2008 04:42 AM : 
 
7a2cc3719b255e6b5d74396183b7715b [Pos Repl]
 
 * C:\WINDOWS\System32\version.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\version.dll : 18,944 : 04/14/2008 04:42 AM : 
 
c7ce131408739b0b3a318be2d0032719 [Pos Repl]
 
 * C:\WINDOWS\System32\w32time.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\w32time.dll : 175,104 : 04/14/2008 04:42 AM : 
 
54af4b1d5459500ef0937f6d33b1914f [Pos Repl]
 
 * C:\WINDOWS\System32\wbem\wmiprvse.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 04:10 AM : 
 
798a9e6828997eef4517ada8a2259831 [Pos Repl]
 
 * C:\WINDOWS\System32\wdigest.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 04:25 AM : 
 
3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]
 
 * C:\WINDOWS\System32\wiaservc.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wiaservc.dll : 333,824 : 04/14/2008 04:42 AM : 
 
8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
 
 * C:\WINDOWS\System32\wininet.dll [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll : 919,552 : 11/04/2011 07:19 PM : 
 
4e4716caf514717814d07113ad0425b6 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll : 919,552 : 12/17/2011 07:45 PM : 
 
84a48e9818e8440ddbfd8eec37c8a937 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll : 919,552 : 03/01/2012 07:58 AM : 
 
4ec67fab39f37626ad6d9895fc094abf [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll : 920,064 : 05/16/2012 04:06 PM : 
 
553ad35768cd27959391dd5aa82cef6f [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll : 920,064 : 07/02/2012 06:48 PM : 
 
efb2241de3aa6480521a16d0cb67b0ec [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll : 920,064 : 08/28/2012 04:13 PM : 
 
dcea3b3193b7181cf818ecc4eab30a66 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll : 920,064 : 11/01/2012 04:15 AM : 
 
acc92628cfff9bb6f8886329888014a8 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll : 920,064 : 12/26/2012 08:15 PM : 
 
b8bef9519a1b124deaf94081f6c5a767 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll : 920,064 : 02/05/2013 08:04 PM : 
 
be30bef4c13065d09772f9895fcb9d22 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll : 920,064 : 03/02/2013 08:05 AM : 
 
43eadba9f3cd2a5f01b189bd95fcde95 [Pos Repl]
 +-> C:\WINDOWS\ie7\wininet.dll : 664,576 : 09/14/2006 02:31 AM : d207370287cf769aebebf03837784963 [Pos 
 
Repl]
 +-> C:\WINDOWS\ie7updates\KB2586448-IE7\wininet.dll : 818,688 : 06/12/2008 04:22 AM : 
 
a4a0fc92358f39538a6494c42ef99fe9 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll : 818,688 : 11/07/2006 09:03 PM : 
 
92995334f993e6e49c25c6d02ec04401 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll : 822,784 : 04/25/2007 09:41 AM : 
 
0586a7f0b2fdb94d624f399d4728e7c8 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll : 824,832 : 08/20/2007 09:04 AM : 
 
774435e499d8e9643ec961a6103c361f [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll : 824,832 : 12/07/2007 09:21 AM : 
 
806d274c9a6c3aaea5eae8e4af841e04 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll : 826,368 : 03/01/2008 01:06 PM : 
 
ad21461aef8244edec2ef18e55e1dcf3 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll : 826,368 : 04/23/2008 01:16 AM : 
 
f6589be784647cfdbc22ea51ccb1a57a [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll : 826,368 : 06/23/2008 05:57 PM : 
 
8c13d4a7479fa0a026eda8abce82c0ed [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB958215-IE7\wininet.dll : 826,368 : 08/26/2008 05:24 AM : 
 
ef8eba98145bfa44e80d17a3b3453300 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB961260-IE7\wininet.dll : 826,368 : 10/16/2008 09:38 PM : 
 
6741eaf7b7f110e803a6e38f6e5fa6b0 [Pos Repl]
 +-> C:\WINDOWS\ie7updates\KB963027-IE7\wininet.dll : 826,368 : 12/20/2008 11:15 PM : 
 
a82935d32d0672e8ff4e91ae398e901c [Pos Repl]
 +-> C:\WINDOWS\ie8\wininet.dll : 832,512 : 08/17/2011 10:32 PM : 3688e2bbe543cc753809e462c3553188 [Pos 
 
Repl]
 +-> C:\WINDOWS\ie8updates\KB2559049-IE8\wininet.dll : 916,480 : 05/06/2010 11:41 AM : 
 
2d9c7b010409372c34f725da5cced083 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2586448-IE8\wininet.dll : 916,480 : 05/06/2010 11:41 AM : 
 
2d9c7b010409372c34f725da5cced083 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll : 916,480 : 08/23/2011 11:48 AM : 
 
1a377838b4b468e37c3eeb5baa24f925 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2647516-IE8\wininet.dll : 916,992 : 11/04/2011 07:20 PM : 
 
552263502ea8c24d301a0c43ff90b3ed [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2675157-IE8\wininet.dll : 916,992 : 12/17/2011 07:46 PM : 
 
f362d50fbdc6e34918df41bde1770e5c [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2699988-IE8\wininet.dll : 916,992 : 03/01/2012 07:01 AM : 
 
009e7b4c284f080608d7286484015ee5 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2722913-IE8\wininet.dll : 916,992 : 05/16/2012 04:08 PM : 
 
6b1774334e2975aa60596e54f5ea1430 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2744842-IE8\wininet.dll : 916,992 : 07/02/2012 06:49 PM : 
 
c4300cb4d20b1159dc77e01e8a2525ec [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2761465-IE8\wininet.dll : 916,992 : 08/28/2012 04:14 PM : 
 
ff1c14bca1a797ce45dd359fa2c9eda8 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2792100-IE8\wininet.dll : 916,992 : 11/01/2012 04:17 AM : 
 
9ad88ea663124336e88eb031f917ce20 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2809289-IE8\wininet.dll : 916,480 : 12/26/2012 08:16 PM : 
 
d175f91a4c98b8848818c9b5089f88a2 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2817183-IE8\wininet.dll : 916,480 : 02/05/2013 08:05 PM : 
 
5aacf4b4dee1972b7952e8a747122232 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2829530-IE8\wininet.dll : 916,480 : 03/02/2013 08:06 AM : 
 
da5b96a293b006572209e5eac9f3a045 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll : 914,944 : 03/08/2009 08:34 AM : 
 
6ce32f7778061ccc5814d5e0f282d369 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\a6311a8aaa709f294df621f1ff00a15b\SP3GDR\wininet.dll : 
 
916,480 : 08/23/2011 00:48 AM : 1a377838b4b468e37c3eeb5baa24f925 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\a6311a8aaa709f294df621f1ff00a15b\SP3QFE\wininet.dll : 
 
919,552 : 08/23/2011 00:47 AM : 19630aebbfaeb06984cab91848270aaf [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll : 
 
916,480 : 05/06/2010 00:41 AM : 2d9c7b010409372c34f725da5cced083 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll : 
 
919,040 : 05/06/2010 00:36 AM : c1490f68b44af8b781f52f12f564625d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wininet.dll : 920,064 : 04/16/2013 11:17 PM : 
 
5c4aac5a91422c95522ecc6c26fb93c8 [Pos Repl]
 
 * C:\WINDOWS\System32\winlogon.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\winlogon.exe : 507,904 : 04/14/2008 11:42 AM : 
 
ed0ef0a136dec83df69f04118870003e [Pos Repl]
 
 * C:\WINDOWS\System32\ws2_32.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ws2_32.dll : 82,432 : 04/14/2008 11:42 AM : 
 
2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
 
 * C:\WINDOWS\System32\ws2help.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ws2help.dll : 19,968 : 04/14/2008 11:42 AM : 
 
9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
 
 * C:\WINDOWS\System32\wscntfy.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wscntfy.exe : 13,824 : 04/14/2008 11:42 AM : 
 
f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
 
 * C:\WINDOWS\System32\xmlprov.dll [NoSig]
 +-> C:\WINDOWS\system32\dllcache\xmlprov.dll : 129,024 : 04/14/2008 11:42 AM : 
 
295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
 
 * C:\WINDOWS\explorer.exe [NoSig]
 +-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,033,728 : 04/14/2008 11:42 AM : 
 
12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
 
  20 out of 15116 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 05/30/2013 04:11:34 PM
Execution time: 0 hours(s), 5 minute(s), and 7 seconds(s)


#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 30 May 2013 - 10:44 AM

Can you also post the contents of the notepad that opens when you run that batch file I posted?

Those system files should not be unsigned. Unsigned files shows tampering of some manner. I would strongly suggest you follow the steps here:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

#14 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 30 May 2013 - 10:54 AM

Sorry Grinder, I missed that posting.

 

I've now done as you were asking, agreed on the license, but then what I suspect is the notepad only flashes on the screen then nothing!

 

I'll dry downloading it again.



#15 Rob 3

Rob 3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 30 May 2013 - 11:12 AM

Double-click - Window flashes then nothing!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users