Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual rkill log, and "missing digital signatures".


  • This topic is locked This topic is locked
15 replies to this topic

#1 deviantartfan1

deviantartfan1

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 19 November 2014 - 04:58 PM

Hello,

 

Recently, I ran rkill as part of a maintenance regimen for my computer, and came back with some odd results (i.e. missing digital signatures, and "possibly patched files")  - below is my log.

 

SPECS:

 

eMachines

Windows XP Service Pack 3 

32 bit

 

AMD Sempron 3100+ Processor @ 1.8 GhZ

2 GB of RAM

 

 

***LOG***

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/19/2014 12:36:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\system32\wdfmgr.exe (PID: 1764) [WD-HEUR]
 * C:\WINDOWS\System32\alg.exe (PID: 3604) [WD-HEUR]
 * C:\WINDOWS\system32\VTTimer.exe (PID: 1748) [WD-HEUR]
 * C:\WINDOWS\SOUNDMAN.EXE (PID: 2596) [WD-HEUR]
 * C:\WINDOWS\system32\PRISMSVR.EXE (PID: 2604) [WD-HEUR]
 
5 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\WINDOWS\system32\services.exe
 * C:\WINDOWS\system32\lsass.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\spoolsv.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\ctfmon.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\browser.dll : 78,336 : 07/06/2012 05:58 AM : cfd4e51402da9838b5a04ae680af54a0 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll : 78,336 : 07/06/2012 05:58 AM : fc6d1d80588d371f0321e15a75b2f8f2 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\browser.dll : 77,312 : 08/04/2004 11:00 AM : e3cfccdda4edd1d0dc9168b2e18f27b8 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2705219-v2$\browser.dll : 77,824 : 04/14/2008 04:41 AM : a06ce3399d16db864f55faeb1f1927a9 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\browser.dll : 77,824 : 04/14/2008 04:41 AM : a06ce3399d16db864f55faeb1f1927a9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\browser.dll : 78,336 : 07/06/2012 05:58 AM : cfd4e51402da9838b5a04ae680af54a0 [Pos Repl]
 
 * C:\WINDOWS\System32\clipsrv.exe : 33,280 : 04/14/2008 04:42 AM : 34cbe729f38138217f9c80212a2a0c82 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe : 33,280 : 08/04/2004 11:00 AM : c8dec22c4137d7a90f8bdf41ca4b82ae [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe : 33,280 : 04/14/2008 04:42 AM : 34cbe729f38138217f9c80212a2a0c82 [Pos Repl]
 
 * C:\WINDOWS\System32\comctl32.dll : 617,472 : 08/23/2010 08:12 AM : 93afb83fbc1f9443cac722fca63d73bf [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll : 611,328 : 08/04/2004 11:00 AM : a77dfb85faee49d66c74da6024ebc69b [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2296011$\comctl32.dll : 617,472 : 04/14/2008 04:41 AM : 06f247492bc786ce5c24a23e178c711a [Pos Repl]
 +-> C:\WINDOWS\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL : 921,088 : 08/04/2004 11:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\comctl32.dll : 617,472 : 04/14/2008 04:41 AM : 06f247492bc786ce5c24a23e178c711a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\comctl32.dll : 617,472 : 08/23/2010 08:12 AM : 93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921,088 : 08/04/2004 11:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll : 1,050,624 : 08/04/2004 11:00 AM : 5af68a5e44734a082442668e9c787743 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1,054,208 : 04/14/2008 04:42 AM : bd38d1ebe24a46bd3eda059560afba12 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll : 1,054,208 : 08/23/2010 08:12 AM : 736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]
 
 * C:\WINDOWS\System32\comres.dll : 792,064 : 04/14/2008 04:41 AM : 1280a158c722fa95a80fb7aebe78fa7d [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\comres.dll : 792,064 : 08/04/2004 11:00 AM : 6728270cb7dbb776ed086f5ac4c82310 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\comres.dll : 792,064 : 04/14/2008 04:41 AM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
 
 * C:\WINDOWS\System32\cryptsvc.dll : 62,464 : 04/14/2008 04:41 AM : 3d4e199942e29207970e04315d02ad3b [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll : 60,416 : 08/04/2004 11:00 AM : 10654f9ddcea9c46cfb77554231be73b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll : 62,464 : 04/14/2008 04:41 AM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]
 
 * C:\WINDOWS\System32\csrss.exe : 6,144 : 04/14/2008 04:42 AM : 44f275c64738ea2056e3d9580c23b60f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\csrss.exe : 6,144 : 08/04/2004 11:00 AM : f12b178b1678d778cfd3ff1fc38c71fb [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\csrss.exe : 6,144 : 04/14/2008 04:42 AM : 44f275c64738ea2056e3d9580c23b60f [Pos Repl]
 
 * C:\WINDOWS\System32\ctfmon.exe : 15,360 : 04/14/2008 04:42 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe : 15,360 : 08/04/2004 11:00 AM : 24232996a38c0b0cf151c2140ae29fc8 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe : 15,360 : 04/14/2008 04:42 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8.dll : 1,179,648 : 04/14/2008 04:41 AM : f099b129022170f2df9e1c0185c9bcfb [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll : 1,179,648 : 08/04/2004 11:00 AM : 42803ec60803c1a0754671e9183458f1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\d3d8.dll : 1,179,648 : 04/14/2008 04:41 AM : f099b129022170f2df9e1c0185c9bcfb [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8thk.dll : 8,192 : 04/14/2008 04:41 AM : 31b067c412fa1a9bad3ca2a63d7da440 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll : 8,192 : 08/04/2004 11:00 AM : 8d9210e9858d525646251dfa1fe37ebe [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll : 8,192 : 04/14/2008 04:41 AM : 31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d9.dll : 1,689,088 : 04/14/2008 04:41 AM : 0607cbc6fa20114cb491efe4b2f9efad [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll : 1,689,088 : 08/04/2004 11:00 AM : d67bdbbda86cc9aeebbaf3217c1717d8 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\d3d9.dll : 1,689,088 : 04/14/2008 04:41 AM : 0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]
 
 * C:\WINDOWS\System32\ddraw.dll : 279,552 : 04/14/2008 04:41 AM : a340cd71eb535a3dd751b5f28723e50c [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll : 266,240 : 08/04/2004 11:00 AM : 7ed462f353b3d915a418a689fa881f96 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ddraw.dll : 279,552 : 04/14/2008 04:41 AM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
 
 * C:\WINDOWS\System32\dllhost.exe : 5,120 : 04/14/2008 04:42 AM : 0a9ba6af531afe7fa5e4fb973852d863 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe : 5,120 : 08/04/2004 11:00 AM : dd87db7387b9eb441c5674888a0d840c [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dllhost.exe : 5,120 : 04/14/2008 04:42 AM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]
 
 * C:\WINDOWS\System32\dsound.dll : 367,616 : 04/14/2008 04:41 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dsound.dll : 367,616 : 08/04/2004 11:00 AM : 55e148c01296696588eafa425782c3e8 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dsound.dll : 367,616 : 04/14/2008 04:41 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
 
 * C:\WINDOWS\System32\dssenh.dll : 138,752 : 04/13/2008 10:07 PM : fede68bf80052bad393afd5c2e60dcb0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll : 137,216 : 08/04/2004 11:00 AM : cacd2c63a79268d131ea37e85524cc44 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dssenh.dll : 138,752 : 04/13/2008 10:07 PM : fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]
 
 * C:\WINDOWS\System32\es.dll : 253,952 : 07/07/2008 12:26 AM : d4991d98f2db73c60d042f1aef79efae [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll : 253,952 : 07/07/2008 12:23 AM : f17f6226bdc0cd5f0bef0daf84d29bec [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\es.dll : 243,200 : 08/04/2004 11:00 AM : acd36a2dd7d1e9d8a060aa651dc07e63 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB950974$\es.dll : 246,272 : 04/14/2008 04:41 AM : 19a799805b24990867b00c120d300c3a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\es.dll : 246,272 : 04/14/2008 04:41 AM : 19a799805b24990867b00c120d300c3a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\es.dll : 253,952 : 07/07/2008 12:26 AM : d4991d98f2db73c60d042f1aef79efae [Pos Repl]
 
 * C:\WINDOWS\System32\eventlog.dll : 56,320 : 04/14/2008 04:41 AM : 6d4feb43ee538fc5428cc7f0565aa656 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll : 55,808 : 08/04/2004 11:00 AM : 82b24cb70e5944e6e34662205a2a5b78 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll : 56,320 : 04/14/2008 04:41 AM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
 
 * C:\WINDOWS\System32\hid.dll : 20,992 : 04/14/2008 04:41 AM : 8973122796e3b5d6b5900fc186e55fea [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\hid.dll : 20,992 : 08/03/2004 04:56 PM : 18afee0ede045b6255408d634372dc29 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\hid.dll : 20,992 : 04/14/2008 04:41 AM : 8973122796e3b5d6b5900fc186e55fea [Pos Repl]
 
 * C:\WINDOWS\System32\hnetcfg.dll : 344,064 : 04/14/2008 04:41 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll : 344,064 : 08/04/2004 11:00 AM : 765b30c776a1780b46b479fe614f707c [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll : 344,064 : 04/14/2008 04:41 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]
 
 * C:\WINDOWS\System32\imm32.dll : 110,080 : 04/14/2008 04:41 AM : 0da85218e92526972a821587e6a8bf8f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\imm32.dll : 110,080 : 08/04/2004 11:00 AM : 87ca7ce6469577f059297b9d6556d66d [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\imm32.dll : 110,080 : 04/14/2008 04:41 AM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]
 
 * C:\WINDOWS\System32\ipsecsvc.dll : 183,808 : 04/14/2008 04:41 AM : 332760fba1655fcfd35bd6f4fd871300 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll : 182,784 : 08/04/2004 11:00 AM : d1e299962b5956005113ec4ab1e0d9b7 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll : 183,808 : 04/14/2008 04:41 AM : 332760fba1655fcfd35bd6f4fd871300 [Pos Repl]
 
 * C:\WINDOWS\System32\kernel32.dll : 993,280 : 03/12/2014 02:48 AM : 4a45b692d2baa74124df57472d5ea2f1 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll : 991,744 : 03/21/2009 05:59 AM : da11d9d6ecbdf0f93436a4b7c13f7bec [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll : 983,552 : 08/04/2004 11:00 AM : 888190e31455fad793312f8d087146eb [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2922229$\kernel32.dll : 989,696 : 03/21/2009 06:06 AM : b921fb870c9ac0d509b2ccabbbbe95f3 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll : 989,696 : 04/14/2008 04:41 AM : c24b983d211c34da8fcc1ac38477971d [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\kernel32.dll : 989,696 : 04/14/2008 04:41 AM : c24b983d211c34da8fcc1ac38477971d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\kernel32.dll : 993,280 : 03/12/2014 02:48 AM : 4a45b692d2baa74124df57472d5ea2f1 [Pos Repl]
 
 * C:\WINDOWS\System32\ksuser.dll : 4,096 : 04/14/2008 04:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll : 4,096 : 08/04/2004 00:56 AM : cbcd254547689bff80c9f547b20911e9 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ksuser.dll : 4,096 : 04/14/2008 04:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
 
 * C:\WINDOWS\System32\linkinfo.dll : 19,968 : 04/14/2008 04:41 AM : 2dc5a8019e2387987905f77c664e4be2 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll : 18,944 : 08/04/2004 11:00 AM : c2bbd044c741ea4292016c36f718d2e4 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll : 19,968 : 04/14/2008 04:41 AM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
 
 * C:\WINDOWS\System32\lpk.dll : 22,016 : 04/14/2008 04:41 AM : 012df358cebaa23acb26d82077820817 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\lpk.dll : 22,016 : 08/04/2004 11:00 AM : 74d66b3de265e8789153414e75175f26 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\lpk.dll : 22,016 : 04/14/2008 04:41 AM : 012df358cebaa23acb26d82077820817 [Pos Repl]
 
 * C:\WINDOWS\System32\lsass.exe : 13,312 : 04/14/2008 04:42 AM : bf2466b3e18e970d8a976fb95fc1ca85 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\lsass.exe : 13,312 : 08/04/2004 11:00 AM : 84885f9b82f4d55c6146ebf6065d75d2 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\lsass.exe : 13,312 : 04/14/2008 04:42 AM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
 
 * C:\WINDOWS\System32\mfc40u.dll : 953,856 : 09/17/2010 10:53 PM : e76a5c202e68af5a322d16b5a78f48b9 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll : 953,856 : 09/17/2010 11:18 PM : 842900dedbc8e3e8dbcccb298fd88f65 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll : 924,432 : 08/04/2004 11:00 AM : ddf8d47acf8fc3fe5f7f2b95c4d4d136 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2387149$\mfc40u.dll : 927,504 : 04/14/2008 04:41 AM : cddd4416b2b4c7295fe3fdb6dde57e4e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll : 927,504 : 04/14/2008 04:41 AM : cddd4416b2b4c7295fe3fdb6dde57e4e [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/17/2010 10:53 PM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]
 
 * C:\WINDOWS\System32\midimap.dll : 18,944 : 04/14/2008 04:41 AM : 5c12660a97822f6e61576943b49aaad6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\midimap.dll : 18,944 : 08/04/2004 11:00 AM : 3b4702155bb2ae9dc00c06a68834bdfa [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\midimap.dll : 18,944 : 04/14/2008 04:41 AM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]
 
 * C:\WINDOWS\System32\msgsvc.dll : 33,792 : 04/14/2008 04:42 AM : 986b1ff5814366d71e0ac5755c88f2d3 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll : 33,792 : 08/04/2004 11:00 AM : 95fd808e4ac22aba025a7b3eac0375d2 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll : 33,792 : 04/14/2008 04:42 AM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
 
 * C:\WINDOWS\System32\mshtml.dll : 6,022,144 : 04/30/2014 00:13 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\mshtml.dll : 3,004,928 : 09/29/2004 11:27 AM : 087ff7c54e7ebe4a59bd4dfc1d0ee9b8 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\mshtml.dll : 3,008,000 : 01/27/2005 09:08 AM : 91c5ade25bc4e3322577854fa2e7b58b [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\mshtml.dll : 3,014,144 : 05/02/2005 12:57 AM : dcc5c79b99f02eef8c826b074dbfc222 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\mshtml.dll : 3,011,072 : 03/09/2005 11:43 PM : 255c2ce965543abdc3e0a25a5da1874a [Pos Repl]
 +-> C:\WINDOWS\ie8\mshtml.dll : 3,012,608 : 05/02/2005 01:52 PM : dcfac5470ee0a159ec4222bc28ae3ee6 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2936068-IE8\mshtml.dll : 5,937,152 : 03/08/2009 04:41 AM : d469a0eba2ef5c6bee8065b7e3196e5e [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2964358-IE8\mshtml.dll : 6,021,632 : 03/06/2014 09:59 AM : 0964efc80bd54fdf37397a09fdae8395 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mshtml.dll : 3,066,880 : 04/14/2008 04:42 AM : a706e122b398fe1ab85cb9b75d044223 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mshtml.dll : 6,022,144 : 04/30/2014 00:13 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [Pos Repl]
 
 * C:\WINDOWS\System32\msimg32.dll : 4,608 : 04/14/2008 04:42 AM : affc87e2501fce8f09d4c10ba6421ccf [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll : 4,608 : 08/04/2004 11:00 AM : b5331f2b6f37c66c29c847f3b94ff900 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\msimg32.dll : 4,608 : 04/14/2008 04:42 AM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
 
 * C:\WINDOWS\System32\mspmsnsv.dll : 25,088 : 08/11/2004 01:45 AM : a477391b7a8b0a0daabadb17cf533a4b [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll : 25,088 : 08/11/2004 01:45 AM : a477391b7a8b0a0daabadb17cf533a4b [Pos Repl]
 +-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll : 52,224 : 08/04/2004 11:00 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mspmsnsv.dll : 25,088 : 08/11/2004 01:45 AM : a477391b7a8b0a0daabadb17cf533a4b [Pos Repl]
 
 * C:\WINDOWS\System32\msprivs.dll : 48,128 : 04/13/2008 08:53 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\msprivs.dll : 48,128 : 08/04/2004 11:00 AM : 6bec17053284e847cf1fbb8c9a181e1e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\msprivs.dll : 48,128 : 04/13/2008 08:53 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]
 
 * C:\WINDOWS\System32\msvcrt.dll : 343,040 : 04/14/2008 04:42 AM : 355edbb4d412b01f1740c17e3f50fa00 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll : 343,040 : 08/04/2004 11:00 AM : b0fefa816d61ec66aa765ddf534eab5e [Pos Repl]
 +-> C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL : 322,560 : 08/04/2004 11:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll : 343,040 : 04/14/2008 04:42 AM : 355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322,560 : 08/04/2004 11:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll : 343,040 : 08/04/2004 11:00 AM : 98ec447e00229afd88d5161a25d065da [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll : 343,040 : 04/14/2008 04:42 AM : d7075e95aa599ee77b7a89d39296bd3d [Pos Repl]
 
 * C:\WINDOWS\System32\mswsock.dll : 245,248 : 06/20/2008 08:02 AM : 943337d786a56729263071623bbb9de5 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll : 245,248 : 06/20/2008 09:43 AM : fcee5fcb99f7c724593365c706d28388 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll : 245,248 : 08/04/2004 11:00 AM : 4e74af063c3271fbea20dd940cfd1184 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll : 245,248 : 04/14/2008 04:42 AM : b4138e99236f0f57d4cf49bae98a0746 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mswsock.dll : 245,248 : 04/14/2008 04:42 AM : b4138e99236f0f57d4cf49bae98a0746 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mswsock.dll : 245,248 : 06/20/2008 08:02 AM : 943337d786a56729263071623bbb9de5 [Pos Repl]
 
 * C:\WINDOWS\System32\netlogon.dll : 407,040 : 04/14/2008 04:42 AM : 1b7f071c51b77c272875c3a23e1e4550 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll : 407,040 : 08/04/2004 11:00 AM : 96353fcecba774bb8da74a1c6507015a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll : 407,040 : 04/14/2008 04:42 AM : 1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]
 
 * C:\WINDOWS\System32\netman.dll : 198,144 : 04/14/2008 04:42 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\netman.dll : 198,144 : 08/04/2004 11:00 AM : dab9e6c7105d2ef49876fe92c524f565 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\netman.dll : 198,144 : 04/14/2008 04:42 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
 
 * C:\WINDOWS\System32\ntkrnlpa.exe : 2,070,144 : 07/03/2013 06:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe : 2,069,376 : 12/09/2010 05:39 PM : f67cd97282e0abfaf91a9a1359b16f2d [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe : 2,069,120 : 04/11/2012 04:42 AM : 063a0f8a90d8e2b802e5243fe9aabcf3 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe : 2,056,832 : 03/01/2005 04:36 PM : d8aba3eab509627e707a3b14f00fbb6b [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe : 2,066,176 : 02/06/2009 02:30 AM : 607352b9cb3d708c67f6039097801b5a [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe : 2,056,832 : 03/01/2005 04:34 PM : 81013f36b21c7f72cf784cc6731e0002 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2393802$\ntkrnlpa.exe : 2,066,048 : 02/07/2009 06:02 PM : 5ba7f2141bc6db06100d0e5a732c617a [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe : 2,069,376 : 12/09/2010 05:07 AM : 84ff488e249dbd2050eb39ea81c6f5c2 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2859537$\ntkrnlpa.exe : 2,069,120 : 04/11/2012 04:35 AM : 0c9e44d256948fa68ae10d67984862ce [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe : 2,065,792 : 04/13/2008 11:01 PM : 109f8e3e3c82e337bb71b6bc9b895d61 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2,070,144 : 07/03/2013 06:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe : 2,065,792 : 04/13/2008 11:01 PM : 109f8e3e3c82e337bb71b6bc9b895d61 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntkrnlpa.exe : 2,070,144 : 07/03/2013 06:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe : 2,056,832 : 08/03/2004 02:59 PM : 947fb1d86d14afcffdb54bf837ec25d0 [Pos Repl]
 
 * C:\WINDOWS\System32\ntmssvc.dll : 435,200 : 04/14/2008 04:42 AM : 156f64a3345bd23c600655fb4d10bc08 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll : 435,200 : 08/04/2004 11:00 AM : b62f29c00ac55a761b2e45877d85ea0f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll : 435,200 : 04/14/2008 04:42 AM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
 
 * C:\WINDOWS\System32\ntoskrnl.exe : 2,193,536 : 07/03/2013 06:59 PM : a4a50a53ffbfec545cda85e98af2106b [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe : 2,192,768 : 12/09/2010 05:43 AM : a531bbd3de13121c1380ed7dc99082db [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe : 2,192,640 : 04/11/2012 05:22 AM : 8d061bb825bc606c2b1c6f7452d1baaa [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe : 2,179,456 : 03/01/2005 05:04 PM : 28187802b7c368c0d3aef7d4c382aabb [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe : 2,189,184 : 02/07/2009 06:35 PM : efe8eace83eaad5849a7a548fb75b584 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe : 2,179,328 : 03/01/2005 04:59 PM : 4d4cf2c14550a4b7718e94a6e581856e [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe : 2,189,056 : 02/06/2009 03:08 AM : 7a95b10a73737ebf24139aaa63f5212b [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe : 2,192,768 : 12/09/2010 05:38 AM : 64c1adf6df629f340c5a439fe0ef8ed1 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2859537$\ntoskrnl.exe : 2,192,640 : 04/11/2012 05:10 AM : 536168936ebf326e36c655ec5ae34b03 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe : 2,188,928 : 04/13/2008 11:57 PM : 0c89243c7c3ee199b96fcc16990e0679 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2,193,536 : 07/03/2013 06:59 PM : a4a50a53ffbfec545cda85e98af2106b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe : 2,188,928 : 04/13/2008 11:57 PM : 0c89243c7c3ee199b96fcc16990e0679 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntoskrnl.exe : 2,193,536 : 07/03/2013 06:59 PM : a4a50a53ffbfec545cda85e98af2106b [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe : 2,180,992 : 08/04/2004 11:00 AM : ce218bc7088681faa06633e218596ca7 [Pos Repl]
 
 * C:\WINDOWS\System32\oakley.dll : 278,528 : 10/12/2013 07:56 AM : 584c4da856450cb22ebbe7a68cc6250f [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB974392\SP3QFE\oakley.dll : 270,336 : 10/13/2009 02:38 AM : 7eadba6d371c60cca9e4db57c28c8045 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\oakley.dll : 266,752 : 08/04/2004 11:00 AM : a76128be63eea6a3af521a0576d3ebf7 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2862152$\oakley.dll : 270,336 : 10/13/2009 02:30 AM : c5ff8682eada5b3b27a865f1c3ef9270 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB974392$\oakley.dll : 270,336 : 04/14/2008 04:42 AM : 33ceb89b62589e8b12aee9e2d523dade [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\oakley.dll : 270,336 : 04/14/2008 04:42 AM : 33ceb89b62589e8b12aee9e2d523dade [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\oakley.dll : 278,528 : 10/12/2013 07:56 AM : 584c4da856450cb22ebbe7a68cc6250f [Pos Repl]
 
 * C:\WINDOWS\System32\ole32.dll : 1,289,728 : 08/05/2013 05:30 AM : 59b408e5b8489b0b36a0d783d150edcc [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll : 1,284,608 : 01/13/2005 09:07 PM : 2e752611c9a9ae1b6bfd0da03cf7f17e [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll : 1,289,216 : 07/16/2010 04:04 AM : 8d51fb47062f2a1a9efeccef338a4c46 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ole32.dll : 1,285,120 : 01/14/2005 00:55 AM : abdef60ced7c04ab35a415efb6b96d81 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2876217$\ole32.dll : 1,288,192 : 07/16/2010 04:05 AM : 7a6a7900b5e322763430ba6fd9a31224 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB979687$\ole32.dll : 1,287,168 : 04/14/2008 04:42 AM : ecce74bc6168375016450a86a164d976 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ole32.dll : 1,287,168 : 04/14/2008 04:42 AM : ecce74bc6168375016450a86a164d976 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ole32.dll : 1,289,728 : 08/05/2013 05:30 AM : 59b408e5b8489b0b36a0d783d150edcc [Pos Repl]
 
 * C:\WINDOWS\System32\olepro32.dll : 84,992 : 04/14/2008 04:42 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll : 83,456 : 08/04/2004 11:00 AM : b48d3193dd1474dcbcc32bf4779ac698 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\olepro32.dll : 84,992 : 04/14/2008 04:42 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
 
 * C:\WINDOWS\System32\perfctrs.dll : 39,936 : 04/14/2008 04:42 AM : dbe2b62353660ecca0d75ea307a717e9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll : 39,936 : 08/04/2004 11:00 AM : 96492c721c6ea517e2bfd5381fef55e3 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll : 39,936 : 04/14/2008 04:42 AM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
 
 * C:\WINDOWS\System32\powrprof.dll : 17,408 : 04/14/2008 04:42 AM : 50a166237a0fa771261275a405646cc0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll : 17,408 : 08/04/2004 11:00 AM : 1b5f6923abb450692e9fe0672c897aed [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\powrprof.dll : 17,408 : 04/14/2008 04:42 AM : 50a166237a0fa771261275a405646cc0 [Pos Repl]
 
 * C:\WINDOWS\System32\psbase.dll : 96,768 : 04/14/2008 04:42 AM : 22d89d84e8e081cda529dbf8c0255a38 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\psbase.dll : 96,768 : 08/04/2004 11:00 AM : 4d3ccdf22d2b4bae229ba73b81d13e26 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\psbase.dll : 96,768 : 04/14/2008 04:42 AM : 22d89d84e8e081cda529dbf8c0255a38 [Pos Repl]
 
 * C:\WINDOWS\System32\pstorsvc.dll : 34,304 : 04/14/2008 04:42 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\pstorsvc.dll : 34,304 : 08/04/2004 11:00 AM : 306b30a036db25fcb76b507fede07d58 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\pstorsvc.dll : 34,304 : 04/14/2008 04:42 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]
 
 * C:\WINDOWS\System32\qmgr.dll : 409,088 : 04/14/2008 04:42 AM : 574738f61fca2935f5265dc4e5691314 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll : 382,464 : 08/04/2004 11:00 AM : 2c69ec7e5a311334d10dd95f338fccea [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\qmgr.dll : 409,088 : 04/14/2008 04:42 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
 +-> C:\WINDOWS\system32\bits\qmgr.dll : 409,088 : 04/14/2008 04:42 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
 
 * C:\WINDOWS\System32\rasadhlp.dll : 7,680 : 04/14/2008 04:42 AM : 6f9bef24c578d5d6740e080bedd6a448 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll : 8,192 : 08/04/2004 11:00 AM : 4caec028c1e21c75e17877d4522d3db4 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll : 7,680 : 04/14/2008 04:42 AM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
 
 * C:\WINDOWS\System32\regsvc.dll : 59,904 : 04/14/2008 04:42 AM : 5b19b557b0c188210a56a6b699d90b8f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll : 59,904 : 08/04/2004 11:00 AM : 3151427db7d87107d1c5be58fac53960 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\regsvc.dll : 59,904 : 04/14/2008 04:42 AM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
 
 * C:\WINDOWS\System32\rpcss.dll : 401,408 : 02/09/2009 04:10 AM : 6b27a5c03dfb94b4245739065431322c [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll : 395,776 : 01/13/2005 09:07 PM : 94456045beb4545b5ebe1dcc85951afa [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll : 401,408 : 02/09/2009 02:56 AM : 9222562d44021b988b9f9f62207fb6f2 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll : 395,776 : 01/14/2005 00:55 AM : 419899803ca479b73b02390318c787c0 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll : 399,360 : 04/14/2008 04:42 AM : 2589fe6015a316c0f5d5112b4da7b509 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rpcss.dll : 399,360 : 04/14/2008 04:42 AM : 2589fe6015a316c0f5d5112b4da7b509 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rpcss.dll : 401,408 : 02/09/2009 04:10 AM : 6b27a5c03dfb94b4245739065431322c [Pos Repl]
 
 * C:\WINDOWS\System32\scecli.dll : 181,248 : 04/14/2008 04:42 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll : 180,224 : 08/04/2004 11:00 AM : 0f78e27f563f2aaf74b91a49e2abf19a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\scecli.dll : 181,248 : 04/14/2008 04:42 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
 
 * C:\WINDOWS\System32\schannel.dll : 152,576 : 06/03/2012 08:32 PM : 0f64207b49390c8063c36ae7cbf9c2db [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll : 152,064 : 11/16/2011 06:20 AM : d444009f7cd704c89f7f9e62396ed4f1 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2655992\SP3QFE\schannel.dll : 153,088 : 06/03/2012 08:31 PM : 26f1193092b9ac2586deb38dd1cbb25c [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll : 147,456 : 06/25/2009 00:41 AM : e513ba8bc33fd00f35d69659b478b1df [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\schannel.dll : 144,896 : 08/04/2004 11:00 AM : 29632e787dcfc0085a555c681eb82693 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2585542$\schannel.dll : 147,456 : 06/25/2009 00:25 AM : bfdece69e293e6db4e25def862418428 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2655992$\schannel.dll : 152,064 : 11/16/2011 06:21 AM : a645a78fcdabad67067324d7e6cd9f79 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB968389$\schannel.dll : 144,384 : 04/14/2008 04:42 AM : c61e8ecffdbf05ff71d079bbd35396b3 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\schannel.dll : 144,384 : 04/14/2008 04:42 AM : c61e8ecffdbf05ff71d079bbd35396b3 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\schannel.dll : 152,576 : 06/03/2012 08:32 PM : 0f64207b49390c8063c36ae7cbf9c2db [Pos Repl]
 
 * C:\WINDOWS\System32\schedsvc.dll : 192,512 : 04/14/2008 04:42 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll : 190,976 : 08/04/2004 11:00 AM : 92360854316611f6cc471612213c3d92 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll : 192,512 : 04/14/2008 04:42 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
 
 * C:\WINDOWS\System32\services.exe : 110,592 : 02/06/2009 03:11 AM : 65df52f5b8b6e9bbd183505225c37315 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe : 110,592 : 02/06/2009 03:06 AM : 020ceaaedc8eb655b6506b8c70d53bb6 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\services.exe : 108,032 : 08/04/2004 11:00 AM : c6ce6eec82f187615d1002bb3bb50ed4 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\services.exe : 108,544 : 04/14/2008 04:42 AM : 0e776ed5f7cc9f94299e70461b7b8185 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\services.exe : 108,544 : 04/14/2008 04:42 AM : 0e776ed5f7cc9f94299e70461b7b8185 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\services.exe : 110,592 : 02/06/2009 03:11 AM : 65df52f5b8b6e9bbd183505225c37315 [Pos Repl]
 
 * C:\WINDOWS\System32\setupapi.dll : 985,088 : 04/14/2008 04:42 AM : 24192246760e0e64435522e246b1d6c2 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll : 983,552 : 08/04/2004 11:00 AM : 7808313cbc634ee08346d5ddfef1cc5f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\setupapi.dll : 985,088 : 04/14/2008 04:42 AM : 24192246760e0e64435522e246b1d6c2 [Pos Repl]
 
 * C:\WINDOWS\System32\sfc.dll : 5,120 : 04/14/2008 04:42 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sfc.dll : 5,120 : 08/04/2004 11:00 AM : e8a12a12ea9088b4327d49edca3add3e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sfc.dll : 5,120 : 04/14/2008 04:42 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
 
 * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 04/14/2008 04:42 AM : 9dd07af82244867ca36681ea2d29ce79 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll : 1,580,544 : 08/04/2004 11:00 AM : 30a609e00bd1d4ffc49d6b5a432be7f2 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll : 1,614,848 : 04/14/2008 04:42 AM : 9dd07af82244867ca36681ea2d29ce79 [Pos Repl]
 
 * C:\WINDOWS\System32\shsvcs.dll : 135,168 : 07/27/2009 03:17 PM : 99bc0b50f511924348be19c7c7313bbf [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll : 135,168 : 07/27/2009 02:13 PM : 888cd7b39c37e13a2419becfaaf0a28c [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll : 134,656 : 08/04/2004 11:00 AM : e7518dc542d3ebdcb80edd98462c7821 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB971029$\shsvcs.dll : 135,168 : 04/14/2008 04:42 AM : 1926899bf9ffe2602b63074971700412 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll : 135,168 : 04/14/2008 04:42 AM : 1926899bf9ffe2602b63074971700412 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\shsvcs.dll : 135,168 : 07/27/2009 03:17 PM : 99bc0b50f511924348be19c7c7313bbf [Pos Repl]
 
 * C:\WINDOWS\System32\smss.exe : 50,688 : 04/14/2008 04:42 AM : 5f816c1f539266d2d4c78694239da0b5 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\smss.exe : 50,688 : 08/04/2004 11:00 AM : bd7fb0957c716f1a60333aee04de2178 [Pos Repl]
 +-> C:\WINDOWS\I386\SYSTEM32\SMSS.EXE : 470,016 : 08/04/2004 11:00 AM : 9a98937a980831729d21343754ff9d59 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\smss.exe : 50,688 : 04/14/2008 04:42 AM : 5f816c1f539266d2d4c78694239da0b5 [Pos Repl]
 
 * C:\WINDOWS\System32\spoolsv.exe : 58,880 : 08/17/2010 05:17 AM : 60784f891563fb1b767f70117fc2428f [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe : 58,880 : 08/17/2010 05:19 AM : 258dd5d4283fd9f9a7166be9ae45ce73 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe : 57,856 : 08/04/2004 11:00 AM : 7435b108b935e42ea92ca94f59c8e717 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe : 57,856 : 04/14/2008 04:42 AM : d8e14a61acc1d4a6cd0d38aebac7fa3b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe : 57,856 : 04/14/2008 04:42 AM : d8e14a61acc1d4a6cd0d38aebac7fa3b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\spoolsv.exe : 58,880 : 08/17/2010 05:17 AM : 60784f891563fb1b767f70117fc2428f [Pos Repl]
 
 * C:\WINDOWS\System32\srsvc.dll : 171,008 : 04/14/2008 04:42 AM : 3805df0ac4296a34ba4bf93b346cc378 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll : 170,496 : 08/04/2004 11:00 AM : 92bdf74f12d6cbec43c94d4b7f804838 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\srsvc.dll : 171,008 : 04/14/2008 04:42 AM : 3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]
 
 * C:\WINDOWS\System32\ssdpsrv.dll : 71,680 : 04/14/2008 04:42 AM : 0a5679b3714edab99e357057ee88fca6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll : 71,680 : 08/04/2004 11:00 AM : 4b8d61792f7175bed48859cc18ce4e38 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll : 71,680 : 04/14/2008 04:42 AM : 0a5679b3714edab99e357057ee88fca6 [Pos Repl]
 
 * C:\WINDOWS\System32\svchost.exe : 14,336 : 04/14/2008 04:42 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\svchost.exe : 14,336 : 08/04/2004 11:00 AM : 8f078ae4ed187aaabc0a305146de6716 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\svchost.exe : 14,336 : 04/14/2008 04:42 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
 
 * C:\WINDOWS\System32\tapisrv.dll : 249,856 : 04/14/2008 04:42 AM : 3cb78c17bb664637787c9a1c98f79c38 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll : 246,272 : 08/04/2004 11:00 AM : eb4a4187d74a8efdcbea3ea2cb1bdfbd [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll : 249,856 : 04/14/2008 04:42 AM : 3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]
 
 * C:\WINDOWS\System32\termsrv.dll : 295,424 : 04/14/2008 04:42 AM : ff3477c03be7201c294c35f684b3479f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll : 295,424 : 08/04/2004 11:00 AM : b60c877d16d9c880b952fda04adf16e6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\termsrv.dll : 295,424 : 04/14/2008 04:42 AM : ff3477c03be7201c294c35f684b3479f [Pos Repl]
 
 * C:\WINDOWS\System32\upnphost.dll : 185,856 : 04/14/2008 04:42 AM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll : 185,344 : 08/04/2004 11:00 AM : 0546477bde979e33294fe97f6b3de84a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\upnphost.dll : 185,856 : 04/14/2008 04:42 AM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]
 
 * C:\WINDOWS\System32\user32.dll : 578,560 : 04/14/2008 04:42 AM : b26b135ff1b9f60c9388b4a7d16f600b [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll : 577,024 : 03/02/2005 10:19 AM : 1800f293bccc8ede8a70e12b88d80036 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\user32.dll : 577,024 : 03/02/2005 10:09 AM : de2db164bbb35db061af0997e4499054 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\user32.dll : 578,560 : 04/14/2008 04:42 AM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
 
 * C:\WINDOWS\System32\userinit.exe : 26,112 : 04/14/2008 04:42 AM : a93aee1928a9d7ce3e16d24ec7380f89 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\userinit.exe : 24,576 : 08/04/2004 11:00 AM : 39b1ffb03c2296323832acbae50d2aff [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\userinit.exe : 26,112 : 04/14/2008 04:42 AM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
 
 * C:\WINDOWS\System32\usp10.dll : 406,016 : 07/10/2013 02:37 AM : 1d845821f5adb076831de4c2818f858b [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usp10.dll : 406,528 : 08/04/2004 11:00 AM : 2eb58f9dcd6ab320b46744a4ea48b2d2 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2850869$\usp10.dll : 406,016 : 04/14/2008 04:42 AM : 7d7d8501f3cb45d0408cdefa08cdaeff [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usp10.dll : 406,016 : 04/14/2008 04:42 AM : 7d7d8501f3cb45d0408cdefa08cdaeff [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usp10.dll : 406,016 : 07/10/2013 02:37 AM : 1d845821f5adb076831de4c2818f858b [Pos Repl]
 
 * C:\WINDOWS\System32\UxTheme.dll : 218,624 : 04/14/2008 04:42 AM : 7a2cc3719b255e6b5d74396183b7715b [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll : 218,624 : 08/04/2004 11:00 AM : 2cde496666a975a2ce8f969f3042c8db [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll : 218,624 : 04/14/2008 04:42 AM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]
 
 * C:\WINDOWS\System32\version.dll : 18,944 : 04/14/2008 04:42 AM : c7ce131408739b0b3a318be2d0032719 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\version.dll : 18,944 : 08/04/2004 11:00 AM : d38408967be738d0c1b47005bce8ceeb [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\version.dll : 18,944 : 04/14/2008 04:42 AM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]
 
 * C:\WINDOWS\System32\w32time.dll : 175,104 : 04/14/2008 04:42 AM : 54af4b1d5459500ef0937f6d33b1914f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\w32time.dll : 174,592 : 08/04/2004 11:00 AM : 2b281958f5d0cf99ed626e3ef39d5c8d [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\w32time.dll : 175,104 : 04/14/2008 04:42 AM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]
 
 * C:\WINDOWS\System32\wbem\wmiprvse.exe : 227,840 : 02/06/2009 02:10 AM : 798a9e6828997eef4517ada8a2259831 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe : 227,840 : 02/06/2009 02:15 AM : f520ab392d58c0a1070268032d809382 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe : 218,112 : 08/04/2004 11:00 AM : 075ea6c849ab0fe416a3d6dd65c3cf41 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe : 218,112 : 04/14/2008 04:42 AM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe : 218,112 : 04/14/2008 04:42 AM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 02:10 AM : 798a9e6828997eef4517ada8a2259831 [Pos Repl]
 
 * C:\WINDOWS\System32\wdigest.dll : 54,272 : 06/25/2009 00:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\wdigest.dll : 54,272 : 06/25/2009 00:41 AM : d9dcec3fa1b27689fc56e34c38d3f148 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\wdigest.dll : 49,152 : 08/04/2004 11:00 AM : a8b82c5d30b7ab937e164ab349478fba [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB968389$\wdigest.dll : 49,152 : 04/14/2008 04:42 AM : cefcc6a64983eb8119f3a07a0c1ede30 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wdigest.dll : 49,152 : 04/14/2008 04:42 AM : cefcc6a64983eb8119f3a07a0c1ede30 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 00:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]
 
 * C:\WINDOWS\System32\wiaservc.dll : 333,824 : 04/14/2008 04:42 AM : 8bad69cbac032d4bbacfce0306174c30 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll : 333,312 : 08/04/2004 11:00 AM : d9f6c4f6b1e188adafc42b561d9bc2e6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll : 333,824 : 04/14/2008 04:42 AM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
 
 * C:\WINDOWS\System32\wininet.dll : 920,064 : 03/06/2014 09:59 AM : 8af91e4b4c1f5338ebe1548117304296 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll : 656,896 : 09/29/2004 10:27 AM : 2c07195588d69a067c2afdaa31759295 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll : 657,920 : 01/27/2005 09:08 AM : a8eac5330876548e9966a7d13025d196 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll : 658,944 : 05/02/2005 12:57 AM : e1e18136f9dd3df1ad9c82193a5898a6 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll : 657,920 : 03/09/2005 11:43 PM : c8663b488996e89a84c3d17c1d12b79e [Pos Repl]
 +-> C:\WINDOWS\ie8\wininet.dll : 657,920 : 05/02/2005 12:52 AM : 1a078af3f85d10ba56444c23b3a18e74 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2936068-IE8\wininet.dll : 914,944 : 03/08/2009 04:34 AM : 6ce32f7778061ccc5814d5e0f282d369 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wininet.dll : 666,112 : 04/14/2008 04:42 AM : 7a4f775abb2f1c97def3e73afa2faedd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wininet.dll : 920,064 : 03/06/2014 09:59 AM : 8af91e4b4c1f5338ebe1548117304296 [Pos Repl]
 
 * C:\WINDOWS\System32\winlogon.exe : 507,904 : 04/14/2008 04:42 AM : ed0ef0a136dec83df69f04118870003e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe : 502,272 : 08/04/2004 11:00 AM : 01c3346c241652f43aed8e2149881bfe [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe : 507,904 : 04/14/2008 04:42 AM : ed0ef0a136dec83df69f04118870003e [Pos Repl]
 
 * C:\WINDOWS\System32\ws2_32.dll : 82,432 : 04/14/2008 04:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll : 82,944 : 08/04/2004 11:00 AM : 2ed0b7f12a60f90092081c50fa0ec2b2 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll : 82,432 : 04/14/2008 04:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
 
 * C:\WINDOWS\System32\ws2help.dll : 19,968 : 04/14/2008 04:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll : 19,968 : 08/04/2004 11:00 AM : 9beacb911ca61e5881102188ab7fb431 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ws2help.dll : 19,968 : 04/14/2008 04:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
 
 * C:\WINDOWS\System32\wscntfy.exe : 13,824 : 04/14/2008 04:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe : 13,824 : 08/04/2004 11:00 AM : 49911dd39e023bb6c45e4e436cfbd297 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe : 13,824 : 04/14/2008 04:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
 
 * C:\WINDOWS\System32\xmlprov.dll : 129,024 : 04/14/2008 04:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll : 129,536 : 08/04/2004 11:00 AM : eef46dab68229a14da3d8e73c99e2959 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll : 129,024 : 04/14/2008 04:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
 
 * C:\WINDOWS\explorer.exe : 1,033,728 : 04/14/2008 04:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe : 1,032,192 : 08/04/2004 11:00 AM : a0732187050030ae399b241436565e64 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\explorer.exe : 1,033,728 : 04/14/2008 04:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\acpiec.sys : 11,648 : 08/04/2004 11:00 AM : 9859c0f6936e723e4892d7141b1327d5 [NoSig]
 
 * C:\WINDOWS\System32\drivers\acpi.sys : 187,776 : 04/13/2008 11:06 PM : 8fd99680a539792a30e97944fdaecf17 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\acpi.sys : 187,776 : 08/04/2004 11:00 AM : a10c7534f7223f4a73a948967d00e69b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\acpi.sys : 187,776 : 04/13/2008 11:06 PM : 8fd99680a539792a30e97944fdaecf17 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\aec.sys : 142,592 : 04/13/2008 09:09 PM : 8bed39e3c35d6a489438b8141717a557 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\aec.sys : 142,464 : 08/03/2004 10:39 PM : 841f385c6cfaf66b58fbd898722bb4f0 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\aec.sys : 142,592 : 04/13/2008 09:09 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\afd.sys : 138,496 : 08/17/2011 05:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/16/2008 07:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/17/2011 05:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\afd.sys : 138,496 : 08/04/2004 11:00 AM : 5ac495f4cb807b2b98ad2ad591e6d92e [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2509553$\afd.sys : 138,112 : 04/13/2008 11:49 PM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2592799$\afd.sys : 138,496 : 10/16/2008 06:43 AM : 7618d5218f2a614672ec61a80d854a37 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\afd.sys : 138,112 : 04/13/2008 11:49 PM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 05:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\agp440.sys : 42,368 : 04/13/2008 11:06 PM : 08fd04aa961bdc77fb983f328334e3d7 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys : 42,368 : 08/04/2004 05:07 AM : 2c428fa0c3e3a01ed93c9b2a27d8d4bb [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\agp440.sys : 42,368 : 04/13/2008 11:06 PM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\amdk6.sys : 37,376 : 04/13/2008 11:01 PM : d7701d7e72243286cc88c9973d891057 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys : 36,992 : 08/03/2004 02:59 PM : dad16a9d5c873e7219e6b43802ed316a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\amdk6.sys : 37,376 : 04/13/2008 11:01 PM : d7701d7e72243286cc88c9973d891057 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\amdk7.sys : 37,760 : 04/13/2008 11:01 PM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys : 37,376 : 08/03/2004 02:59 PM : 680ad1c1bb16239e28d8f33a54a7a3c7 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\amdk7.sys : 37,760 : 04/13/2008 11:01 PM : 8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\arp1394.sys : 60,800 : 04/13/2008 11:21 PM : b5b8a80875c1dededa8b02765642c32f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys : 60,800 : 08/03/2004 02:58 PM : f0d692b0bffb46e30eb3cea168bbc49f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\arp1394.sys : 60,800 : 04/13/2008 11:21 PM : b5b8a80875c1dededa8b02765642c32f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\asyncmac.sys : 14,336 : 04/13/2008 11:27 PM : b153affac761e7f5fcfa822b9c4e97bc [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys : 14,336 : 08/04/2004 11:00 AM : 02000abf34af4c218c35d257024807d6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys : 14,336 : 04/13/2008 11:27 PM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\atapi.sys : 96,512 : 04/13/2008 11:10 PM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : 95,360 : 08/04/2004 11:00 AM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\atapi.sys : 96,512 : 04/13/2008 11:10 PM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\audstub.sys : 3,072 : 08/17/2001 05:59 AM : d9f724aa26c010a217c97606b160ed68 [NoSig]
 
 * C:\WINDOWS\System32\drivers\beep.sys : 4,224 : 08/04/2004 11:00 AM : da1f27d85e0d1525f6621372e7b685e9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 08/04/2004 11:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bridge.sys : 71,552 : 04/13/2008 11:23 PM : f934d1b230f84e1d19dd00ac5a7a83ed [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\bridge.sys : 71,552 : 08/04/2004 11:00 AM : e4e6a0922e3d983728c9ad4e8d466954 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\bridge.sys : 71,552 : 04/13/2008 11:23 PM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bthport.sys : 272,128 : 06/13/2008 03:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 03:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys : 273,024 : 04/13/2008 11:16 PM : 10b85171b90c449f8da71c2640b797e9 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 03:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\bthport.sys : 273,024 : 04/13/2008 11:16 PM : 10b85171b90c449f8da71c2640b797e9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 03:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cbidf2k.sys : 13,952 : 08/04/2004 11:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cbidf2k.sys : 13,952 : 08/04/2004 11:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdaudio.sys : 18,688 : 08/17/2001 05:52 AM : c1b486a7658353d33a10cc15211a873b [NoSig]
 
 * C:\WINDOWS\System32\drivers\cdfs.sys : 63,744 : 04/13/2008 11:44 PM : c885b02847f5d2fd45a24e219ed93b32 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys : 63,744 : 08/04/2004 11:00 AM : cd7d5152df32b47f4e36f710b35aae02 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\cdfs.sys : 63,744 : 04/13/2008 11:44 PM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdrom.sys : 62,976 : 04/13/2008 11:10 PM : 1f4260cc5b42272d71f79e570a27a4fe [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys : 49,536 : 08/04/2004 11:00 AM : af9c19b3100fe010496b1a27181fbf72 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\cdrom.sys : 62,976 : 04/13/2008 11:10 PM : 1f4260cc5b42272d71f79e570a27a4fe [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\classpnp.sys : 49,536 : 04/13/2008 11:46 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys : 49,664 : 08/04/2004 11:00 AM : d86173b401470f06d9810f7962969ddf [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\classpnp.sys : 49,536 : 04/13/2008 11:46 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cpqdap01.sys : 11,776 : 08/17/2001 05:24 AM : 9624293e55ad405415862b504ca95b73 [NoSig]
 
 * C:\WINDOWS\System32\drivers\crusoe.sys : 36,736 : 04/13/2008 11:01 PM : f50d9bdbb25cce075e514dc07472a22f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys : 36,480 : 08/03/2004 02:59 PM : 6af1684ccaac3f7ef4ee9ba65eb0677a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\crusoe.sys : 36,736 : 04/13/2008 11:01 PM : f50d9bdbb25cce075e514dc07472a22f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\diskdump.sys : 14,208 : 04/13/2008 11:10 PM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys : 14,208 : 08/04/2004 11:00 AM : d16c81677a9be399c63cd2ea486472a5 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\diskdump.sys : 14,208 : 04/13/2008 11:10 PM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\disk.sys : 36,352 : 04/13/2008 11:10 PM : 044452051f3e02e7963599fc8f4f3e25 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\disk.sys : 36,352 : 08/04/2004 11:00 AM : 00ca44e4534865f8a3b64f7c0984bff0 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\disk.sys : 36,352 : 04/13/2008 11:10 PM : 044452051f3e02e7963599fc8f4f3e25 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmboot.sys : 799,744 : 04/13/2008 11:14 PM : d992fe1274bde0f84ad826acae022a41 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys : 799,744 : 08/04/2004 11:00 AM : c0fbb516e06e243f0cf31f597e7ebf7d [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dmboot.sys : 799,744 : 04/13/2008 11:14 PM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmio.sys : 153,344 : 04/13/2008 11:14 PM : 7c824cf7bbde77d95c08005717a95f6f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dmio.sys : 153,344 : 08/04/2004 11:00 AM : f5e7b358a732d09f4bcf2824b88b9e28 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dmio.sys : 153,344 : 04/13/2008 11:14 PM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmload.sys : 5,888 : 08/04/2004 11:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 08/04/2004 11:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\DMusic.sys : 52,864 : 04/13/2008 11:15 PM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys : 52,864 : 08/03/2004 11:07 PM : a6f881284ac1150e37d9ae47ff601267 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dmusic.sys : 52,864 : 04/13/2008 11:15 PM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmkaud.sys : 2,944 : 04/13/2008 11:15 PM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys : 2,944 : 08/03/2004 11:07 PM : 1ed4dbbae9f5d558dbba4cc450e3eb2e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys : 2,944 : 04/13/2008 11:15 PM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmk.sys : 60,160 : 04/13/2008 11:15 PM : 6cb08593487f5701d2d2254e693eafce [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\drmk.sys : 60,288 : 08/03/2004 11:08 PM : ff86422268de771d571e123eb7092c6a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\drmk.sys : 60,160 : 04/13/2008 11:15 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxapi.sys : 10,496 : 08/04/2004 11:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 08/04/2004 11:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxg.sys : 71,168 : 04/13/2008 11:08 PM : ac7280566a7bb85cb3291f04ddc1198e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\dxg.sys : 71,040 : 08/04/2004 11:00 AM : d3dac8432110aad0b02a58b4459ab835 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dxg.sys : 71,168 : 04/13/2008 11:08 PM : ac7280566a7bb85cb3291f04ddc1198e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxgthk.sys : 3,328 : 08/04/2004 11:00 AM : a73f5d6705b1d820c19b18782e176efd [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 08/04/2004 11:00 AM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fastfat.sys : 143,744 : 04/13/2008 11:44 PM : 38d332a6d56af32635675f132548343e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys : 143,360 : 08/04/2004 11:00 AM : 3117f595e9615e04f05a54fc15a03b20 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\fastfat.sys : 143,744 : 04/13/2008 11:44 PM : 38d332a6d56af32635675f132548343e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fdc.sys : 27,392 : 04/13/2008 11:10 PM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\fdc.sys : 27,392 : 08/04/2004 11:00 AM : ced2e8396a8838e59d8fd529c680e02c [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\fdc.sys : 27,392 : 04/13/2008 11:10 PM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fips.sys : 44,544 : 04/13/2008 11:03 PM : d45926117eb9fa946a6af572fbe1caa3 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\fips.sys : 34,944 : 08/04/2004 11:00 AM : e153ab8a11de5452bcf5ac7652dbf3ed [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\fips.sys : 44,544 : 04/13/2008 11:03 PM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\flpydisk.sys : 20,480 : 04/13/2008 11:10 PM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys : 20,480 : 08/04/2004 11:00 AM : 0dd1de43115b93f4d85e889d7a86f548 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys : 20,480 : 04/13/2008 11:10 PM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fltMgr.sys : 129,792 : 04/13/2008 11:03 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys : 124,800 : 08/04/2004 11:00 AM : 157754f0df355a9e0a6f54721914f9c6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys : 129,792 : 04/13/2008 11:03 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fs_rec.sys : 7,936 : 08/04/2004 11:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 08/04/2004 11:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fsvga.sys : 12,160 : 08/17/2001 05:57 AM : 455f778ee14368468560bd7cb8c854d0 [NoSig]
 
 * C:\WINDOWS\System32\drivers\ftdisk.sys : 125,056 : 08/04/2004 11:00 AM : 6ac26732762483366c3969c9e4d2259d [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ftdisk.sys : 125,056 : 08/04/2004 11:00 AM : 6ac26732762483366c3969c9e4d2259d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidclass.sys : 36,864 : 04/13/2008 11:15 PM : 1af592532532a402ed7c060f6954004f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys : 36,224 : 08/04/2004 11:00 AM : 378055ab8dda86228683c697c4e11685 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\hidclass.sys : 36,864 : 04/13/2008 11:15 PM : 1af592532532a402ed7c060f6954004f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidparse.sys : 25,088 : 07/02/2013 06:12 PM : c569ef030b11f896e123a30ac92678db [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys : 24,960 : 08/04/2004 11:00 AM : 5fff41cd5108e9051d255c37825af697 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2862335$\hidparse.sys : 24,960 : 04/13/2008 11:15 PM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\hidparse.sys : 25,088 : 07/02/2013 06:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\hidparse.sys : 24,960 : 04/13/2008 11:15 PM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\hidparse.sys : 25,088 : 07/02/2013 06:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidusb.sys : 10,368 : 04/13/2008 11:15 PM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\hidusb.sys : 9,600 : 08/17/2001 02:02 PM : 1de6783b918f540149aa69943bdfeba8 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\hidusb.sys : 10,368 : 04/13/2008 11:15 PM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\http.sys : 265,728 : 10/20/2009 08:20 AM : f80a415ef82cd06ffaf0d971528ead38 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/20/2009 07:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\http.sys : 263,040 : 08/04/2004 11:00 AM : c19b522a9ae0bbc3293397f3055e80a1 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB970430$\http.sys : 264,832 : 04/13/2008 11:23 PM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 08:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\http.sys : 264,832 : 04/13/2008 11:23 PM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 08:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\i8042prt.sys : 52,480 : 04/13/2008 11:48 PM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys : 52,736 : 08/04/2004 11:00 AM : 5502b58eef7486ee6f93f3f164dcb808 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys : 52,480 : 04/13/2008 11:48 PM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\imapi.sys : 42,112 : 04/13/2008 11:11 PM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\imapi.sys : 41,856 : 08/04/2004 11:00 AM : f8aa320c6a0409c0380e5d8a99d76ec6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\imapi.sys : 42,112 : 04/13/2008 11:11 PM : 083a052659f5310dd8b6a6cb05edcf8e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelide.sys : 5,504 : 04/13/2008 11:10 PM : b5466a9250342a7aa0cd1fba13420678 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\intelide.sys : 5,504 : 08/04/2004 11:00 AM : 2d722b2b54ab55b2fa475eb58d7b2aad [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\intelide.sys : 5,504 : 04/13/2008 11:10 PM : b5466a9250342a7aa0cd1fba13420678 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelppm.sys : 36,352 : 04/13/2008 11:01 PM : 8c953733d8f36eb2133f5bb58808b66b [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\intelppm.sys : 36,096 : 08/04/2004 11:00 AM : 279fb78702454dff2bb445f238c048d2 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\intelppm.sys : 36,352 : 04/13/2008 11:01 PM : 8c953733d8f36eb2133f5bb58808b66b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ip6fw.sys : 36,608 : 04/13/2008 11:23 PM : 3bb22519a194418d5fec05d800a19ad0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys : 29,056 : 08/04/2004 11:00 AM : 4448006b6bc60e6c027932cfc38d6855 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys : 36,608 : 04/13/2008 11:23 PM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipfltdrv.sys : 32,896 : 08/04/2004 11:00 AM : 731f22ba402ee4b62748adaf6363c182 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 08/04/2004 11:00 AM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipinip.sys : 20,864 : 04/13/2008 11:27 PM : b87ab476dcf76e72010632b5550955f5 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys : 20,992 : 08/04/2004 11:00 AM : e1ec7f5da720b640cd8fb8424f1b14bb [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipinip.sys : 20,864 : 04/13/2008 11:27 PM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipnat.sys : 152,832 : 04/13/2008 11:27 PM : cc748ea12c6effde940ee98098bf96bb [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys : 134,912 : 08/04/2004 11:00 AM : b5a8e215ac29d24d60b4d1250ef05ace [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipnat.sys : 152,832 : 04/13/2008 11:27 PM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipsec.sys : 75,264 : 04/13/2008 11:49 PM : 23c74d75e36e7158768dd63d92789a91 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys : 74,752 : 08/04/2004 11:00 AM : 64537aa5c003a6afeee1df819062d0d1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipsec.sys : 75,264 : 04/13/2008 11:49 PM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\irenum.sys : 11,264 : 04/13/2008 11:24 PM : c93c9ff7b04d772627a3646d89f7bf89 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\irenum.sys : 11,264 : 08/04/2004 11:00 AM : 50708daa1b1cbb7d6ac1cf8f56a24410 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\irenum.sys : 11,264 : 04/13/2008 11:24 PM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\isapnp.sys : 37,248 : 04/13/2008 11:06 PM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys : 35,840 : 08/17/2001 01:58 PM : e504f706ccb699c2596e9a3da1596e87 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\isapnp.sys : 37,248 : 04/13/2008 11:06 PM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\isapnp.sys : 35,840 : 08/04/2004 11:00 AM : e504f706ccb699c2596e9a3da1596e87 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\kbdclass.sys : 24,576 : 04/13/2008 11:09 PM : 463c1ec80cd17420a542b7f36a36f128 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys : 24,576 : 08/04/2004 11:00 AM : ebdee8a2ee5393890a1acee971c4c246 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys : 24,576 : 04/13/2008 11:09 PM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 04/13/2008 11:15 PM : 692bcf44383d056aed41b045a323d378 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys : 171,776 : 08/03/2004 11:07 PM : d93cad07c5683db066b0b2d2d3790ead [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\kmixer.sys : 172,416 : 04/13/2008 11:15 PM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 03:18 AM : b467646c54cc746128904e1654c750c1 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 02:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys : 92,032 : 08/04/2004 11:00 AM : eb7ffe87fd367ea8fca0506f74a87fbb [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB968389$\ksecdd.sys : 92,288 : 04/13/2008 11:01 PM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
 +-> C:\WINDOWS\I386\KSECDD.SYS : 92,032 : 08/04/2004 11:00 AM : eb7ffe87fd367ea8fca0506f74a87fbb [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ksecdd.sys : 92,288 : 04/13/2008 11:01 PM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 03:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ks.sys : 141,056 : 04/13/2008 11:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ks.sys : 140,928 : 08/03/2004 11:15 PM : b9540e258f952650de8dec68719a5c97 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ks.sys : 141,056 : 04/13/2008 11:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mcd.sys : 7,680 : 08/04/2004 11:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 08/04/2004 11:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mf.sys : 63,744 : 04/13/2008 11:06 PM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mf.sys : 63,744 : 08/03/2004 03:07 PM : 729d83e56c29c510258a6e9e79ffddc3 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mf.sys : 63,744 : 04/13/2008 11:06 PM : a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mnmdd.sys : 4,224 : 08/04/2004 11:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 08/04/2004 11:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\modem.sys : 30,080 : 04/13/2008 11:30 PM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\modem.sys : 30,080 : 08/03/2004 03:08 PM : 6fc6f9d7acc36dca9b914565a3aeda05 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\modem.sys : 30,080 : 04/13/2008 11:30 PM : dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mouclass.sys : 23,040 : 04/13/2008 11:09 PM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys : 23,040 : 08/03/2004 02:58 PM : 34e1f0031153e491910e12551400192c [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mouclass.sys : 23,040 : 04/13/2008 11:09 PM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mouhid.sys : 12,160 : 08/17/2001 01:48 PM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig]
 
 * C:\WINDOWS\System32\drivers\mountmgr.sys : 42,368 : 04/13/2008 11:09 PM : a80b9a0bad1b73637dbcbba7df72d3fd [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys : 42,240 : 08/04/2004 11:00 AM : 65653f3b4477f3c63e68a9659f85ee2e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys : 42,368 : 04/13/2008 11:09 PM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxdav.sys : 180,608 : 04/13/2008 11:02 PM : 11d42bb6206f33fbb3ba0288d3ef81bd [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys : 181,248 : 08/04/2004 11:00 AM : 46edcc8f2db2f322c24f48785cb46366 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mrxdav.sys : 180,608 : 04/13/2008 11:02 PM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxsmb.sys : 456,320 : 07/15/2011 05:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/15/2011 05:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys : 451,584 : 01/18/2005 07:51 PM : 7b195060ff456fa65954c72c5c1640ff [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys : 448,128 : 10/27/2004 05:15 PM : a1be3cb080dcc0a8270d21e3ca3b7005 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys : 451,584 : 01/18/2005 08:26 PM : 5ddc9a1b2eb5a4bf010ce8c019a18c1f [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys : 456,576 : 04/13/2008 11:47 PM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 05:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys : 456,576 : 04/13/2008 11:47 PM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 05:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\msfs.sys : 19,072 : 04/13/2008 11:02 PM : c941ea2454ba8350021d774daf0f1027 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\msfs.sys : 19,072 : 08/04/2004 11:00 AM : 561b3a4333ca2dbdba28b5b956822519 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\msfs.sys : 19,072 : 04/13/2008 11:02 PM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\msgpc.sys : 35,072 : 04/13/2008 11:26 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\msgpc.sys : 35,072 : 08/04/2004 11:00 AM : c0f1d4a21de5a415df8170616703debf [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\msgpc.sys : 35,072 : 04/13/2008 11:26 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSKSSRV.sys : 7,552 : 04/13/2008 11:09 PM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys : 7,552 : 08/03/2004 10:58 PM : ae431a8dd3c1d0d0610cdbac16057ad0 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys : 7,552 : 04/13/2008 11:09 PM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 5,376 : 04/13/2008 11:09 PM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mspclock.sys : 5,376 : 08/03/2004 10:58 PM : 13e75fef9dfeb08eeded9d0246e1f448 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mspclock.sys : 5,376 : 04/13/2008 11:09 PM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSPQM.sys : 4,992 : 04/13/2008 11:09 PM : bad59648ba099da4a17680b39730cb3d [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mspqm.sys : 4,992 : 08/03/2004 10:58 PM : 1988a33ff19242576c3d0ef9ce785da7 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mspqm.sys : 4,992 : 04/13/2008 11:09 PM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mssmbios.sys : 15,488 : 04/13/2008 11:06 PM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mssmbios.sys : 15,488 : 08/03/2004 03:07 PM : 469541f8bfd2b32659d5d463a6714bce [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys : 15,488 : 04/13/2008 11:06 PM : af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mup.sys : 105,472 : 04/21/2011 05:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/21/2011 05:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mup.sys : 107,904 : 08/04/2004 11:00 AM : 82035e0f41c2dd05ae41d27fe6cf7de1 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2535512$\mup.sys : 105,344 : 04/13/2008 11:47 PM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mup.sys : 105,344 : 04/13/2008 11:47 PM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 05:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndis.sys : 182,656 : 04/13/2008 11:50 PM : 1df7f42665c94b825322fae71721130d [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ndis.sys : 182,912 : 08/04/2004 11:00 AM : 558635d3af1c7546d26067d5d9b6959e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndis.sys : 182,656 : 04/13/2008 11:50 PM : 1df7f42665c94b825322fae71721130d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndistapi.sys : 10,496 : 07/08/2011 06:02 AM : 0109c4f3850dfbab279542515386ae22 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/08/2011 05:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ndistapi.sys : 9,600 : 08/04/2004 11:00 AM : 08d43bbdacdf23f34d79e44ed35c1b4c [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2566454$\ndistapi.sys : 10,112 : 04/13/2008 11:27 PM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndistapi.sys : 10,112 : 04/13/2008 11:27 PM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 06:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndisuio.sys : 14,592 : 04/13/2008 11:26 PM : f927a4434c5028758a842943ef1a3849 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys : 12,928 : 08/03/2004 03:03 PM : 34d6cd56409da9a7ed573e1c90a308bf [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys : 14,592 : 04/13/2008 11:26 PM : f927a4434c5028758a842943ef1a3849 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndiswan.sys : 91,520 : 04/13/2008 11:50 PM : edc1531a49c80614b2cfda43ca8659ab [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ndiswan.sys : 91,776 : 08/04/2004 11:00 AM : 0b90e255a9490166ab368cd55a529893 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys : 91,520 : 04/13/2008 11:50 PM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndproxy.sys : 40,960 : 11/27/2013 12:21 AM : 2f597bb467e05b1fe3830eabd821b8e0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ndproxy.sys : 38,016 : 08/04/2004 11:00 AM : 59fc3fb44d2669bc144fd87826bb571f [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2914368$\ndproxy.sys : 40,576 : 04/13/2008 11:27 PM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys : 40,576 : 04/13/2008 11:27 PM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/27/2013 12:21 AM : 2f597bb467e05b1fe3830eabd821b8e0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\netbios.sys : 34,688 : 04/13/2008 11:26 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\netbios.sys : 34,560 : 08/04/2004 11:00 AM : 3a2aca8fc1d7786902ca434998d7ceb4 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\netbios.sys : 34,688 : 04/13/2008 11:26 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\netbt.sys : 162,816 : 04/13/2008 11:51 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\netbt.sys : 162,816 : 08/04/2004 11:00 AM : 0c80e410cd2f47134407ee7dd19cc86b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\netbt.sys : 162,816 : 04/13/2008 11:51 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nic1394.sys : 61,824 : 04/13/2008 11:21 PM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys : 61,824 : 08/03/2004 02:58 PM : 5c5c53db4fef16cf87b9911c7e8c6fbc [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\nic1394.sys : 61,824 : 04/13/2008 11:21 PM : e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nikedrv.sys : 12,032 : 08/17/2001 05:24 AM : be984d604d91c217355cdd3737aad25d [NoSig]
 
 * C:\WINDOWS\System32\drivers\nmnt.sys : 40,320 : 04/13/2008 11:23 PM : 1e421a6bcf2203cc61b821ada9de878b [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\nmnt.sys : 40,320 : 08/04/2004 11:00 AM : 60cf8c7192b3614f240838ddbaa4a245 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\nmnt.sys : 40,320 : 04/13/2008 11:23 PM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\npfs.sys : 30,848 : 04/13/2008 11:02 PM : 3182d64ae053d6fb034f44b6def8034a [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\npfs.sys : 30,848 : 08/04/2004 11:00 AM : 4f601bcb8f64ea3ac0994f98fed03f8e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\npfs.sys : 30,848 : 04/13/2008 11:02 PM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 04/13/2008 11:45 PM : 78a08dd6a8d65e697c18e1db01c5cdca [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys : 574,592 : 08/04/2004 11:00 AM : b78be402c3f63dd55521f73876951cdd [Pos Repl]
 +-> C:\WINDOWS\I386\NTFS.SYS : 574,592 : 08/04/2004 11:00 AM : b78be402c3f63dd55521f73876951cdd [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ntfs.sys : 574,976 : 04/13/2008 11:45 PM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\null.sys : 2,944 : 08/04/2004 11:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig]
 +-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 08/04/2004 11:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkflt.sys : 12,416 : 08/04/2004 11:00 AM : b305f3fad35083837ef46a0bbce2fc57 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 08/04/2004 11:00 AM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkfwd.sys : 32,512 : 08/04/2004 11:00 AM : c99b3415198d1aab7227f2c88fd664b9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 08/04/2004 11:00 AM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkipx.sys : 88,320 : 04/13/2008 11:26 PM : 8b8b1be2dba4025da6786c645f77f123 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\nwlnkipx.sys : 88,448 : 08/04/2004 11:00 AM : 79ea3fcda7067977625b3363a2657c80 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys : 88,320 : 04/13/2008 11:26 PM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnknb.sys : 63,232 : 08/04/2004 11:00 AM : 56d34a67c05e94e16377c60609741ff8 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 08/04/2004 11:00 AM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkspx.sys : 55,936 : 08/04/2004 11:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 08/04/2004 11:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\oprghdlr.sys : 3,456 : 08/04/2004 11:00 AM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig]
 
 * C:\WINDOWS\System32\drivers\p3.sys : 42,752 : 04/13/2008 11:01 PM : c90018bafdc7098619a4a95b046b30f3 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\p3.sys : 42,496 : 08/03/2004 02:59 PM : 3e16eff2a6fed2d8d7f5a66dfe65d183 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\p3.sys : 42,752 : 04/13/2008 11:01 PM : c90018bafdc7098619a4a95b046b30f3 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parport.sys : 80,128 : 04/13/2008 11:10 PM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\parport.sys : 80,128 : 08/03/2004 02:59 PM : 29744eb4ce659dfe3b4122deb45bc478 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\parport.sys : 80,128 : 04/13/2008 11:10 PM : 5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\partmgr.sys : 19,712 : 04/13/2008 11:10 PM : beb3ba25197665d82ec7065b724171c6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\partmgr.sys : 18,688 : 08/04/2004 11:00 AM : 3334430c29dc338092f79c38ef7b4cd0 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\partmgr.sys : 19,712 : 04/13/2008 11:10 PM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parvdm.sys : 6,784 : 08/04/2004 11:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 08/04/2004 11:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pciidex.sys : 24,960 : 04/13/2008 11:10 PM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys : 25,088 : 08/04/2004 11:00 AM : 520b91ab011456b940d9b05fc91108ff [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\pciidex.sys : 24,960 : 04/13/2008 11:10 PM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pci.sys : 68,224 : 04/13/2008 11:06 PM : a219903ccf74233761d92bef471a07b1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\pci.sys : 68,224 : 08/04/2004 11:00 AM : 8086d9979234b603ad5bc2f5d890b234 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\pci.sys : 68,224 : 04/13/2008 11:06 PM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pcmcia.sys : 120,192 : 04/13/2008 11:06 PM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\pcmcia.sys : 119,936 : 08/04/2004 11:00 AM : 82a087207decec8456fbe8537947d579 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys : 120,192 : 04/13/2008 11:06 PM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\portcls.sys : 146,048 : 04/13/2008 11:49 PM : e82a496c3961efc6828b508c310ce98f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\portcls.sys : 145,792 : 08/03/2004 11:15 PM : 5b0f00e43a7094c0b7e433cb42c79164 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\portcls.sys : 146,048 : 04/13/2008 11:49 PM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\processr.sys : 35,840 : 04/13/2008 11:01 PM : a32bebaf723557681bfc6bd93e98bd26 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\processr.sys : 35,328 : 08/03/2004 02:59 PM : 0d97d88720a4087ec93af7dbb303b30a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\processr.sys : 35,840 : 04/13/2008 11:01 PM : a32bebaf723557681bfc6bd93e98bd26 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\processr.sys : 35,328 : 08/03/2004 02:59 PM : 0d97d88720a4087ec93af7dbb303b30a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\psched.sys : 69,120 : 04/13/2008 11:26 PM : 09298ec810b07e5d582cb3a3f9255424 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\psched.sys : 69,120 : 08/04/2004 11:00 AM : 48671f327553dcf1d27f6197f622a668 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\psched.sys : 69,120 : 04/13/2008 11:26 PM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ptilink.sys : 17,792 : 08/04/2004 11:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 08/04/2004 11:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasacd.sys : 8,832 : 08/04/2004 11:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 08/04/2004 11:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasl2tp.sys : 51,328 : 04/13/2008 11:49 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys : 51,328 : 08/04/2004 11:00 AM : 98faeb4a4dcf812ba1c6fca4aa3e115c [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys : 51,328 : 04/13/2008 11:49 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspppoe.sys : 41,472 : 04/13/2008 11:27 PM : 5bc962f2654137c9909c3d4603587dee [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys : 41,472 : 08/04/2004 11:00 AM : 7306eeed8895454cbed4669be9f79faa [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\raspppoe.sys : 41,472 : 04/13/2008 11:27 PM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspptp.sys : 48,384 : 04/13/2008 11:49 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys : 48,384 : 08/04/2004 11:00 AM : 1c5cc65aac0783c344f16353e60b72ac [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\raspptp.sys : 48,384 : 04/13/2008 11:49 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspti.sys : 16,512 : 08/04/2004 11:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 08/04/2004 11:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rawwan.sys : 34,432 : 08/04/2004 11:00 AM : 01524cd237223b18adbb48f70083f101 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 08/04/2004 11:00 AM : 01524cd237223b18adbb48f70083f101 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdbss.sys : 175,744 : 04/13/2008 11:58 PM : 7ad224ad1a1437fe28d89cf22b17780a [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys : 174,592 : 10/27/2004 05:14 PM : d0fef8156d2d2fec557c100956d76887 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys : 174,592 : 10/27/2004 05:13 PM : 809ca45caa9072b3176ad44579d7f688 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rdbss.sys : 175,744 : 04/13/2008 11:58 PM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpcdd.sys : 4,224 : 08/04/2004 11:00 AM : 4912d5b403614ce99c28420f75353332 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 08/04/2004 11:00 AM : 4912d5b403614ce99c28420f75353332 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpdr.sys : 196,224 : 04/13/2008 11:02 PM : 15cabd0f7c00c47c70124907916af3f1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys : 196,864 : 08/03/2004 03:01 PM : a2cae2c60bc37e0751ef9dda7ceaf4ad [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys : 196,224 : 04/13/2008 11:02 PM : 15cabd0f7c00c47c70124907916af3f1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpwd.sys : 139,784 : 07/04/2012 06:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2723135-v2\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 05:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys : 139,400 : 08/04/2004 11:00 AM : d4f5643d7714ef499ae9527fdcd50894 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2723135-v2$\rdpwd.sys : 139,656 : 04/14/2008 04:43 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys : 139,656 : 04/14/2008 04:43 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/04/2012 06:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\redbook.sys : 57,600 : 04/13/2008 11:10 PM : f828dd7e1419b6653894a8f97a0094c5 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\redbook.sys : 57,472 : 08/03/2004 02:59 PM : b31b4588e4086d8d84adbf9845c2402b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\redbook.sys : 57,600 : 04/13/2008 11:10 PM : f828dd7e1419b6653894a8f97a0094c5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rmcast.sys : 203,136 : 05/08/2008 06:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/08/2008 05:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rmcast.sys : 200,064 : 08/04/2004 11:00 AM : 35e81b908ae4e97fc7bdf4607c516ff4 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys : 202,624 : 04/13/2008 11:25 PM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rmcast.sys : 202,624 : 04/13/2008 11:25 PM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 06:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rndismp.sys : 30,592 : 04/13/2008 11:26 PM : 601844cbcf617ff8c868130ca5b2039d [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys : 30,080 : 08/04/2004 11:00 AM : 7ce8b277f3207ea82d7d22ad348befc6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\rndismp.sys : 30,592 : 04/13/2008 11:26 PM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rootmdm.sys : 5,888 : 08/04/2004 11:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 08/04/2004 11:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\scsiport.sys : 96,384 : 04/13/2008 11:10 PM : 76c465f570e90c28942d52ccb2580a10 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys : 96,256 : 08/04/2004 11:00 AM : d7fd0ff761e28ac0ea35ad71e0cd67e9 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\scsiport.sys : 96,384 : 04/13/2008 11:10 PM : 76c465f570e90c28942d52ccb2580a10 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sdbus.sys : 79,232 : 04/13/2008 11:06 PM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sdbus.sys : 67,584 : 08/04/2004 11:00 AM : 02fc71b020ec8700ee8a46c58bc6f276 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sdbus.sys : 79,232 : 04/13/2008 11:06 PM : 8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serenum.sys : 15,744 : 04/13/2008 11:10 PM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\serenum.sys : 15,488 : 08/04/2004 11:00 AM : a2d868aeeff612e70e213c451a70cafb [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\serenum.sys : 15,744 : 04/13/2008 11:10 PM : 0f29512ccd6bead730039fb4bd2c85ce [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serial.sys : 64,512 : 04/13/2008 11:45 PM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\serial.sys : 64,896 : 08/04/2004 11:00 AM : cd9404d115a00d249f70a371b46d5a26 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\serial.sys : 64,512 : 04/13/2008 11:45 PM : cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sffdisk.sys : 11,904 : 04/13/2008 11:10 PM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sffdisk.sys : 11,136 : 08/04/2004 11:00 AM : 1d9f1bec651815741f088a8fb88e17ee [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sffdisk.sys : 11,904 : 04/13/2008 11:10 PM : 0fa803c64df0914b41f807ea276bf2a6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sffp_sd.sys : 11,008 : 04/13/2008 11:10 PM : c17c331e435ed8737525c86a7557b3ac [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sffp_sd.sys : 10,240 : 08/04/2004 11:00 AM : 586499fd312ffd7f78553f408e71682e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sffp_sd.sys : 11,008 : 04/13/2008 11:10 PM : c17c331e435ed8737525c86a7557b3ac [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sfloppy.sys : 11,392 : 04/13/2008 11:10 PM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys : 11,392 : 08/04/2004 11:00 AM : 0d13b6df6e9e101013a7afb0ce629fe0 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys : 11,392 : 04/13/2008 11:10 PM : 8e6b8c671615d126fdc553d1e2de5562 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\smclib.sys : 14,592 : 08/04/2004 11:00 AM : 017daecf0ed3aa731313433601ec40fa [NoSig]
 +-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 08/04/2004 11:00 AM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sonydcam.sys : 25,344 : 04/13/2008 11:16 PM : 489703624dac94ed943c2abda022a1cd [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys : 25,472 : 08/03/2004 03:09 PM : addc9e4757a68ab60562ad3cb9c288d6 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys : 25,344 : 04/13/2008 11:16 PM : 489703624dac94ed943c2abda022a1cd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 04/13/2008 11:15 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\splitter.sys : 6,400 : 08/03/2004 11:07 PM : 8e186b8f23295d1e42c573b82b80d548 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\splitter.sys : 6,272 : 04/13/2008 11:15 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sr.sys : 73,472 : 04/13/2008 11:06 PM : 76bb022c2fb6902fd5bdd4f78fc13a5d [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sr.sys : 73,472 : 08/04/2004 11:00 AM : e41b6d037d6cd08461470af04500dc24 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sr.sys : 73,472 : 04/13/2008 11:06 PM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\srv.sys : 357,888 : 02/17/2011 05:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/26/2010 05:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/17/2011 05:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\srv.sys : 332,544 : 05/09/2005 04:22 PM : 54e79b08d0abc9c551d0fe69cc2f87ec [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\srv.sys : 332,544 : 05/09/2005 04:17 PM : 553007ecce7f6565bbe645beb66d3b69 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2508429$\srv.sys : 334,848 : 04/13/2008 11:45 PM : 5252605079810904e31c332e241cd59b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\srv.sys : 334,848 : 04/13/2008 11:45 PM : 5252605079810904e31c332e241cd59b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 05:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\stream.sys : 49,408 : 04/13/2008 11:15 PM : 3e5d89099ded9e86e5639f411693218f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\stream.sys : 48,640 : 08/03/2004 11:08 PM : c43356072eb3e88cd62958db10cead47 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\stream.sys : 49,408 : 04/13/2008 11:15 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\swenum.sys : 4,352 : 04/13/2008 11:09 PM : 3941d127aef12e93addf6fe6ee027e0f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\swenum.sys : 4,352 : 08/03/2004 02:58 PM : 03c1bae4766e2450219d20b993d6e046 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\swenum.sys : 4,352 : 04/13/2008 11:09 PM : 3941d127aef12e93addf6fe6ee027e0f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\swmidi.sys : 56,576 : 04/13/2008 11:15 PM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys : 54,272 : 08/17/2001 02:00 PM : 94abc808fc4b6d7d2bbf42b85e25bb4d [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\swmidi.sys : 56,576 : 04/13/2008 11:15 PM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sysaudio.sys : 60,800 : 04/13/2008 11:45 PM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys : 60,800 : 08/03/2004 11:15 PM : 650ad082d46bac0e64c9c0e0928492fd [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys : 60,800 : 04/13/2008 11:45 PM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tape.sys : 14,976 : 04/13/2008 11:10 PM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tape.sys : 14,976 : 08/04/2004 11:00 AM : a2a9ca0d1a9ac1ff54220aa0789fe5cf [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tape.sys : 14,976 : 04/13/2008 11:10 PM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tcpip6.sys : 226,880 : 02/11/2010 04:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 03:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 03:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys : 223,616 : 08/04/2004 11:00 AM : 4d58bb1ae8841aafd8790ad7e1e3b8ea [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB978338$\tcpip6.sys : 225,664 : 04/13/2008 11:30 PM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tcpip6.sys : 225,664 : 04/13/2008 11:30 PM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 04:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]
 
 * C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 03:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 03:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys : 359,936 : 03/13/2005 05:17 PM : 6129e70f3d2f1e60860c930ebeaf92c2 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 359,808 : 05/25/2005 11:04 AM : 88763a98a4c26c409741b4aa162720c9 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys : 361,344 : 04/13/2008 11:50 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/13/2008 11:50 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 03:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdi.sys : 19,072 : 04/13/2008 11:30 PM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tdi.sys : 18,560 : 08/04/2004 11:00 AM : 6891b74ab9a016064e82a419388d0601 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tdi.sys : 19,072 : 04/13/2008 11:30 PM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 04:43 AM : 6471a66807f5e104e4885f5b67349397 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys : 12,040 : 08/04/2004 11:00 AM : 38d437cf2d98965f239b0abcd66dcb0f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys : 12,040 : 04/14/2008 04:43 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdtcp.sys : 21,896 : 04/14/2008 04:43 AM : c56b6d0402371cf3700eb322ef3aaf61 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys : 21,896 : 08/04/2004 11:00 AM : ed0580af02502d00ad8c4c066b156be9 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys : 21,896 : 04/14/2008 04:43 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\termdd.sys : 40,840 : 04/14/2008 04:43 AM : 88155247177638048422893737429d9e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\termdd.sys : 40,840 : 08/03/2004 05:01 PM : a540a99c281d933f3d69d55e48727f47 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\termdd.sys : 40,840 : 04/14/2008 04:43 AM : 88155247177638048422893737429d9e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tosdvd.sys : 51,712 : 08/17/2001 06:01 AM : 699450901c5ccfd82357cbc531cedd23 [NoSig]
 
 * C:\WINDOWS\System32\drivers\tunmp.sys : 12,288 : 04/13/2008 11:26 PM : 8f861eda21c05857eb8197300a92501c [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tunmp.sys : 12,416 : 08/03/2004 03:03 PM : 87a0e9e18c10a9e454238e3330e2a26d [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tunmp.sys : 12,288 : 04/13/2008 11:26 PM : 8f861eda21c05857eb8197300a92501c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\udfs.sys : 66,048 : 04/13/2008 11:02 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\udfs.sys : 66,176 : 08/04/2004 11:00 AM : 12f70256f140cd7d52c58c7048fde657 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\udfs.sys : 66,048 : 04/13/2008 11:02 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\update.sys : 384,768 : 04/13/2008 11:09 PM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\update.sys : 209,408 : 08/04/2004 11:00 AM : aff2e5045961bbc0a602bb6f95eb1345 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\update.sys : 384,768 : 04/13/2008 11:09 PM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usb8023.sys : 12,928 : 02/11/2013 04:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/11/2013 04:43 PM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usb8023.sys : 12,672 : 08/04/2004 11:00 AM : af090265ec388bab320f1ff7e7a7d5ea [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2807986$\usb8023.sys : 12,800 : 04/13/2008 11:26 PM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usb8023.sys : 12,800 : 04/13/2008 11:26 PM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/11/2013 04:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbcamd2.sys : 25,728 : 04/13/2008 11:15 PM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbcamd2.sys : 23,936 : 08/17/2001 06:03 AM : 61018ba9df6b63e51d9753c980e73ec2 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbcamd2.sys : 25,728 : 04/13/2008 11:15 PM : ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbcamd.sys : 25,600 : 04/13/2008 11:15 PM : 1c1a47b40c23358245aa8d0443b6935e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbcamd.sys : 23,808 : 08/17/2001 06:03 AM : 2654eecc6fb13603ebddcd5c8ea943d1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbcamd.sys : 25,600 : 04/13/2008 11:15 PM : 1c1a47b40c23358245aa8d0443b6935e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbccgp.sys : 32,384 : 08/08/2013 04:55 PM : 1b611611c28d2df25bc057d79c6f13fc [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbccgp.sys : 31,616 : 08/03/2004 11:08 PM : bffd9f120cc63bcbaa3d840f3eef9f79 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2862330$\usbccgp.sys : 32,128 : 04/13/2008 11:15 PM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\usbccgp.sys : 32,384 : 08/08/2013 04:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbccgp.sys : 32,128 : 04/13/2008 11:15 PM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,384 : 08/08/2013 04:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbd.sys : 5,376 : 08/08/2013 04:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [NoSig]
 +-> C:\WINDOWS\$NtUninstallKB2862330$\usbd.sys : 4,736 : 08/04/2004 11:00 AM : 596eb39b50d6ebd9b734dc4ae0544693 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\usbd.sys : 5,376 : 08/08/2013 04:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbd.sys : 5,376 : 08/08/2013 04:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbehci.sys : 30,336 : 03/18/2009 03:02 AM : 4bac8df07f1d8434fc640e677a62204e [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbehci.sys : 26,624 : 08/03/2004 11:08 PM : 15e993ba2f6946b2bfbbfcd30398621e [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2862330$\usbehci.sys : 30,208 : 04/13/2008 11:15 PM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\usbehci.sys : 30,336 : 03/18/2009 03:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbehci.sys : 30,208 : 04/13/2008 11:15 PM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbehci.sys : 30,336 : 03/18/2009 03:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbhub.sys : 59,520 : 04/13/2008 11:15 PM : 1ab3cdde553b6e064d2e754efe20285c [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys : 57,600 : 08/04/2004 11:00 AM : c72f40947f92cea56a8fb532edf025f1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbhub.sys : 59,520 : 04/13/2008 11:15 PM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbintel.sys : 15,872 : 04/13/2008 11:15 PM : 290913dc4f1125e5a82de52579a44c43 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys : 16,000 : 08/03/2004 03:08 PM : 2853fd4c4489e0f8bfcf78efcdb7e998 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbintel.sys : 15,872 : 04/13/2008 11:15 PM : 290913dc4f1125e5a82de52579a44c43 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbport.sys : 144,128 : 08/08/2013 04:55 PM : 6df35ca139c3bc15cc74390abb114efe [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbport.sys : 142,976 : 08/04/2004 11:00 AM : 2034ca78f9c6e787b4b76d81ac888351 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2862330$\usbport.sys : 143,872 : 04/13/2008 11:15 PM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\usbport.sys : 144,128 : 08/08/2013 04:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbport.sys : 143,872 : 04/13/2008 11:15 PM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbport.sys : 144,128 : 08/08/2013 04:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\USBSTOR.sys : 26,368 : 04/13/2008 11:15 PM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys : 26,496 : 08/03/2004 11:08 PM : 6cd7b22193718f1d17a47a1cd6d37e75 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbstor.sys : 26,368 : 04/13/2008 11:15 PM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbuhci.sys : 20,608 : 04/13/2008 11:15 PM : 26496f9dee2d787fc3e61ad54821ffe6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys : 20,480 : 08/04/2004 11:00 AM : f8fd1400092e23c8f2f31406ef06167b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbuhci.sys : 20,608 : 04/13/2008 11:15 PM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\vga.sys : 20,992 : 04/13/2008 11:14 PM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\vga.sys : 20,992 : 08/04/2004 11:00 AM : 8a60edd72b4ea5aea8202daf0e427925 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\vga.sys : 20,992 : 04/13/2008 11:14 PM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\videoprt.sys : 81,664 : 04/13/2008 11:14 PM : e28726b72c46821a28830e077d39a55b [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\videoprt.sys : 79,744 : 08/04/2004 11:00 AM : d5a9d123f5ed7c9965a481bd20cf66d8 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\videoprt.sys : 81,664 : 04/13/2008 11:14 PM : e28726b72c46821a28830e077d39a55b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\volsnap.sys : 52,352 : 04/13/2008 11:11 PM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys : 52,352 : 08/04/2004 11:00 AM : ee4660083deba849ff6c485d944b379b [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\volsnap.sys : 52,352 : 04/13/2008 11:11 PM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wanarp.sys : 34,560 : 04/13/2008 11:27 PM : e20b95baedb550f32dd489265c1da1f6 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\wanarp.sys : 34,560 : 08/04/2004 11:00 AM : 984ef0b9788abf89974cfed4bfbaacbc [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wanarp.sys : 34,560 : 04/13/2008 11:27 PM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wdmaud.sys : 83,072 : 04/13/2008 11:47 PM : 6768acf64b18196494413695f0c3a00f [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\wdmaud.sys : 82,944 : 08/03/2004 11:15 PM : 2797f33ebf50466020c430ee4f037933 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys : 83,072 : 04/13/2008 11:47 PM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wmilib.sys : 4,352 : 08/04/2004 11:00 AM : 2f31b7f954bed437f2c75026c65caf7b [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 08/04/2004 11:00 AM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ws2ifsl.sys : 12,032 : 08/04/2004 11:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 08/04/2004 11:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/19/2014 12:42:00 PM
Execution time: 0 hours(s), 5 minute(s), and 16 seconds(s)
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 24 November 2014 - 05:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556854 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 25 November 2014 - 05:17 AM

EDIT: Edited in the original problem.

 

Hello,

 

I realize that the reply above me was produced and given by a bot program, but I feel I need to thank the creator for said program. Thanks - I was starting to worry I may not receive a reply at all. :)

 

My Problem:

 

"Recently, I ran rkill.exe as part of a maintenance regimen for my computer, and it came back with some odd results. (i.e. missing digital signatures, and "possibly patched files")"

 

 

Steps I have taken since topic posting:

 

1) System Restore - 1 Week - No Change

 

2) RegistryFix - System Speed-Up, w/ no change to current problem.

 

3) RougeKiller (Adlice) - Under "Rootkit", several "Unknown" specifications were found. If needed, I can repeat the process, and provide a log. 

 

 

***LOG -- DDS***

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.25.2
Run by William at 2:10:20 on 2014-11-25
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.684 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [HostManager] c:\program files\common files\aol\1387496435\ee\AOLHostManager.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Exploit] c:\program files\malwarebytes anti-exploit\mbae.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\william\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\2wirew~1.lnk - c:\program files\2wire 802.11g wireless\PRISMCFG.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1408497212272
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{15A83DBB-B148-4066-9788-13E99A939104} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56A9897A-5A82-485B-9D91-BABECDD89684} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.65\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\william\application data\mozilla\firefox\profiles\ew0i7tqw.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2014-6-20 576048]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2014-10-10 47896]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2014-6-20 93624]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2014-10-11 9216]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-9-16 281560]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\malwarebytes anti-exploit\mbae-svc.exe [2014-10-10 441144]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2014-9-16 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-9-16 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-9-16 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-9-16 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-9-16 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2014-9-16 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2014-9-16 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-9-16 179600]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-6-20 62832]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-9-16 147912]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2014-6-20 238176]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-6-20 369248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-7-24 350240]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2014-9-16 87520]
R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2013-12-21 724736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2014-6-20 67816]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-7-24 81296]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2014-9-16 87520]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-18 181432]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2013-12-20 347648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-11-22 20:34:05 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-11-22 20:34:05 -------- d-----w- c:\windows\system32\wbem\Repository
2014-11-22 05:43:09 48240 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-11-22 05:42:14 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-14 02:29:59 271704 ----a-r- c:\windows\system32\hpzids01.dll
2014-11-14 02:29:17 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2014-11-14 02:29:17 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2014-11-14 02:29:17 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2014-11-14 02:29:17 309760 ----a-r- c:\windows\system32\difxapi.dll
2014-11-14 02:29:17 294912 ----a-r- c:\windows\system32\hpovst11.dll
.
==================== Find3M  ====================
.
2014-11-22 20:08:38 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-22 05:41:23 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-11-19 20:43:10 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 04:03:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 04:03:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-03 07:34:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-11-03 07:33:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2014-10-01 19:11:18 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 19:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH:  2:10:40.48 ===============

Edited by deviantartfan1, 25 November 2014 - 05:22 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 PM

Posted 28 November 2014 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

What issues are you having with this computer, not the tool you used.


Wait for further instructions.

#5 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 November 2014 - 11:39 PM

Hey, nasdaq! 

 

**AdwCleaner Log**

 

# AdwCleaner v4.102 - Report created 28/11/2014 at 15:47:56
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : William - R3C2
# Running from : C:\Documents and Settings\William\Desktop\adwcleaner_4.102.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4341 octets] - [16/09/2014 10:27:48]
AdwCleaner[R10].txt - [2504 octets] - [28/11/2014 15:40:07]
AdwCleaner[R1].txt - [4159 octets] - [24/09/2014 20:08:10]
AdwCleaner[R2].txt - [1760 octets] - [24/09/2014 22:57:38]
AdwCleaner[R3].txt - [364 octets] - [26/09/2014 22:49:29]
AdwCleaner[R4].txt - [1639 octets] - [27/09/2014 12:50:24]
AdwCleaner[R5].txt - [1841 octets] - [28/09/2014 20:58:11]
AdwCleaner[R6].txt - [2761 octets] - [12/10/2014 12:19:42]
AdwCleaner[R7].txt - [2881 octets] - [13/10/2014 22:58:53]
AdwCleaner[R8].txt - [3815 octets] - [19/11/2014 13:12:13]
AdwCleaner[R9].txt - [340 octets] - [28/11/2014 15:38:41]
AdwCleaner[S0].txt - [4284 octets] - [24/09/2014 20:15:06]
AdwCleaner[S1].txt - [1831 octets] - [24/09/2014 23:01:19]
AdwCleaner[S2].txt - [1906 octets] - [28/09/2014 21:00:33]
AdwCleaner[S3].txt - [2777 octets] - [12/10/2014 12:41:53]
AdwCleaner[S4].txt - [2897 octets] - [13/10/2014 23:01:56]
AdwCleaner[S5].txt - [3769 octets] - [19/11/2014 13:15:41]
AdwCleaner[S6].txt - [2432 octets] - [28/11/2014 15:47:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2492 octets] ##########
 
 
*****FRST LOG*****
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by William (administrator) on R3C2 on 28-11-2014 20:23:34
Running from C:\Documents and Settings\William\Desktop
Loaded Profile: William (Available profiles: Richard & Jennifer & William & Alexander)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\shwiconEM.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVR.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(2Wire Inc.) C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunKistEM] => C:\Program Files\Digital Media Reader\shwiconem.exe [135168 2004-11-15] (Alcor Micro, Corp.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2005-03-08] (S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\WINDOWS\system32\VTtrayp.exe [147456 2005-03-11] (S3 Graphics Co., Ltd.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1387496435\EE\AOLHostManager.exe [125528 2004-11-03] (America Online, Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [67584 2003-12-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PRISMSVR.EXE] => C:\WINDOWS\system32\PRISMSVR.EXE [290905 2004-04-13] (Conexant Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Documents and Settings\Alexander\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk
ShortcutTarget: 2Wire Wireless Client.lnk -> C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe (2Wire Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\William\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1405522943-578289036-2122838739-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: WOT - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-27]
FF Extension: TrafficLight - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default\Extensions\trafficlight@bitdefender.com.xpi [2014-08-27]
FF Extension: avast! Online Security - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default\Extensions\wrc@avast.com.xpi [2014-09-26]
FF Extension: Bluhell Firewall - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-08-27]
FF Extension: NoScript - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-27]
FF Extension: BetterPrivacy - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\ew0i7tqw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-01-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-25]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://att.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (BIODIGITAL HUMAN) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-08-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-22]
CHR Extension: (Conveyor) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\baijekkfedgoapgaafkbhoajfpaenpdb [2014-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (WOT) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-13]
CHR Extension: (YouTube) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-22]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-22]
CHR Extension: (TrafficLight) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-22]
CHR Extension: (the quiet place) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbbkjidgehnkkhcppdpnicohbhblkfdp [2014-08-22]
CHR Extension: (Fun Switcher) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2014-08-22]
CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-08-22]
CHR Extension: (A Space Shooter for FREE) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-08-22]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-08-22]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-15]
CHR Extension: (Bustatech theme) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnohflgafpephcmdnnghnhappjbdfbko [2014-08-22]
CHR Extension: (Artillery Tower Protector) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldgcejmkikbadghamaadggncnbfekdik [2014-08-22]
CHR Extension: (Webcam Toy) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-08-22]
CHR Extension: (Contract Killer) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi [2014-08-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-01-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-09] (Ellora Assets Corp.) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2013-12-19] (New Boundary Technologies, Inc.) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2004-08-11] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [25088 2004-08-11] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation) [File not signed]
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
R0 adpu160m; C:\WINDOWS\System32\DRIVERS\adpu160m.sys [101888 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 agpCPQ; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\WINDOWS\System32\DRIVERS\aha154x.sys [12800 2004-08-04] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\WINDOWS\System32\DRIVERS\aic78u2.sys [55168 2004-08-04] (Microsoft Corporation) [File not signed]
R0 aic78xx; C:\WINDOWS\System32\DRIVERS\aic78xx.sys [56960 2004-08-04] (Microsoft Corporation) [File not signed]
R3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [400384 2003-12-09] (Sensaura) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [626977 2003-12-09] (Realtek Semiconductor Corp.) [File not signed]
R0 AliIde; C:\WINDOWS\System32\DRIVERS\aliide.sys [5248 2004-08-04] (Acer Laboratories Inc.) [File not signed]
R0 alim1541; C:\WINDOWS\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R0 amdagp; C:\WINDOWS\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.) [File not signed]
R0 amsint; C:\WINDOWS\System32\DRIVERS\amsint.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
R0 asc; C:\WINDOWS\System32\DRIVERS\asc.sys [26496 2004-08-04] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\WINDOWS\System32\DRIVERS\asc3350p.sys [22400 2004-08-04] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\WINDOWS\System32\DRIVERS\asc3550.sys [14848 2004-08-04] (Advanced System Products, Inc.) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [701440 2004-08-03] (ATI Technologies Inc.) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R0 cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
R0 cd20xrnt; C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys [7680 2004-08-04] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2001-08-17] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2004-11-10] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R0 CmdIde; C:\WINDOWS\System32\DRIVERS\cmdide.sys [6656 2004-08-04] (CMD Technology, Inc.) [File not signed]
R0 Cpqarray; C:\WINDOWS\System32\DRIVERS\cpqarray.sys [14976 2004-08-04] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\WINDOWS\System32\DRIVERS\dac2w2k.sys [179584 2004-08-04] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\WINDOWS\System32\DRIVERS\dac960nt.sys [14720 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\WINDOWS\System32\DRIVERS\dpti2o.sys [20192 2004-08-04] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R0 gagp30kx; C:\WINDOWS\System32\DRIVERS\gagp30kx.sys [46464 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R0 hpn; C:\WINDOWS\System32\DRIVERS\hpn.sys [25952 2004-08-04] (Microsoft Corporation) [File not signed]
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i2omgmt; C:\WINDOWS\system32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 i2omp; C:\WINDOWS\System32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\WINDOWS\System32\DRIVERS\ini910u.sys [16000 2004-08-04] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications) [File not signed]
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 mraid35x; C:\WINDOWS\System32\DRIVERS\mraid35x.sys [17280 2004-08-04] (American Megatrends Inc.) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               ) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R0 perc2; C:\WINDOWS\System32\DRIVERS\perc2.sys [27296 2004-08-04] (Microsoft Corporation) [File not signed]
R0 perc2hib; C:\WINDOWS\System32\DRIVERS\perc2hib.sys [5504 2004-08-04] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R0 ql1080; C:\WINDOWS\System32\DRIVERS\ql1080.sys [40320 2004-08-04] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\WINDOWS\System32\DRIVERS\ql10wnt.sys [33152 2004-08-04] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\WINDOWS\System32\DRIVERS\ql12160.sys [45312 2004-08-04] (QLogic Corporation) [File not signed]
R0 ql1240; C:\WINDOWS\System32\DRIVERS\ql1240.sys [40448 2004-08-04] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\WINDOWS\System32\DRIVERS\ql1280.sys [49024 2004-08-04] (QLogic Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2010-02-02] (Ralink Technology, Corp.) [File not signed]
S3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [65280 2004-08-13] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) [File not signed]
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Sparrow; C:\WINDOWS\System32\DRIVERS\sparrow.sys [19072 2004-08-04] (Adaptec, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 StillCam; C:\WINDOWS\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation) [File not signed]
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R0 symc810; C:\WINDOWS\System32\DRIVERS\symc810.sys [16256 2004-08-04] (Symbios Logic Inc.) [File not signed]
R0 symc8xx; C:\WINDOWS\System32\DRIVERS\symc8xx.sys [32640 2004-08-04] (LSI Logic) [File not signed]
R0 sym_hi; C:\WINDOWS\System32\DRIVERS\sym_hi.sys [28384 2004-08-04] (LSI Logic) [File not signed]
R0 sym_u3; C:\WINDOWS\System32\DRIVERS\sym_u3.sys [30688 2004-08-04] (LSI Logic) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R0 TosIde; C:\WINDOWS\System32\DRIVERS\toside.sys [4992 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ultra; C:\WINDOWS\System32\DRIVERS\ultra.sys [36736 2004-08-04] (Promise Technology, Inc.) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp; C:\WINDOWS\System32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) [File not signed]
S3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [173696 2005-04-06] (Copyright © VIA/S3 Graphics Co, Ltd.) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WlanUIG; C:\WINDOWS\System32\DRIVERS\WlanUIG.sys [347648 2007-02-05] ( ) [File not signed]
S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
U4 intelppm; No ImagePath
U0 mfewfpk; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 20:23 - 2014-11-28 20:24 - 00050465 _____ () C:\Documents and Settings\William\Desktop\FRST.txt
2014-11-28 20:02 - 2014-11-28 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-11-28 15:52 - 2014-11-28 20:23 - 00000000 ____D () C:\FRST
2014-11-28 15:51 - 2014-11-28 15:51 - 00002572 _____ () C:\Documents and Settings\William\Desktop\AdwCleaner[S6].txt
2014-11-28 15:37 - 2014-11-28 15:38 - 02148864 _____ () C:\Documents and Settings\William\Desktop\adwcleaner_4.102.exe
2014-11-28 15:37 - 2014-11-28 15:37 - 01109504 _____ (Farbar) C:\Documents and Settings\William\Desktop\FRST.exe
2014-11-27 23:03 - 2014-11-27 23:03 - 00000000 ____D () C:\Program Files\Secunia
2014-11-25 14:21 - 2014-11-25 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-25 14:20 - 2014-11-25 14:52 - 00000000 ____D () C:\Documents and Settings\William\Desktop\mbar
2014-11-25 03:01 - 2014-11-25 03:21 - 00000000 ____D () C:\Documents and Settings\William\Local Settings\Application Data\Unity
2014-11-25 02:03 - 2014-11-25 02:10 - 00013427 _____ () C:\Documents and Settings\William\Desktop\dds.txt
2014-11-25 02:03 - 2014-11-25 02:03 - 00019763 _____ () C:\Documents and Settings\William\Desktop\attach.txt
2014-11-22 12:33 - 2014-11-22 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-11-21 21:42 - 2014-11-21 21:41 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-11-16 02:25 - 2014-11-16 02:25 - 00001620 _____ () C:\WINDOWS\wmsetup.log
2014-11-13 18:29 - 2007-11-06 18:10 - 00271704 ____R (Hewlett-Packard) C:\WINDOWS\system32\hpzids01.dll
2014-11-13 18:29 - 2007-10-31 02:35 - 00729088 ____R (Hewlett-Packard) C:\WINDOWS\system32\hpwwiax4.dll
2014-11-13 18:29 - 2007-10-31 02:35 - 00593920 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\hpwtscl3.dll
2014-11-13 18:29 - 2007-01-17 08:37 - 00364544 ____R (Hewlett-Packard) C:\WINDOWS\system32\hppldcoi.dll
2014-11-13 18:29 - 2007-01-17 08:37 - 00309760 ____R (Microsoft Corporation) C:\WINDOWS\system32\difxapi.dll
2014-11-13 18:29 - 2007-01-17 08:31 - 00294912 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst11.dll
2014-11-13 18:28 - 2014-11-13 18:28 - 00001858 _____ () C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
2014-11-13 18:27 - 2014-11-13 18:27 - 00002669 _____ () C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
2014-11-13 18:25 - 2014-11-13 18:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2014-11-13 18:19 - 2014-11-13 18:19 - 00000677 _____ () C:\WINDOWS\MSI30-KB884016.log
2014-11-13 18:18 - 2014-11-13 18:33 - 00178655 _____ () C:\WINDOWS\hpwins20.dat
2014-11-13 18:18 - 2008-01-08 04:42 - 00002428 ____R () C:\WINDOWS\hpwmdl20.dat
2014-11-10 15:24 - 2014-11-10 15:24 - 00000162 _____ () C:\Documents and Settings\William\My Documents\blank.txt
2014-11-09 21:17 - 2014-11-09 21:17 - 00000000 ____D () C:\Documents and Settings\William\My Documents\OneNote Notebooks
2014-11-05 00:39 - 2014-11-05 00:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-03 22:26 - 2014-11-03 22:26 - 00000000 ____D () C:\Documents and Settings\Alexander\Local Settings\Application Data\Mozilla
2014-11-03 22:26 - 2014-11-03 22:26 - 00000000 ____D () C:\Documents and Settings\Alexander\Application Data\Mozilla
2014-11-02 23:41 - 2014-11-21 21:43 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-11-02 23:33 - 2014-11-02 23:54 - 00000000 ____D () C:\Program Files\Real
2014-11-02 23:33 - 2014-11-02 23:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-11-02 23:30 - 2014-11-02 23:53 - 00000000 ____D () C:\Documents and Settings\William\Application Data\Real
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 20:24 - 2014-08-22 13:24 - 00000000 ____D () C:\Documents and Settings\William\Local Settings\Temp
2014-11-28 20:03 - 2014-08-20 00:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-28 19:31 - 2013-12-20 12:14 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 15:52 - 2014-09-24 23:44 - 00838141 _____ () C:\WINDOWS\setupapi.log
2014-11-28 15:52 - 2004-08-26 02:58 - 00000709 _____ () C:\WINDOWS\wiadebug.log
2014-11-28 15:50 - 2014-09-15 13:46 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-28 15:50 - 2013-12-20 12:14 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 15:50 - 2004-08-26 10:02 - 01311018 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-28 15:49 - 2004-08-26 10:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-28 15:49 - 2004-08-26 02:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-28 15:48 - 2014-10-11 20:48 - 00065536 _____ () C:\WINDOWS\system32\config\CaptureL.evt
2014-11-28 15:48 - 2014-08-22 13:24 - 00000178 ___SH () C:\Documents and Settings\William\ntuser.ini
2014-11-28 15:48 - 2004-08-26 10:08 - 00032470 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-28 15:47 - 2014-09-16 10:27 - 00000000 ____D () C:\AdwCleaner
2014-11-28 02:24 - 2014-08-19 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-11-28 00:12 - 2014-09-27 12:58 - 00000000 ____D () C:\Documents and Settings\William\Application Data\vlc
2014-11-27 23:45 - 2014-09-28 20:33 - 00003496 _____ () C:\Documents and Settings\William\Desktop\Rkill.txt
2014-11-26 23:34 - 2014-10-23 11:33 - 00000984 _____ () C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
2014-11-26 23:34 - 2014-09-03 00:29 - 00000984 _____ () C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
2014-11-26 23:34 - 2014-03-30 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-11-26 00:12 - 2014-08-19 21:00 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 22:03 - 2014-08-20 00:37 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-25 22:03 - 2014-08-20 00:37 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 15:10 - 2014-08-28 00:07 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-25 14:20 - 2014-08-19 17:32 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-24 22:57 - 2014-08-20 01:27 - 00000178 ___SH () C:\Documents and Settings\Alexander\ntuser.ini
2014-11-24 22:57 - 2014-08-20 01:27 - 00000000 ____D () C:\Documents and Settings\Alexander\Local Settings\Temp
2014-11-22 12:34 - 2014-09-01 17:38 - 00000000 ____D () C:\Documents and Settings\Jennifer
2014-11-22 12:34 - 2014-08-22 13:24 - 00000000 ____D () C:\Documents and Settings\William
2014-11-22 12:34 - 2014-08-20 01:27 - 00000000 ____D () C:\Documents and Settings\Alexander
2014-11-22 12:34 - 2013-12-20 03:27 - 00000000 ____D () C:\Documents and Settings\Richard
2014-11-22 12:34 - 2004-08-26 10:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-22 12:34 - 2004-08-26 10:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-22 12:34 - 2004-08-26 10:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-22 12:33 - 2014-08-21 00:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-22 12:33 - 2013-12-19 15:38 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-22 12:27 - 2004-08-26 08:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-22 12:24 - 2014-08-21 00:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-21 21:43 - 2014-08-21 00:11 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-21 21:41 - 2014-10-17 13:23 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-11-20 15:22 - 2014-01-04 12:30 - 00000000 ____D () C:\Program Files\McAfee
2014-11-19 20:32 - 2014-09-16 11:02 - 00039936 _____ () C:\Documents and Settings\William\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-14 13:26 - 2014-10-28 19:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-11-13 18:33 - 2014-03-30 09:08 - 00000000 ____D () C:\Program Files\HP
2014-11-13 18:33 - 2014-03-30 09:06 - 00008578 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-11-13 18:33 - 2004-08-26 08:12 - 00000749 _____ () C:\WINDOWS\win.ini
2014-11-13 18:28 - 2014-08-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2014-11-13 18:26 - 2014-09-03 00:30 - 00000918 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-11-13 03:10 - 2014-08-21 11:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix
2014-11-11 15:09 - 2014-09-15 13:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-11 13:20 - 2014-10-19 23:47 - 00002515 _____ () C:\Documents and Settings\William\Desktop\Microsoft Office Word 2007.lnk
2014-11-08 15:00 - 2014-09-15 13:46 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-05 12:59 - 2013-12-19 15:45 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-05 00:39 - 2014-08-19 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 00:39 - 2014-08-19 17:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-04 19:58 - 2014-09-02 22:55 - 00039936 _____ () C:\Documents and Settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-02 23:34 - 2003-02-20 21:42 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2014-11-02 23:33 - 2013-12-19 15:41 - 00000000 ____D () C:\Program Files\Common Files\Real
2014-11-02 23:33 - 2003-03-18 13:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2014-11-02 15:07 - 2004-08-26 02:54 - 00664752 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 23:25 - 2014-08-19 17:26 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Documents and Settings\William\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\William\Local Settings\Temp\FreemakeVideoDownloader_3.7.0.17.exe
C:\Documents and Settings\William\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\William\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 

Thanks for you help. 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 PM

Posted 29 November 2014 - 09:09 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
CHR Extension: (Google Wallet) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-22]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [25088 2004-08-11] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
U4 intelppm; No ImagePath
U0 mfewfpk; No ImagePath
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\William\Local Settings\Temp\FreemakeVideoDownloader_3.7.0.17.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 29 November 2014 - 10:40 PM

You might wanna get those links for SecurityCheck checked out -- I downloaded it, and McAfee detected and blocked it as an "Artemis!" virus. I attempted to send this to McAfee, but it was reported failed -- so I have no idea whether or not it has infected my system.

 

Therefore, I CANNOT provide a SecurityCheck log at this time. 

 

***FIXLOG.TXT***

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by William at 2014-11-29 19:08:03 Run:1
Running from C:\Documents and Settings\William\Desktop\FRST
Loaded Profile: William (Available profiles: Richard & Jennifer & William & Alexander)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1405522943-578289036-2122838739-1009 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
CHR Extension: (Google Wallet) - C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-22]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [25088 2004-08-11] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
U4 intelppm; No ImagePath
U0 mfewfpk; No ImagePath
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\William\Local Settings\Temp\FreemakeVideoDownloader_3.7.0.17.exe
 
End
*****************
 
HKU\S-1-5-21-1405522943-578289036-2122838739-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => value deleted successfully.
"HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" => Key not found.
HKU\S-1-5-21-1405522943-578289036-2122838739-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
"HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key not found.
HKU\S-1-5-21-1405522943-578289036-2122838739-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value deleted successfully.
"HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" => Key deleted successfully.
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found] => not found.
C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
WmdmPmSN => Service deleted successfully.
wuauserv => Service stopped successfully.
wuauserv => Service deleted successfully.
McAfee SiteAdvisor Service => Error deleting Service
HPZid412 => Service deleted successfully.
HPZipr12 => Service deleted successfully.
intelppm => Service deleted successfully.
mfewfpk => Error deleting Service
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\William\Local Settings\Temp\FreemakeVideoDownloader_3.7.0.17.exe => Moved successfully.
 

 

==== End of Fixlog ====
 
 
 
At the moment, Windows Security Center is reporting that Automatc Updates are OFF, when they are clearly ON.
The problem mentioned at the top of this reply is still present.
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 PM

Posted 30 November 2014 - 09:16 AM

You might wanna get those links for SecurityCheck checked out -- I downloaded it, and McAfee detected and blocked it as an "Artemis!" virus. I attempted to send this to McAfee, but it was reported failed -- so I have no idea whether or not it has infected my system

The tool is safe. It's being updated often and the Security companies do not always have the latest information.
===

C:\WINDOWS\System32\browser.dll : 78,336 : 07/06/2012 05:58 AM : cfd4e51402da9838b5a04ae680af54a0 [NoSig]


The MD5 for this file is good.

http://www.shouldiblockit.com/browser.dll-cfd4e51402da9838b5a04ae680af54a0.aspx

As for the other with NoSig does not necessarity mean that they are bad.

What problem are you having with this computer.
Why did you run these tools?

#9 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 December 2014 - 01:55 AM

Originally, I ran rkill not only as a weekly security regimen, but also because I found out some malicious websites had been visited on my computer.

 

I posted here b/c the detected processes and "missing digital signatures"  were only detected by rkill after the malicious websites were visited. 

 

Also, I am getting the "Windows Security Alerts" icon in the taskbar, which states that Automatic Updates are off -- when they are clearly on. Could this be a result of the FRST fix?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 PM

Posted 01 December 2014 - 09:53 AM

Also, I am getting the "Windows Security Alerts" icon in the taskbar, which states that Automatic Updates are off -- when they are clearly on. Could this be a result of the FRST fix?


This could be a registry glitch.

Disable the Automatic Updates.
Restart the computer normally.

Enable the Automatic Updates and again restart the computer normally.

This should reset the registry settings.

How is it now?

#11 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 02 December 2014 - 04:33 AM

Unfortunately, doing the steps stated above didn't change the status of the problem -- the shield is still active.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 PM

Posted 02 December 2014 - 08:25 AM

Refer to this Microsoft article.

If all the setting are correct then I would just forget about it.

http://windows.microsoft.com/en-ca/windows-vista/using-windows-security-center

#13 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 02 December 2014 - 04:05 PM

Oh well. It's not like Microsoft will be rolling out any major updates for XP anytime soon. 

 

Thanks for your help, nasdaq!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 PM

Posted 03 December 2014 - 09:22 AM

The support for windows XP ended last year.

There will not be any new Updates. Only the ones already issued are available.

#15 deviantartfan1

deviantartfan1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 05 December 2014 - 10:56 PM

Exactly, that's what I'm saying.

 

Welp, I was only concerned w/the rkill report.

If this is purely benign, it's fine.

 

Feel free to close the topic.

 

Thanks for all your help, nasdaq!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users