Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINDOWS Vista Slow/Freezing with Avira Reporting Viruses- Help


  • This topic is locked This topic is locked
111 replies to this topic

#1 stonemanjr

stonemanjr

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 30 October 2015 - 06:08 PM

Machine is runningat about 75% and slowing quite a bit on some days, to point of freeze/delays increasing and requiring a re-boot. Running R-Kill seemed to speed up a bit, and then ran ESET, ADwcleaner and EMISOFT, and MBAM scans while in safe mode. They found some and quaratined, and there was improvement for a day or so but now we are back to same behavior.  This is just a simple office machine and is not accessing any strange/high risk websites, etc. and has only one user. THANKS ALOT for the help!!


Edited by Chris Cosgrove, 30 October 2015 - 06:18 PM.
Moved from Vista to Virus etc. logs at Bloopie's request


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:10 AM

Posted 30 October 2015 - 06:28 PM

Hello again stonemanjr, and welcome back to Bleeping Computer!! :thumbsup:

 

We've worked together a few times before, so you already know who I am, right?? :lol:

 

==========

 

Okay, let's see what's happening! :)

 

If you have those previous logs handy, please attach them (including your Antivirus log if you have them). Then please copy/paste a fresh FRST log and Addition.txt for my review.

 

If you need help finding any of the logs, let me know! :)

 

bloopie

 

P.S. I have to run home now, and may not be able to get back this evening, but I will review your logs in the a.m. if that's alright


Edited by bloopie, 30 October 2015 - 06:30 PM.
added the P.S.


#3 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 31 October 2015 - 01:31 AM

ON the way!!! Thank you again- you have always been great at burning this stuff out!! Lets light a fire. :flame:


Edited by stonemanjr, 31 October 2015 - 01:31 AM.


#4 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 31 October 2015 - 01:32 AM

No rush at all. I will get them back to you around 12 noon!



#5 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 01 November 2015 - 09:06 PM

Sorry running a little past deadline/due: Ok, Here's what I have so far and then will attach the files from FRST to follow! :warrior:



#6 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 01 November 2015 - 09:12 PM

AVIRA

Free Antivirus
Report file date: Friday, October 30, 2015  20:04


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Microsoft Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : owner
Computer name   : A-AC6ECF08BE344

Version information:
BUILD.DAT       : 15.0.13.210    92152 Bytes   10/5/2015 15:51:00
AVSCAN.EXE      : 15.0.13.202  1183208 Bytes    9/1/2015 21:09:56
AVSCANRC.DLL    : 15.0.13.158    57912 Bytes    9/1/2015 21:09:56
LUKE.DLL        : 15.0.13.190    69248 Bytes    9/1/2015 21:10:14
AVSCPLR.DLL     : 15.0.13.202   106352 Bytes    9/1/2015 21:09:56
REPAIR.DLL      : 15.0.13.193   517328 Bytes    9/1/2015 21:09:56
REPAIR.RDF      : 1.0.11.42    1234205 Bytes  10/23/2015 14:56:08
AVREG.DLL       : 15.0.13.193   339632 Bytes    9/1/2015 21:09:55
AVLODE.DLL      : 15.0.13.193   633688 Bytes    9/1/2015 21:09:54
AVLODE.RDF      : 14.0.5.6       84211 Bytes    9/1/2015 21:09:54
XBV00028.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 21:10:17
XBV00067.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00068.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00069.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00070.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00071.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00072.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00073.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00074.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00075.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:29
XBV00076.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00077.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00078.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00079.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00080.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00081.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00082.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00083.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00084.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00085.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00086.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00087.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00088.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:30
XBV00089.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00090.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00091.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00092.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00093.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00094.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00095.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00096.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00097.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:31
XBV00098.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00099.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00100.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00101.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00102.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00103.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00104.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00105.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00106.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00107.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00108.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00109.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00110.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:32
XBV00111.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00112.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00113.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00114.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00115.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00116.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00117.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00118.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00119.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00120.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00121.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00122.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00123.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:33
XBV00124.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00125.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00126.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00127.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00128.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00129.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00130.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00131.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00132.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00133.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00134.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00135.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00136.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00137.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:34
XBV00138.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00139.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00140.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00141.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00142.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00143.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00144.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00145.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00146.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00147.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00148.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00149.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00150.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00151.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:35
XBV00152.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00153.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00154.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00155.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00156.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00157.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00158.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00159.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00160.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00161.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00162.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00163.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00164.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:36
XBV00165.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00166.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00167.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00168.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00169.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00170.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00171.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00172.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00173.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00174.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00175.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00176.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00177.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00178.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:37
XBV00179.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00180.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00181.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00182.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00183.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00184.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00185.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00186.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00187.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00188.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00189.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00190.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00191.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:38
XBV00192.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00193.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00194.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00195.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00196.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00197.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00198.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00199.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00200.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00201.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00202.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00203.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00204.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00205.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:39
XBV00206.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00207.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00208.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00209.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00210.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00211.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00212.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00213.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00214.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00215.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00216.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00217.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:40
XBV00218.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00219.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00220.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00221.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00222.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00223.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00224.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00225.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00226.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00227.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00228.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00229.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:41
XBV00230.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00231.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00232.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00233.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00234.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00235.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00236.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00237.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00238.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00239.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00240.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00241.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00242.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:42
XBV00243.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00244.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00245.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00246.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00247.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00248.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00249.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00250.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00251.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00252.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00253.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00254.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00255.VDF    : 8.12.21.126     2048 Bytes  10/27/2015 18:27:43
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 21:10:17
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 21:10:17
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 21:10:17
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 21:10:17
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 21:10:17
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 21:10:17
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 21:10:17
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 21:10:17
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 21:10:17
XBV00009.VDF    : 8.11.172.30  2094080 Bytes   9/15/2014 21:10:17
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  10/14/2014 21:10:17
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 21:10:17
XBV00012.VDF    : 8.11.190.32  1876992 Bytes   12/3/2014 21:10:17
XBV00013.VDF    : 8.11.201.28  2973696 Bytes   1/14/2015 21:10:17
XBV00014.VDF    : 8.11.206.252  2695680 Bytes    2/4/2015 21:10:17
XBV00015.VDF    : 8.11.213.84  3175936 Bytes    3/3/2015 21:10:17
XBV00016.VDF    : 8.11.213.176   212480 Bytes    3/5/2015 21:10:17
XBV00017.VDF    : 8.11.219.166  2033664 Bytes   3/25/2015 21:10:17
XBV00018.VDF    : 8.11.225.88  2367488 Bytes   4/22/2015 21:10:17
XBV00019.VDF    : 8.11.230.186  1674752 Bytes   5/13/2015 21:10:17
XBV00020.VDF    : 8.11.237.30  4711936 Bytes    6/2/2015 21:10:17
XBV00021.VDF    : 8.11.243.12  2747904 Bytes   6/26/2015 21:10:17
XBV00022.VDF    : 8.11.248.172  2350592 Bytes   7/17/2015 21:10:17
XBV00023.VDF    : 8.11.254.112  2570752 Bytes    8/7/2015 21:10:17
XBV00024.VDF    : 8.12.3.6     2196480 Bytes   8/27/2015 21:10:17
XBV00025.VDF    : 8.12.8.238   1951232 Bytes   9/16/2015 03:31:17
XBV00026.VDF    : 8.12.16.180  2211328 Bytes   10/7/2015 07:36:11
XBV00027.VDF    : 8.12.21.126  2252288 Bytes  10/27/2015 18:27:27
XBV00042.VDF    : 8.12.21.128    20992 Bytes  10/27/2015 22:27:37
XBV00043.VDF    : 8.12.21.130    19456 Bytes  10/27/2015 00:27:41
XBV00044.VDF    : 8.12.21.132    30208 Bytes  10/28/2015 02:27:43
XBV00045.VDF    : 8.12.21.136    31744 Bytes  10/28/2015 08:28:45
XBV00046.VDF    : 8.12.21.138    18432 Bytes  10/28/2015 18:44:37
XBV00047.VDF    : 8.12.21.140     2048 Bytes  10/28/2015 18:44:37
XBV00048.VDF    : 8.12.21.170    35328 Bytes  10/28/2015 18:44:37
XBV00049.VDF    : 8.12.21.208     2048 Bytes  10/28/2015 18:44:37
XBV00050.VDF    : 8.12.21.210    23040 Bytes  10/28/2015 18:44:37
XBV00051.VDF    : 8.12.21.238    47616 Bytes  10/28/2015 18:44:38
XBV00052.VDF    : 8.12.22.10      2048 Bytes  10/28/2015 18:44:38
XBV00053.VDF    : 8.12.22.38     12288 Bytes  10/28/2015 18:44:38
XBV00054.VDF    : 8.12.22.40      2048 Bytes  10/28/2015 18:44:38
XBV00055.VDF    : 8.12.22.68     30720 Bytes  10/28/2015 23:31:20
XBV00056.VDF    : 8.12.22.70      2048 Bytes  10/28/2015 23:31:20
XBV00057.VDF    : 8.12.22.72      8704 Bytes  10/28/2015 23:31:20
XBV00058.VDF    : 8.12.22.74      2560 Bytes  10/28/2015 06:05:25
XBV00059.VDF    : 8.12.22.76      2048 Bytes  10/28/2015 06:05:25
XBV00060.VDF    : 8.12.22.80      4608 Bytes  10/29/2015 10:02:19
XBV00061.VDF    : 8.12.22.82      2048 Bytes  10/29/2015 10:02:19
XBV00062.VDF    : 8.12.22.84     14848 Bytes  10/29/2015 12:01:24
XBV00063.VDF    : 8.12.22.90     82432 Bytes  10/29/2015 23:00:21
XBV00064.VDF    : 8.12.22.92      2048 Bytes  10/29/2015 23:00:21
XBV00065.VDF    : 8.12.22.96     22528 Bytes  10/29/2015 23:00:22
XBV00066.VDF    : 8.12.22.98      2048 Bytes  10/29/2015 23:00:22
LOCAL000.VDF    : 8.12.22.98  142533632 Bytes  10/29/2015 23:06:28
Engine version  : 8.3.34.56
AEBB.DLL        : 8.1.2.0        60448 Bytes    9/1/2015 21:09:52
AECORE.DLL      : 8.3.8.0       249920 Bytes    9/1/2015 21:09:52
AEDROID.DLL     : 8.4.3.346    1801072 Bytes   10/7/2015 09:34:03
AEEMU.DLL       : 8.1.3.4       399264 Bytes    9/1/2015 21:09:52
AEEXP.DLL       : 8.4.2.126     272296 Bytes   10/7/2015 09:34:01
AEGEN.DLL       : 8.1.7.60      474232 Bytes  10/27/2015 14:26:05
AEHELP.DLL      : 8.3.2.2       281456 Bytes    9/1/2015 21:09:52
AEHEUR.DLL      : 8.1.4.1994   8694640 Bytes  10/27/2015 14:26:22
AEMOBILE.DLL    : 8.1.8.4       303168 Bytes    9/1/2015 21:09:52
AEOFFICE.DLL    : 8.3.1.56      408432 Bytes  10/19/2015 15:19:47
AEPACK.DLL      : 8.4.1.18      802880 Bytes  10/27/2015 14:26:24
AERDL.DLL       : 8.2.1.36      811064 Bytes   10/7/2015 03:31:02
AESBX.DLL       : 8.2.21.0     1622072 Bytes    9/1/2015 21:09:52
AESCN.DLL       : 8.3.3.2       141216 Bytes    9/1/2015 21:09:52
AESCRIPT.DLL    : 8.2.2.106     539504 Bytes  10/23/2015 14:56:04
AEVDF.DLL       : 8.3.2.2       141216 Bytes    9/1/2015 21:09:52
AVWINLL.DLL     : 15.0.13.158    29600 Bytes    9/1/2015 21:09:58
AVPREF.DLL      : 15.0.13.158    55864 Bytes    9/1/2015 21:09:55
AVREP.DLL       : 15.0.13.158   225320 Bytes    9/1/2015 21:09:55
AVARKT.DLL      : 15.0.13.158   232000 Bytes    9/1/2015 21:09:52
AVEVTLOG.DLL    : 15.0.13.190   202112 Bytes    9/1/2015 21:09:53
SQLITE3.DLL     : 15.0.13.158   461672 Bytes    9/1/2015 21:10:16
AVSMTP.DLL      : 15.0.13.158    82120 Bytes    9/1/2015 21:09:57
NETNT.DLL       : 15.0.13.158    18792 Bytes    9/1/2015 21:10:14
CommonImageRc.dll: 15.0.13.190  4308216 Bytes    9/1/2015 21:10:15
CommonTextRc.dll: 15.0.13.158    69760 Bytes    9/1/2015 21:10:15

Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files\Avira\Antivirus\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Friday, October 30, 2015  20:04

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'logon.scr' - '14' Module(s) have been scanned
Scan process 'SDScan.exe' - '82' Module(s) have been scanned
Scan process 'avscan.exe' - '98' Module(s) have been scanned
Scan process 'firefox.exe' - '94' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '102' Module(s) have been scanned
Scan process 'avcenter.exe' - '115' Module(s) have been scanned
Scan process 'rsUI.exe' - '117' Module(s) have been scanned
Scan process 'SDUpdSvc.exe' - '69' Module(s) have been scanned
Scan process 'SDWelcome.exe' - '81' Module(s) have been scanned
Scan process 'sua.exe' - '16' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '15' Module(s) have been scanned
Scan process 'ZAM.exe' - '52' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '130' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '130' Module(s) have been scanned
Scan process 'rscp_bg.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'PSIA.exe' - '58' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'DuckCapture.exe' - '39' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '34' Module(s) have been scanned
Scan process 'ZAM.exe' - '71' Module(s) have been scanned
Scan process 'avgnt.exe' - '101' Module(s) have been scanned
Scan process 'SDTray.exe' - '76' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '23' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '26' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
Scan process 'igfxtray.exe' - '27' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '33' Module(s) have been scanned
Scan process 'rscp_svc.exe' - '29' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '87' Module(s) have been scanned
Scan process 'Explorer.EXE' - '124' Module(s) have been scanned
Scan process 'avguard.exe' - '96' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '64' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'a2service.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1694' files ).


Starting the file scan:

Begin scan in 'C:\' <CORNERSTONE>
C:\TDSSKiller_Quarantine\21.11.2014_03.48.31\boot0000\boot0000\tsk0000.dta
  [DETECTION] Contains code of the BOO/Cidox.A boot sector virus
C:\WINDOWS\Temp\tmp00001d06\tmp00000019
  [DETECTION] Contains virus patterns of Adware ADWARE/iBryte.Gen7
C:\WINDOWS\Temp\tmp00006afb\tmp00000013
  [DETECTION] Contains virus patterns of Adware ADWARE/iBryte.Gen7
C:\WINDOWS\Temp\tmp000072b8\tmp0000001e
  [DETECTION] Contains virus patterns of Adware ADWARE/iBryte.Gen7

Beginning disinfection:
[ERROR] RepairMalware: Not able to Repair Malware ADWARE/iBryte.Gen7
[ERROR] RepairMalware: Not able to Repair Malware ADWARE/iBryte.Gen7
[ERROR] RepairMalware: Not able to Repair Malware ADWARE/iBryte.Gen7
C:\WINDOWS\Temp\tmp000072b8\tmp0000001e
  [DETECTION] Contains virus patterns of Adware ADWARE/iBryte.Gen7
  [NOTE]      The file was moved to the quarantine directory under the name '52d26021.qua'!
C:\WINDOWS\Temp\tmp00006afb\tmp00000013
  [DETECTION] Contains virus patterns of Adware ADWARE/iBryte.Gen7
  [NOTE]      The file was moved to the quarantine directory under the name '4a454f9b.qua'!
C:\WINDOWS\Temp\tmp00001d06\tmp00000019
  [DETECTION] Contains virus patterns of Adware ADWARE/iBryte.Gen7
  [NOTE]      The file was moved to the quarantine directory under the name '181a1543.qua'!
C:\TDSSKiller_Quarantine\21.11.2014_03.48.31\boot0000\boot0000\tsk0000.dta
  [DETECTION] Contains code of the BOO/Cidox.A boot sector virus
  [NOTE]      The file was moved to the quarantine directory under the name '7e2a5a8b.qua'!


End of the scan: Sunday, November 01, 2015  21:03
Used time:  5:18:57 Hour(s)

The scan has been done completely.

   6766 Scanned directories
 471605 Files were scanned
      4 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      4 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 471601 Files not concerned
   9496 Archives were scanned
      0 Warnings
      4 Notes
 779617 Objects were scanned with rootkit scan
      0 Hidden objects were found

 

 

 

SPYBOT

 

Search results from Spybot - Search & Destroy

11/1/2015 9:08:02 PM
Scan took 01:02:04.
62 items found.

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: owner (default-1435777344750)) (Browser: Cookie, nothing done)
 

Common Dialogs: [SBI $4E2AF2AC] History  (22 files) (Registry Key, nothing done)
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0: [SBI $D8926923] Last typed search text (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Office\11.0\Common\Search\Last Query\LastSearchText

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Office\11.0\PowerPoint\Recent File List

MS Office 11.0 (Publisher): [SBI $52D0C0B4] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Office\11.0\Publisher\Recent File List

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

MWSnap: [SBI $4A72F918] Last used capture area size (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Rectangles\LastRect

MWSnap: [SBI $B2B2B959] Last used color deep (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Saving\LastColorBits

MWSnap: [SBI $7BCB5ED5] Last used image format (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Saving\LastFilterIndex

MWSnap: [SBI $0F1E5FD8] Last used JPEG compression ratio (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Saving\LastJPEGQuality

MWSnap: [SBI $03B9C5C1] Last saved snapshot (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Saving\LastSavePath

MWSnap: [SBI $9A601561] Last used transparency switch (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Saving\LastTransparent

MWSnap: [SBI $F0B41CAA] Last transparent pixel position (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\MirWoj\MWSnap\Saving\LastTranspPixel

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
 

History: [SBI $49804B54] Browser: History (85) (Browser: History, nothing done)
 

Cookie: [SBI $49804B54] Browser: Cookie (1154) (Browser: Cookie, nothing done)
 


--- Spybot - Search & Destroy version: 2.4.40.131  DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-12-17 SDInformV2i-20141217.exe (1.0.0.0)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-24 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-09 spybotsd2-translation-nlx.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2015-01-05 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-21 Includes\Adware-000.sbi (*)
2015-08-04 Includes\Adware-001.sbi (*)
2015-10-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-28 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-24 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-10-27 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-10-27 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2015-05-05 Includes\Spyware-001.sbi (*)
2015-08-11 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-30 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-10-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
 



#7 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 01 November 2015 - 09:16 PM

Emsisoft Anti-Malware - Version 10.0.0.5735
Last update: 10/12/2015 11:45:27 PM
Initiated by: A-AC6ECF08BE344\owner

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    10/13/2015 12:06:15 AM
C:\WINDOWS\TEMP\tmp00000060\tmp00000013      Gen:Variant.Midie.2106 (B)
C:\WINDOWS\TEMP\tmp00000060\tmp00000024      Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000026      Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000020      Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000032      Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000034      Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000036      Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp0000781c\tmp000018e0      Gen:Variant.Midie.2106

Scanned    81372
Found    8

Scan end:    10/13/2015 1:00:13 AM
Scan time:    0:53:58

C:\WINDOWS\TEMP\tmp0000781c\tmp000018e0    Quarantined: Gen:Variant.Midie.2106 (B)
C:\WINDOWS\TEMP\tmp00000060\tmp00000013    Quarantined: Gen:Variant.Midie.2106 (B)

Quarantined:    2

C:\WINDOWS\TEMP\tmp00000060\tmp00000036    Deleted: Gen:Variant.Midie.2106 (B)
C:\WINDOWS\TEMP\tmp00000060\tmp00000034    Deleted: Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000032    Deleted: Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000020    Deleted: Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000026    Deleted: Gen:Variant.Midie.2106
C:\WINDOWS\TEMP\tmp00000060\tmp00000024    Deleted: Gen:Variant.Midie.2106

Deleted:    6
 



#8 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 01 November 2015 - 09:20 PM

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/28/2015 07:31:08 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Possibly Patched Files.

 * C:\WINDOWS\system32\services.exe
 * C:\WINDOWS\system32\lsass.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\spoolsv.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\ctfmon.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\wbem\wmiprvse.exe

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.1.12.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\x86_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.1.12.0_x-ww_2cdd0c7f [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.1.12.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\x86_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.1.12.0_x-ww_8b4622f9 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\appmgmts.dll : 167,936 : 04/14/2008 05:41 AM : d8849f77c0b66226335a59d26cb4edc6 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\appmgmts.dll : 167,936 : 04/14/2008 05:41 AM : d8849f77c0b66226335a59d26cb4edc6 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\appmgmts.dll : 167,936 : 04/14/2008 05:41 AM : d8849f77c0b66226335a59d26cb4edc6 [Pos Repl]

 * C:\WINDOWS\System32\browser.dll : 78,336 : 07/06/2012 09:58 AM : cfd4e51402da9838b5a04ae680af54a0 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll : 78,336 : 07/06/2012 09:58 AM : fc6d1d80588d371f0321e15a75b2f8f2 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\browser.dll : 78,336 : 07/06/2012 09:58 AM : cfd4e51402da9838b5a04ae680af54a0 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\browser.dll : 78,336 : 07/06/2012 09:58 AM : cfd4e51402da9838b5a04ae680af54a0 [Pos Repl]

 * C:\WINDOWS\System32\clipsrv.exe : 33,280 : 04/14/2008 05:42 AM : 34cbe729f38138217f9c80212a2a0c82 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\clipsrv.exe : 33,280 : 04/14/2008 05:42 AM : 34cbe729f38138217f9c80212a2a0c82 [Pos Repl]

 * C:\WINDOWS\System32\comctl32.dll : 617,472 : 08/23/2010 12:12 AM : 93afb83fbc1f9443cac722fca63d73bf [NoSig]
 +-> C:\WINDOWS\erdnt\cache\comctl32.dll : 617,472 : 08/23/2010 12:12 AM : 93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\comctl32.dll : 617,472 : 08/23/2010 12:12 AM : 93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921,088 : 08/23/2001 07:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1,054,208 : 04/14/2008 05:42 AM : bd38d1ebe24a46bd3eda059560afba12 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll : 1,054,208 : 08/23/2010 12:12 AM : 736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]

 * C:\WINDOWS\System32\comres.dll : 792,064 : 04/14/2008 05:41 AM : 1280a158c722fa95a80fb7aebe78fa7d [NoSig]
 +-> C:\WINDOWS\erdnt\cache\comres.dll : 792,064 : 04/14/2008 05:41 AM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\comres.dll : 792,064 : 04/14/2008 05:41 AM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]

 * C:\WINDOWS\System32\cryptsvc.dll : 62,464 : 04/14/2008 05:41 AM : 3d4e199942e29207970e04315d02ad3b [NoSig]
 +-> C:\WINDOWS\erdnt\cache\cryptsvc.dll : 62,464 : 04/14/2008 05:41 AM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\cryptsvc.dll : 62,464 : 04/14/2008 05:41 AM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]

 * C:\WINDOWS\System32\csrss.exe : 6,144 : 04/14/2008 05:42 AM : 44f275c64738ea2056e3d9580c23b60f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\csrss.exe : 6,144 : 04/14/2008 05:42 AM : 44f275c64738ea2056e3d9580c23b60f [Pos Repl]

 * C:\WINDOWS\System32\ctfmon.exe : 15,360 : 04/14/2008 05:42 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ctfmon.exe : 15,360 : 04/14/2008 05:42 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ctfmon.exe : 15,360 : 04/14/2008 05:42 AM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]

 * C:\WINDOWS\System32\d3d8.dll : 1,179,648 : 04/14/2008 05:41 AM : f099b129022170f2df9e1c0185c9bcfb [NoSig]
 +-> C:\WINDOWS\system32\dllcache\d3d8.dll : 1,179,648 : 04/14/2008 05:41 AM : f099b129022170f2df9e1c0185c9bcfb [Pos Repl]

 * C:\WINDOWS\System32\d3d8thk.dll : 8,192 : 04/14/2008 05:41 AM : 31b067c412fa1a9bad3ca2a63d7da440 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\d3d8thk.dll : 8,192 : 04/14/2008 05:41 AM : 31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]

 * C:\WINDOWS\System32\d3d9.dll : 1,689,088 : 04/14/2008 05:41 AM : 0607cbc6fa20114cb491efe4b2f9efad [NoSig]
 +-> C:\WINDOWS\erdnt\cache\d3d9.dll : 1,689,088 : 04/14/2008 05:41 AM : 0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\d3d9.dll : 1,689,088 : 04/14/2008 05:41 AM : 0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]

 * C:\WINDOWS\System32\ddraw.dll : 279,552 : 04/14/2008 05:41 AM : a340cd71eb535a3dd751b5f28723e50c [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ddraw.dll : 279,552 : 04/14/2008 05:41 AM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ddraw.dll : 279,552 : 04/14/2008 05:41 AM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]

 * C:\WINDOWS\System32\dllhost.exe : 5,120 : 04/14/2008 05:42 AM : 0a9ba6af531afe7fa5e4fb973852d863 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dllhost.exe : 5,120 : 04/14/2008 05:42 AM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]

 * C:\WINDOWS\System32\dsound.dll : 367,616 : 04/14/2008 05:41 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\dsound.dll : 367,616 : 04/14/2008 05:41 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\dsound.dll : 367,616 : 04/14/2008 05:41 AM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]

 * C:\WINDOWS\System32\dssenh.dll : 138,752 : 04/13/2008 11:07 PM : fede68bf80052bad393afd5c2e60dcb0 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dssenh.dll : 138,752 : 04/13/2008 11:07 PM : fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]

 * C:\WINDOWS\System32\es.dll : 253,952 : 07/07/2008 04:26 PM : d4991d98f2db73c60d042f1aef79efae [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll : 253,952 : 07/07/2008 04:23 PM : f17f6226bdc0cd5f0bef0daf84d29bec [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB950974$\es.dll : 246,272 : 04/14/2008 05:41 AM : 19a799805b24990867b00c120d300c3a [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\es.dll : 253,952 : 07/07/2008 04:26 PM : d4991d98f2db73c60d042f1aef79efae [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\es.dll : 253,952 : 07/07/2008 04:26 PM : d4991d98f2db73c60d042f1aef79efae [Pos Repl]

 * C:\WINDOWS\System32\eventlog.dll : 56,320 : 04/14/2008 05:41 AM : 6d4feb43ee538fc5428cc7f0565aa656 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\eventlog.dll : 56,320 : 04/14/2008 05:41 AM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\eventlog.dll : 56,320 : 04/14/2008 05:41 AM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]

 * C:\WINDOWS\System32\hid.dll : 20,992 : 04/14/2008 05:51 AM : 8973122796e3b5d6b5900fc186e55fea [NoSig]

 * C:\WINDOWS\System32\hnetcfg.dll : 344,064 : 04/14/2008 05:41 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\hnetcfg.dll : 344,064 : 04/14/2008 05:41 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\hnetcfg.dll : 344,064 : 04/14/2008 05:41 AM : 3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]

 * C:\WINDOWS\System32\imm32.dll : 110,080 : 04/14/2008 05:41 AM : 0da85218e92526972a821587e6a8bf8f [NoSig]
 +-> C:\WINDOWS\erdnt\cache\imm32.dll : 110,080 : 04/14/2008 05:41 AM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\imm32.dll : 110,080 : 04/14/2008 05:41 AM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]

 * C:\WINDOWS\System32\ipsecsvc.dll : 183,808 : 04/14/2008 05:41 AM : 332760fba1655fcfd35bd6f4fd871300 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipsecsvc.dll : 183,808 : 04/14/2008 05:41 AM : 332760fba1655fcfd35bd6f4fd871300 [Pos Repl]

 * C:\WINDOWS\System32\kernel32.dll : 993,280 : 03/12/2014 06:48 AM : 4a45b692d2baa74124df57472d5ea2f1 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll : 991,744 : 10/03/2012 00:57 AM : 6cbfeeb384f04681af75f495aa48dd32 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll : 991,744 : 03/21/2009 09:59 AM : da11d9d6ecbdf0f93436a4b7c13f7bec [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB2922229$\kernel32.dll : 990,208 : 10/03/2012 00:58 AM : 6fe42512ab1b89f32a7407f261b1d2d0 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\kernel32.dll : 993,280 : 03/12/2014 06:48 AM : 4a45b692d2baa74124df57472d5ea2f1 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\kernel32.dll : 993,280 : 03/12/2014 06:48 AM : 4a45b692d2baa74124df57472d5ea2f1 [Pos Repl]

 * C:\WINDOWS\System32\ksuser.dll : 4,096 : 04/14/2008 06:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ksuser.dll : 4,096 : 04/14/2008 06:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ksuser.dll : 4,096 : 04/14/2008 06:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]

 * C:\WINDOWS\System32\linkinfo.dll : 19,968 : 04/14/2008 05:41 AM : 2dc5a8019e2387987905f77c664e4be2 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\linkinfo.dll : 19,968 : 04/14/2008 05:41 AM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\linkinfo.dll : 19,968 : 04/14/2008 05:41 AM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]

 * C:\WINDOWS\System32\lpk.dll : 22,016 : 04/14/2008 05:41 AM : 012df358cebaa23acb26d82077820817 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\lpk.dll : 22,016 : 04/14/2008 05:41 AM : 012df358cebaa23acb26d82077820817 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\lpk.dll : 22,016 : 04/14/2008 05:41 AM : 012df358cebaa23acb26d82077820817 [Pos Repl]

 * C:\WINDOWS\System32\lsass.exe : 13,312 : 04/14/2008 05:42 AM : bf2466b3e18e970d8a976fb95fc1ca85 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\lsass.exe : 13,312 : 04/14/2008 05:42 AM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\lsass.exe : 13,312 : 04/14/2008 05:42 AM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]

 * C:\WINDOWS\System32\mfc40u.dll : 953,856 : 09/18/2010 02:53 AM : e76a5c202e68af5a322d16b5a78f48b9 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll : 953,856 : 09/18/2010 03:18 AM : 842900dedbc8e3e8dbcccb298fd88f65 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\mfc40u.dll : 953,856 : 09/18/2010 02:53 AM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/18/2010 02:53 AM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]

 * C:\WINDOWS\System32\midimap.dll : 18,944 : 04/14/2008 05:41 AM : 5c12660a97822f6e61576943b49aaad6 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\midimap.dll : 18,944 : 04/14/2008 05:41 AM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\midimap.dll : 18,944 : 04/14/2008 05:41 AM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]

 * C:\WINDOWS\System32\msgsvc.dll : 33,792 : 04/14/2008 05:42 AM : 986b1ff5814366d71e0ac5755c88f2d3 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\msgsvc.dll : 33,792 : 04/14/2008 05:42 AM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\msgsvc.dll : 33,792 : 04/14/2008 05:42 AM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]

 * C:\WINDOWS\System32\mshtml.dll : 6,022,144 : 04/30/2014 04:13 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll : 5,954,560 : 06/24/2010 08:24 AM : 94dc7e938c57f3c3d1bc4a0f68fc5830 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll : 5,978,624 : 11/04/2011 03:19 PM : 699421e2e1313c18671a703953cae14b [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll : 6,010,368 : 08/28/2012 11:13 AM : cf6b381c3518ab328382429cae206d64 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll : 5,953,024 : 05/06/2010 06:36 AM : 9be28f749a7fe7f8f177c6aa2e9da609 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\mshtml.dll : 6,022,144 : 04/30/2014 04:13 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2618444-IE8\mshtml.dll : 5,950,976 : 05/06/2010 06:41 AM : c7b7a88cc7d7aba5c395145bf92f46f7 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2744842-IE8\mshtml.dll : 5,978,112 : 11/04/2011 03:20 PM : dd8d655e1881b70a5259a23a6018a6c2 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2829530-IE8\mshtml.dll : 6,008,832 : 08/28/2012 11:14 AM : df3c3ca94cbc9de07ac3eb49440a8d45 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2838727-IE8\mshtml.dll : 6,015,488 : 05/07/2013 00:27 AM : 6dd9251c4d427de5eb828e0bffb95c5a [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2846071-IE8\mshtml.dll : 6,014,976 : 05/17/2013 06:07 PM : 05cf1926e4e7b6d91d66bd5cd54fc1f0 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2847204-IE8\mshtml.dll : 6,014,976 : 04/16/2013 06:17 PM : 8dac02e5785383fc895e7ca3cd75313a [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2862772-IE8\mshtml.dll : 6,017,536 : 06/07/2013 05:56 PM : 76a0cf7f71b56cf9ccf46536affe3e26 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2870699-IE8\mshtml.dll : 6,017,536 : 07/25/2013 10:47 PM : 17965d48033d1a6e6320aa867351cc21 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2879017-IE8\mshtml.dll : 6,017,536 : 08/08/2013 02:05 AM : 4c9afe1ae4112d260a3e7846c60c774d [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2888505-IE8\mshtml.dll : 6,017,536 : 09/23/2013 02:33 PM : 579017cf9c919429188190dae79bb8fc [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2898785-IE8\mshtml.dll : 6,021,120 : 10/13/2013 03:25 AM : 0794cd09be3d1e7a966c95e76fc86f47 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2909921-IE8\mshtml.dll : 6,020,608 : 10/29/2013 03:57 AM : 680bd97ba5c817bce79162496d51528d [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2925418-IE8\mshtml.dll : 6,021,120 : 02/05/2014 07:26 PM : 516e371cc348141277a73eb9d3c25951 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2936068-IE8\mshtml.dll : 6,022,144 : 02/24/2014 07:46 AM : 427c63c2075abf62faa897bbd3de44f4 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2964358-IE8\mshtml.dll : 6,021,632 : 03/06/2014 01:59 PM : 0964efc80bd54fdf37397a09fdae8395 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll : 5,937,152 : 03/08/2009 04:41 AM : d469a0eba2ef5c6bee8065b7e3196e5e [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mshtml.dll : 6,022,144 : 04/30/2014 04:13 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [Pos Repl]

 * C:\WINDOWS\System32\msimg32.dll : 4,608 : 04/14/2008 05:42 AM : affc87e2501fce8f09d4c10ba6421ccf [NoSig]
 +-> C:\WINDOWS\erdnt\cache\msimg32.dll : 4,608 : 04/14/2008 05:42 AM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\msimg32.dll : 4,608 : 04/14/2008 05:42 AM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]

 * C:\WINDOWS\System32\mspmsnsv.dll : 27,136 : 10/18/2006 10:47 PM : c51b4a5c05a5475708e3c81c7765b71d [NoSig]
 +-> C:\WINDOWS\erdnt\cache\mspmsnsv.dll : 27,136 : 10/18/2006 10:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mspmsnsv.dll : 27,136 : 10/18/2006 10:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl]

 * C:\WINDOWS\System32\msprivs.dll : 48,128 : 04/13/2008 09:53 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msprivs.dll : 48,128 : 04/13/2008 09:53 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]

 * C:\WINDOWS\System32\msvcrt.dll : 343,040 : 04/14/2008 05:42 AM : 355edbb4d412b01f1740c17e3f50fa00 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\msvcrt.dll : 343,040 : 04/14/2008 05:42 AM : 355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\msvcrt.dll : 343,040 : 04/14/2008 05:42 AM : 355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322,560 : 08/23/2001 07:00 AM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll : 343,040 : 04/14/2008 05:42 AM : d7075e95aa599ee77b7a89d39296bd3d [Pos Repl]

 * C:\WINDOWS\System32\mswsock.dll : 245,248 : 06/20/2008 12:02 AM : 943337d786a56729263071623bbb9de5 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll : 245,248 : 06/20/2008 01:43 PM : fcee5fcb99f7c724593365c706d28388 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\mswsock.dll : 245,248 : 06/20/2008 12:02 AM : 943337d786a56729263071623bbb9de5 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mswsock.dll : 245,248 : 06/20/2008 12:02 AM : 943337d786a56729263071623bbb9de5 [Pos Repl]

 * C:\WINDOWS\System32\netlogon.dll : 407,040 : 04/14/2008 05:42 AM : 1b7f071c51b77c272875c3a23e1e4550 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\netlogon.dll : 407,040 : 04/14/2008 05:42 AM : 1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\netlogon.dll : 407,040 : 04/14/2008 05:42 AM : 1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]

 * C:\WINDOWS\System32\netman.dll : 198,144 : 04/14/2008 05:42 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [NoSig]
 +-> C:\WINDOWS\erdnt\cache\netman.dll : 198,144 : 04/14/2008 05:42 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\netman.dll : 198,144 : 04/14/2008 05:42 AM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]

 * C:\WINDOWS\System32\ntkrnlpa.exe : 2,028,544 : 07/03/2013 10:08 PM : 05f3db567eae368ae3bbd7e973490646 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe : 2,069,376 : 12/09/2010 06:39 PM : f67cd97282e0abfaf91a9a1359b16f2d [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe : 2,069,120 : 04/11/2012 08:42 AM : 063a0f8a90d8e2b802e5243fe9aabcf3 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe : 2,070,016 : 03/06/2013 08:53 PM : 9ebeda306e5eabdabcff8b695fcd4cd6 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe : 2,066,176 : 02/06/2009 06:30 AM : 607352b9cb3d708c67f6039097801b5a [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe : 2,023,936 : 04/14/2008 05:51 AM : 7f653a89f6e89e3ae0d49830eece35d4 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2,070,144 : 07/03/2013 10:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\ntkrnlpa.exe : 2,028,544 : 07/03/2013 10:08 PM : 05f3db567eae368ae3bbd7e973490646 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntkrnlpa.exe : 2,070,144 : 07/03/2013 10:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [Pos Repl]

 * C:\WINDOWS\System32\ntmssvc.dll : 435,200 : 04/14/2008 05:42 AM : 156f64a3345bd23c600655fb4d10bc08 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ntmssvc.dll : 435,200 : 04/14/2008 05:42 AM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntmssvc.dll : 435,200 : 04/14/2008 05:42 AM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]

 * C:\WINDOWS\System32\ntoskrnl.exe : 2,149,888 : 07/03/2013 11:03 PM : afee19399cf992a098309f7fdf87880a [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe : 2,192,768 : 12/09/2010 09:43 AM : a531bbd3de13121c1380ed7dc99082db [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe : 2,192,640 : 04/11/2012 09:22 AM : 8d061bb825bc606c2b1c6f7452d1baaa [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe : 2,193,536 : 03/06/2013 09:31 PM : 9fc16e5ebfe88f3c844ffe2e6cb7f1e8 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe : 2,189,184 : 02/07/2009 07:35 PM : efe8eace83eaad5849a7a548fb75b584 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe : 2,145,280 : 04/14/2008 00:54 AM : 40f8880122a030a7e9e1fedea833b33d [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2,193,536 : 07/03/2013 10:59 PM : a4a50a53ffbfec545cda85e98af2106b [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\ntoskrnl.exe : 2,149,888 : 07/03/2013 11:03 PM : afee19399cf992a098309f7fdf87880a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntoskrnl.exe : 2,193,536 : 07/03/2013 10:59 PM : a4a50a53ffbfec545cda85e98af2106b [Pos Repl]

 * C:\WINDOWS\System32\oakley.dll : 278,528 : 10/12/2013 11:56 AM : 584c4da856450cb22ebbe7a68cc6250f [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB974392\SP3QFE\oakley.dll : 270,336 : 10/13/2009 06:38 AM : 7eadba6d371c60cca9e4db57c28c8045 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\oakley.dll : 278,528 : 10/12/2013 11:56 AM : 584c4da856450cb22ebbe7a68cc6250f [Pos Repl]

 * C:\WINDOWS\System32\ole32.dll : 1,289,728 : 08/05/2013 09:30 AM : 59b408e5b8489b0b36a0d783d150edcc [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll : 1,289,216 : 11/01/2011 12:05 AM : 7d9dde1ab4b00ddb173f5a16e9206517 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll : 1,289,216 : 07/16/2010 08:04 AM : 8d51fb47062f2a1a9efeccef338a4c46 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\ole32.dll : 1,289,728 : 08/05/2013 09:30 AM : 59b408e5b8489b0b36a0d783d150edcc [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ole32.dll : 1,289,728 : 08/05/2013 09:30 AM : 59b408e5b8489b0b36a0d783d150edcc [Pos Repl]

 * C:\WINDOWS\System32\olepro32.dll : 84,992 : 04/14/2008 05:42 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\olepro32.dll : 84,992 : 04/14/2008 05:42 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\olepro32.dll : 84,992 : 04/14/2008 05:42 AM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]

 * C:\WINDOWS\System32\perfctrs.dll : 39,936 : 04/14/2008 05:42 AM : dbe2b62353660ecca0d75ea307a717e9 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\perfctrs.dll : 39,936 : 04/14/2008 05:42 AM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\perfctrs.dll : 39,936 : 04/14/2008 05:42 AM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]

 * C:\WINDOWS\System32\powrprof.dll : 17,408 : 04/14/2008 05:42 AM : 50a166237a0fa771261275a405646cc0 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\powrprof.dll : 17,408 : 04/14/2008 05:42 AM : 50a166237a0fa771261275a405646cc0 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\powrprof.dll : 17,408 : 04/14/2008 05:42 AM : 50a166237a0fa771261275a405646cc0 [Pos Repl]

 * C:\WINDOWS\System32\psbase.dll : 96,768 : 04/14/2008 05:42 AM : 22d89d84e8e081cda529dbf8c0255a38 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\psbase.dll : 96,768 : 04/14/2008 05:42 AM : 22d89d84e8e081cda529dbf8c0255a38 [Pos Repl]

 * C:\WINDOWS\System32\pstorsvc.dll : 34,304 : 04/14/2008 05:42 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pstorsvc.dll : 34,304 : 04/14/2008 05:42 AM : 853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]

 * C:\WINDOWS\System32\qmgr.dll : 409,088 : 04/14/2008 05:42 AM : 574738f61fca2935f5265dc4e5691314 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\qmgr.dll : 409,088 : 04/14/2008 05:42 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\qmgr.dll : 409,088 : 04/14/2008 05:42 AM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]

 * C:\WINDOWS\System32\rasadhlp.dll : 7,680 : 04/14/2008 05:42 AM : 6f9bef24c578d5d6740e080bedd6a448 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\rasadhlp.dll : 7,680 : 04/14/2008 05:42 AM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rasadhlp.dll : 7,680 : 04/14/2008 05:42 AM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]

 * C:\WINDOWS\System32\regsvc.dll : 59,904 : 04/14/2008 05:42 AM : 5b19b557b0c188210a56a6b699d90b8f [NoSig]
 +-> C:\WINDOWS\erdnt\cache\regsvc.dll : 59,904 : 04/14/2008 05:42 AM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\regsvc.dll : 59,904 : 04/14/2008 05:42 AM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]

 * C:\WINDOWS\System32\rpcss.dll : 401,408 : 02/09/2009 08:10 AM : 6b27a5c03dfb94b4245739065431322c [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll : 401,408 : 02/09/2009 06:56 AM : 9222562d44021b988b9f9f62207fb6f2 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll : 399,360 : 04/14/2008 05:42 AM : 2589fe6015a316c0f5d5112b4da7b509 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\rpcss.dll : 401,408 : 02/09/2009 08:10 AM : 6b27a5c03dfb94b4245739065431322c [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rpcss.dll : 401,408 : 02/09/2009 08:10 AM : 6b27a5c03dfb94b4245739065431322c [Pos Repl]

 * C:\WINDOWS\System32\scecli.dll : 181,248 : 04/14/2008 05:42 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\scecli.dll : 181,248 : 04/14/2008 05:42 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\scecli.dll : 181,248 : 04/14/2008 05:42 AM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]

 * C:\WINDOWS\System32\schannel.dll : 152,576 : 06/04/2012 00:32 AM : 0f64207b49390c8063c36ae7cbf9c2db [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll : 152,064 : 11/16/2011 10:20 AM : d444009f7cd704c89f7f9e62396ed4f1 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2655992\SP3QFE\schannel.dll : 153,088 : 06/04/2012 00:31 AM : 26f1193092b9ac2586deb38dd1cbb25c [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll : 147,456 : 06/25/2009 04:41 AM : e513ba8bc33fd00f35d69659b478b1df [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\schannel.dll : 152,576 : 06/04/2012 00:32 AM : 0f64207b49390c8063c36ae7cbf9c2db [Pos Repl]

 * C:\WINDOWS\System32\schedsvc.dll : 192,512 : 04/14/2008 05:42 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [NoSig]
 +-> C:\WINDOWS\erdnt\cache\schedsvc.dll : 192,512 : 04/14/2008 05:42 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\schedsvc.dll : 192,512 : 04/14/2008 05:42 AM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]

 * C:\WINDOWS\System32\services.exe : 110,592 : 02/06/2009 07:11 AM : 65df52f5b8b6e9bbd183505225c37315 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe : 110,592 : 02/06/2009 07:06 AM : 020ceaaedc8eb655b6506b8c70d53bb6 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\services.exe : 108,544 : 04/14/2008 05:42 AM : 0e776ed5f7cc9f94299e70461b7b8185 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\services.exe : 110,592 : 02/06/2009 07:11 AM : 65df52f5b8b6e9bbd183505225c37315 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\services.exe : 110,592 : 02/06/2009 07:11 AM : 65df52f5b8b6e9bbd183505225c37315 [Pos Repl]

 * C:\WINDOWS\System32\setupapi.dll : 985,088 : 04/14/2008 05:42 AM : 24192246760e0e64435522e246b1d6c2 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\setupapi.dll : 985,088 : 04/14/2008 05:42 AM : 24192246760e0e64435522e246b1d6c2 [Pos Repl]

 * C:\WINDOWS\System32\sfc.dll : 5,120 : 04/14/2008 05:42 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\sfc.dll : 5,120 : 04/14/2008 05:42 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\sfc.dll : 5,120 : 04/14/2008 05:42 AM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]

 * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 04/14/2008 05:42 AM : 9dd07af82244867ca36681ea2d29ce79 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\sfcfiles.dll : 1,614,848 : 04/14/2008 05:42 AM : 9dd07af82244867ca36681ea2d29ce79 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\sfcfiles.dll : 1,614,848 : 04/14/2008 05:42 AM : 9dd07af82244867ca36681ea2d29ce79 [Pos Repl]

 * C:\WINDOWS\System32\shsvcs.dll : 135,168 : 07/27/2009 07:17 PM : 99bc0b50f511924348be19c7c7313bbf [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll : 135,168 : 07/27/2009 06:13 PM : 888cd7b39c37e13a2419becfaaf0a28c [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\shsvcs.dll : 135,168 : 07/27/2009 07:17 PM : 99bc0b50f511924348be19c7c7313bbf [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\shsvcs.dll : 135,168 : 07/27/2009 07:17 PM : 99bc0b50f511924348be19c7c7313bbf [Pos Repl]

 * C:\WINDOWS\System32\smss.exe : 50,688 : 04/14/2008 05:42 AM : 5f816c1f539266d2d4c78694239da0b5 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\smss.exe : 50,688 : 04/14/2008 05:42 AM : 5f816c1f539266d2d4c78694239da0b5 [Pos Repl]

 * C:\WINDOWS\System32\spoolsv.exe : 58,880 : 08/17/2010 09:17 AM : 60784f891563fb1b767f70117fc2428f [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe : 58,880 : 08/17/2010 09:19 AM : 258dd5d4283fd9f9a7166be9ae45ce73 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\spoolsv.exe : 58,880 : 08/17/2010 09:17 AM : 60784f891563fb1b767f70117fc2428f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\spoolsv.exe : 58,880 : 08/17/2010 09:17 AM : 60784f891563fb1b767f70117fc2428f [Pos Repl]

 * C:\WINDOWS\System32\srsvc.dll : 171,008 : 04/14/2008 05:42 AM : 3805df0ac4296a34ba4bf93b346cc378 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\srsvc.dll : 171,008 : 04/14/2008 05:42 AM : 3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\srsvc.dll : 171,008 : 04/14/2008 05:42 AM : 3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]

 * C:\WINDOWS\System32\ssdpsrv.dll : 71,680 : 04/14/2008 05:42 AM : 0a5679b3714edab99e357057ee88fca6 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ssdpsrv.dll : 71,680 : 04/14/2008 05:42 AM : 0a5679b3714edab99e357057ee88fca6 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ssdpsrv.dll : 71,680 : 04/14/2008 05:42 AM : 0a5679b3714edab99e357057ee88fca6 [Pos Repl]

 * C:\WINDOWS\System32\svchost.exe : 14,336 : 04/14/2008 05:42 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\svchost.exe : 14,336 : 04/14/2008 05:42 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\svchost.exe : 14,336 : 04/14/2008 05:42 AM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]

 * C:\WINDOWS\System32\tapisrv.dll : 249,856 : 04/14/2008 05:42 AM : 3cb78c17bb664637787c9a1c98f79c38 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\tapisrv.dll : 249,856 : 04/14/2008 05:42 AM : 3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tapisrv.dll : 249,856 : 04/14/2008 05:42 AM : 3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]

 * C:\WINDOWS\System32\termsrv.dll : 295,424 : 04/14/2008 05:42 AM : ff3477c03be7201c294c35f684b3479f [NoSig]
 +-> C:\WINDOWS\erdnt\cache\termsrv.dll : 295,424 : 04/14/2008 05:42 AM : ff3477c03be7201c294c35f684b3479f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\termsrv.dll : 295,424 : 04/14/2008 05:42 AM : ff3477c03be7201c294c35f684b3479f [Pos Repl]

 * C:\WINDOWS\System32\upnphost.dll : 185,856 : 04/14/2008 05:42 AM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\upnphost.dll : 185,856 : 04/14/2008 05:42 AM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\upnphost.dll : 185,856 : 04/14/2008 05:42 AM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]

 * C:\WINDOWS\System32\user32.dll : 578,560 : 04/14/2008 05:42 AM : b26b135ff1b9f60c9388b4a7d16f600b [NoSig]
 +-> C:\WINDOWS\erdnt\cache\user32.dll : 578,560 : 04/14/2008 05:42 AM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\user32.dll : 578,560 : 04/14/2008 05:42 AM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]

 * C:\WINDOWS\System32\userinit.exe : 26,112 : 04/14/2008 05:42 AM : a93aee1928a9d7ce3e16d24ec7380f89 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\userinit.exe : 26,112 : 04/14/2008 05:42 AM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\userinit.exe : 26,112 : 04/14/2008 05:42 AM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]

 * C:\WINDOWS\System32\usp10.dll : 406,016 : 07/10/2013 06:37 AM : 1d845821f5adb076831de4c2818f858b [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB981322\SP3QFE\usp10.dll : 406,016 : 04/16/2010 11:29 AM : f8894bcc961d461674002b4bae7aecc1 [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\usp10.dll : 406,016 : 07/10/2013 06:37 AM : 1d845821f5adb076831de4c2818f858b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usp10.dll : 406,016 : 07/10/2013 06:37 AM : 1d845821f5adb076831de4c2818f858b [Pos Repl]

 * C:\WINDOWS\System32\UxTheme.dll : 218,624 : 04/14/2008 05:42 AM : 7a2cc3719b255e6b5d74396183b7715b [NoSig]
 +-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218,624 : 04/14/2008 05:42 AM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]

 * C:\WINDOWS\System32\version.dll : 18,944 : 04/14/2008 05:42 AM : c7ce131408739b0b3a318be2d0032719 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\version.dll : 18,944 : 04/14/2008 05:42 AM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\version.dll : 18,944 : 04/14/2008 05:42 AM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]

 * C:\WINDOWS\System32\w32time.dll : 175,104 : 04/14/2008 05:42 AM : 54af4b1d5459500ef0937f6d33b1914f [NoSig]
 +-> C:\WINDOWS\erdnt\cache\w32time.dll : 175,104 : 04/14/2008 05:42 AM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\w32time.dll : 175,104 : 04/14/2008 05:42 AM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]

 * C:\WINDOWS\System32\wbem\wmiprvse.exe : 227,840 : 02/06/2009 06:10 AM : 798a9e6828997eef4517ada8a2259831 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe : 227,840 : 02/06/2009 06:15 AM : f520ab392d58c0a1070268032d809382 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe : 218,112 : 04/14/2008 05:42 AM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 06:10 AM : 798a9e6828997eef4517ada8a2259831 [Pos Repl]

 * C:\WINDOWS\System32\wdigest.dll : 54,272 : 06/25/2009 04:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\wdigest.dll : 54,272 : 06/25/2009 04:41 AM : d9dcec3fa1b27689fc56e34c38d3f148 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 04:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]

 * C:\WINDOWS\System32\wiaservc.dll : 333,824 : 04/14/2008 05:42 AM : 8bad69cbac032d4bbacfce0306174c30 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\wiaservc.dll : 333,824 : 04/14/2008 05:42 AM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wiaservc.dll : 333,824 : 04/14/2008 05:42 AM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]

 * C:\WINDOWS\System32\wininet.dll : 920,064 : 03/06/2014 01:59 PM : 8af91e4b4c1f5338ebe1548117304296 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll : 919,040 : 06/24/2010 08:24 AM : 60237e50d575fba9bec9bc043f157149 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll : 919,552 : 11/04/2011 03:19 PM : 4e4716caf514717814d07113ad0425b6 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll : 920,064 : 08/28/2012 11:13 AM : dcea3b3193b7181cf818ecc4eab30a66 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll : 919,040 : 05/06/2010 06:36 AM : c1490f68b44af8b781f52f12f564625d [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\wininet.dll : 920,064 : 03/06/2014 01:59 PM : 8af91e4b4c1f5338ebe1548117304296 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll : 916,480 : 05/06/2010 06:41 AM : 2d9c7b010409372c34f725da5cced083 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2744842-IE8\wininet.dll : 916,992 : 11/04/2011 03:20 PM : 552263502ea8c24d301a0c43ff90b3ed [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2829530-IE8\wininet.dll : 916,992 : 08/28/2012 11:14 AM : ff1c14bca1a797ce45dd359fa2c9eda8 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2838727-IE8\wininet.dll : 920,064 : 04/16/2013 06:17 PM : 5c4aac5a91422c95522ecc6c26fb93c8 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2846071-IE8\wininet.dll : 920,064 : 05/07/2013 06:30 PM : ce5ba470204a3176e60721c4b63b8df3 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2862772-IE8\wininet.dll : 920,064 : 06/07/2013 05:56 PM : c087cc88d7cd554409cbb5ebc29e8e38 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2870699-IE8\wininet.dll : 920,064 : 07/25/2013 10:47 PM : d46e195d0c76d430d73576cdac763f78 [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2879017-IE8\wininet.dll : 920,064 : 08/08/2013 02:05 AM : f1bd516a4446b737baefb9fbaa92f01a [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2888505-IE8\wininet.dll : 920,064 : 09/23/2013 02:33 PM : d73f1be00684e675571015b3a5880f5b [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2898785-IE8\wininet.dll : 920,064 : 10/13/2013 03:25 AM : c5acab147f9697f40ecebb4bc0247ebf [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2909921-IE8\wininet.dll : 920,064 : 10/29/2013 03:57 AM : fbf173582874c30ec5faf8f8a67d873e [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2925418-IE8\wininet.dll : 920,064 : 02/05/2014 07:26 PM : e09551776d365bca891bbffb31ee4b4c [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB2936068-IE8\wininet.dll : 920,064 : 02/24/2014 07:46 AM : c29c1990c6ca8d7b098318f5887c3bdc [Pos Repl]
 +-> C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll : 914,944 : 03/08/2009 04:34 AM : 6ce32f7778061ccc5814d5e0f282d369 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wininet.dll : 920,064 : 03/06/2014 01:59 PM : 8af91e4b4c1f5338ebe1548117304296 [Pos Repl]

 * C:\WINDOWS\System32\winlogon.exe : 507,904 : 04/14/2008 05:42 AM : ed0ef0a136dec83df69f04118870003e [NoSig]
 +-> C:\WINDOWS\erdnt\cache\winlogon.exe : 507,904 : 04/14/2008 05:42 AM : ed0ef0a136dec83df69f04118870003e [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\winlogon.exe : 507,904 : 04/14/2008 05:42 AM : ed0ef0a136dec83df69f04118870003e [Pos Repl]

 * C:\WINDOWS\System32\ws2_32.dll : 82,432 : 04/14/2008 05:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ws2_32.dll : 82,432 : 04/14/2008 05:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ws2_32.dll : 82,432 : 04/14/2008 05:42 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]

 * C:\WINDOWS\System32\ws2help.dll : 19,968 : 04/14/2008 05:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ws2help.dll : 19,968 : 04/14/2008 05:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ws2help.dll : 19,968 : 04/14/2008 05:42 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]

 * C:\WINDOWS\System32\wscntfy.exe : 13,824 : 04/14/2008 05:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\wscntfy.exe : 13,824 : 04/14/2008 05:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wscntfy.exe : 13,824 : 04/14/2008 05:42 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]

 * C:\WINDOWS\System32\xmlprov.dll : 129,024 : 04/14/2008 05:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\xmlprov.dll : 129,024 : 04/14/2008 05:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\xmlprov.dll : 129,024 : 04/14/2008 05:42 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]

 * C:\WINDOWS\explorer.exe : 1,033,728 : 04/14/2008 05:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\explorer.exe : 1,033,728 : 04/14/2008 05:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,033,728 : 04/14/2008 05:42 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]

 * C:\WINDOWS\System32\drivers\acpiec.sys : 11,648 : 08/23/2001 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\acpiec.sys : 11,648 : 08/23/2001 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [Pos Repl]

 * C:\WINDOWS\System32\drivers\acpi.sys : 187,776 : 04/14/2008 00:06 AM : 8fd99680a539792a30e97944fdaecf17 [NoSig]

 * C:\WINDOWS\System32\drivers\aec.sys : 142,592 : 04/13/2008 11:09 PM : 8bed39e3c35d6a489438b8141717a557 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\aec.sys : 142,592 : 04/13/2008 11:09 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\aec.sys : 142,592 : 04/13/2008 11:09 PM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]

 * C:\WINDOWS\System32\drivers\afd.sys : 138,496 : 08/17/2011 09:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/16/2008 11:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/17/2011 09:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 09:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]

 * C:\WINDOWS\System32\drivers\amdk6.sys : 37,376 : 04/14/2008 05:51 AM : d7701d7e72243286cc88c9973d891057 [NoSig]

 * C:\WINDOWS\System32\drivers\amdk7.sys : 37,760 : 04/14/2008 05:51 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig]

 * C:\WINDOWS\System32\drivers\arp1394.sys : 60,800 : 04/14/2008 05:51 AM : b5b8a80875c1dededa8b02765642c32f [NoSig]

 * C:\WINDOWS\System32\drivers\asyncmac.sys : 14,336 : 04/14/2008 00:27 AM : b153affac761e7f5fcfa822b9c4e97bc [NoSig]
 +-> C:\WINDOWS\erdnt\cache\asyncmac.sys : 14,336 : 04/14/2008 00:27 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\asyncmac.sys : 14,336 : 04/14/2008 00:27 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]

 * C:\WINDOWS\System32\drivers\atapi.sys : 96,512 : 04/14/2008 01:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\atapi.sys : 96,512 : 04/14/2008 01:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 01:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys : 96,512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys : 96,512 : 04/14/2008 01:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]

 * C:\WINDOWS\System32\drivers\audstub.sys : 3,072 : 08/17/2001 09:59 AM : d9f724aa26c010a217c97606b160ed68 [NoSig]

 * C:\WINDOWS\System32\drivers\beep.sys : 4,224 : 08/23/2001 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\beep.sys : 4,224 : 08/23/2001 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 08/23/2001 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]

 * C:\WINDOWS\System32\drivers\bridge.sys : 71,552 : 04/14/2008 00:23 AM : f934d1b230f84e1d19dd00ac5a7a83ed [NoSig]
 +-> C:\WINDOWS\system32\dllcache\bridge.sys : 71,552 : 04/14/2008 00:23 AM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]

 * C:\WINDOWS\System32\drivers\bthport.sys : 272,128 : 06/13/2008 07:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 07:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 07:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 07:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]

 * C:\WINDOWS\System32\drivers\cbidf2k.sys : 13,952 : 08/23/2001 07:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig]

 * C:\WINDOWS\System32\drivers\cdaudio.sys : 18,688 : 08/23/2001 07:00 AM : c1b486a7658353d33a10cc15211a873b [NoSig]

 * C:\WINDOWS\System32\drivers\cdfs.sys : 63,744 : 04/14/2008 00:44 AM : c885b02847f5d2fd45a24e219ed93b32 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\cdfs.sys : 63,744 : 04/14/2008 00:44 AM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]

 * C:\WINDOWS\System32\drivers\cdrom.sys : 62,976 : 04/14/2008 00:10 AM : 1f4260cc5b42272d71f79e570a27a4fe [NoSig]

 * C:\WINDOWS\System32\drivers\classpnp.sys : 49,536 : 04/14/2008 00:46 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\classpnp.sys : 49,536 : 04/14/2008 00:46 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]

 * C:\WINDOWS\System32\drivers\cpqdap01.sys : 11,776 : 08/23/2001 07:00 AM : 9624293e55ad405415862b504ca95b73 [NoSig]

 * C:\WINDOWS\System32\drivers\crusoe.sys : 36,736 : 04/14/2008 05:51 AM : f50d9bdbb25cce075e514dc07472a22f [NoSig]

 * C:\WINDOWS\System32\drivers\diskdump.sys : 14,208 : 04/14/2008 00:10 AM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\diskdump.sys : 14,208 : 04/14/2008 00:10 AM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]

 * C:\WINDOWS\System32\drivers\disk.sys : 36,352 : 04/14/2008 00:10 AM : 044452051f3e02e7963599fc8f4f3e25 [NoSig]

 * C:\WINDOWS\System32\drivers\dmboot.sys : 799,744 : 04/14/2008 00:14 AM : d992fe1274bde0f84ad826acae022a41 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmboot.sys : 799,744 : 04/14/2008 00:14 AM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]

 * C:\WINDOWS\System32\drivers\dmio.sys : 153,344 : 04/14/2008 00:14 AM : 7c824cf7bbde77d95c08005717a95f6f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmio.sys : 153,344 : 04/14/2008 00:14 AM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]

 * C:\WINDOWS\System32\drivers\dmload.sys : 5,888 : 08/23/2001 07:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 08/23/2001 07:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]

 * C:\WINDOWS\System32\drivers\DMusic.sys : 52,864 : 04/14/2008 01:15 AM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmusic.sys : 52,864 : 04/14/2008 01:15 AM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]

 * C:\WINDOWS\System32\drivers\drmkaud.sys : 2,944 : 04/14/2008 01:15 AM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 01:15 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]

 * C:\WINDOWS\System32\drivers\drmk.sys : 60,160 : 04/14/2008 01:15 AM : 6cb08593487f5701d2d2254e693eafce [NoSig]
 +-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/14/2008 01:15 AM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]

 * C:\WINDOWS\System32\drivers\dxapi.sys : 10,496 : 08/23/2001 07:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 08/23/2001 07:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]

 * C:\WINDOWS\System32\drivers\dxg.sys : 71,168 : 04/14/2008 00:08 AM : ac7280566a7bb85cb3291f04ddc1198e [NoSig]

 * C:\WINDOWS\System32\drivers\dxgthk.sys : 3,328 : 08/23/2001 07:00 AM : a73f5d6705b1d820c19b18782e176efd [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 08/23/2001 07:00 AM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]

 * C:\WINDOWS\System32\drivers\fastfat.sys : 143,744 : 04/14/2008 00:44 AM : 38d332a6d56af32635675f132548343e [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fastfat.sys : 143,744 : 04/14/2008 00:44 AM : 38d332a6d56af32635675f132548343e [Pos Repl]

 * C:\WINDOWS\System32\drivers\fdc.sys : 27,392 : 04/14/2008 00:10 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig]

 * C:\WINDOWS\System32\drivers\fips.sys : 44,544 : 04/14/2008 00:03 AM : d45926117eb9fa946a6af572fbe1caa3 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fips.sys : 44,544 : 04/14/2008 00:03 AM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]

 * C:\WINDOWS\System32\drivers\flpydisk.sys : 20,480 : 04/14/2008 00:10 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig]

 * C:\WINDOWS\System32\drivers\fltMgr.sys : 129,792 : 04/14/2008 00:03 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fltmgr.sys : 129,792 : 04/14/2008 00:03 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]

 * C:\WINDOWS\System32\drivers\fs_rec.sys : 7,936 : 08/23/2001 07:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 08/23/2001 07:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]

 * C:\WINDOWS\System32\drivers\fsvga.sys : 12,160 : 08/23/2001 07:00 AM : 455f778ee14368468560bd7cb8c854d0 [NoSig]

 * C:\WINDOWS\System32\drivers\ftdisk.sys : 125,056 : 08/23/2001 07:00 AM : 6ac26732762483366c3969c9e4d2259d [NoSig]

 * C:\WINDOWS\System32\drivers\hidclass.sys : 36,864 : 04/14/2008 00:15 AM : 1af592532532a402ed7c060f6954004f [NoSig]

 * C:\WINDOWS\System32\drivers\hidparse.sys : 25,088 : 07/02/2013 10:12 PM : c569ef030b11f896e123a30ac92678db [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\hidparse.sys : 25,088 : 07/02/2013 10:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\hidparse.sys : 25,088 : 07/02/2013 10:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]

 * C:\WINDOWS\System32\drivers\hidusb.sys : 10,368 : 04/14/2008 00:15 AM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig]

 * C:\WINDOWS\System32\drivers\http.sys : 265,728 : 10/20/2009 12:20 AM : f80a415ef82cd06ffaf0d971528ead38 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/20/2009 11:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 12:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 12:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]

 * C:\WINDOWS\System32\drivers\i8042prt.sys : 52,480 : 04/14/2008 00:48 AM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]

 * C:\WINDOWS\System32\drivers\imapi.sys : 42,112 : 04/14/2008 00:11 AM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig]

 * C:\WINDOWS\System32\drivers\intelppm.sys : 36,352 : 04/14/2008 00:01 AM : 8c953733d8f36eb2133f5bb58808b66b [NoSig]

 * C:\WINDOWS\System32\drivers\ip6fw.sys : 36,608 : 04/14/2008 00:23 AM : 3bb22519a194418d5fec05d800a19ad0 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ip6fw.sys : 36,608 : 04/14/2008 00:23 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ip6fw.sys : 36,608 : 04/14/2008 00:23 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ipfltdrv.sys : 32,896 : 08/23/2001 07:00 AM : 731f22ba402ee4b62748adaf6363c182 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 08/23/2001 07:00 AM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ipinip.sys : 20,864 : 04/14/2008 00:27 AM : b87ab476dcf76e72010632b5550955f5 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipinip.sys : 20,864 : 04/14/2008 00:27 AM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ipnat.sys : 152,832 : 04/14/2008 00:27 AM : cc748ea12c6effde940ee98098bf96bb [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipnat.sys : 152,832 : 04/14/2008 00:27 AM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]

 * C:\WINDOWS\System32\drivers\ipsec.sys : 75,264 : 04/14/2008 00:49 AM : 23c74d75e36e7158768dd63d92789a91 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ipsec.sys : 75,264 : 04/14/2008 00:49 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ipsec.sys : 75,264 : 04/14/2008 00:49 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]

 * C:\WINDOWS\System32\drivers\irenum.sys : 11,264 : 04/14/2008 00:24 AM : c93c9ff7b04d772627a3646d89f7bf89 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\irenum.sys : 11,264 : 04/14/2008 00:24 AM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]

 * C:\WINDOWS\System32\drivers\isapnp.sys : 37,248 : 04/14/2008 01:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\isapnp.sys : 37,248 : 04/14/2008 01:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys : 37,248 : 04/14/2008 00:06 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]

 * C:\WINDOWS\System32\drivers\kbdclass.sys : 24,576 : 04/14/2008 00:09 AM : 463c1ec80cd17420a542b7f36a36f128 [NoSig]
 +-> C:\WINDOWS\erdnt\cache\kbdclass.sys : 24,576 : 04/14/2008 00:09 AM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]

 * C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 04/14/2008 01:15 AM : 692bcf44383d056aed41b045a323d378 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 01:15 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 07:18 AM : b467646c54cc746128904e1654c750c1 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 06:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 07:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ks.sys : 141,056 : 04/14/2008 01:46 AM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/14/2008 01:46 AM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]

 * C:\WINDOWS\System32\drivers\mcd.sys : 7,680 : 08/23/2001 07:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 08/23/2001 07:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]

 * C:\WINDOWS\System32\drivers\mf.sys : 63,744 : 04/14/2008 05:51 AM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig]

 * C:\WINDOWS\System32\drivers\mnmdd.sys : 4,224 : 08/23/2001 07:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 08/23/2001 07:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]

 * C:\WINDOWS\System32\drivers\modem.sys : 30,080 : 04/14/2008 05:51 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig]

 * C:\WINDOWS\System32\drivers\mouclass.sys : 23,040 : 04/14/2008 05:51 AM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig]

 * C:\WINDOWS\System32\drivers\mouhid.sys : 12,160 : 08/23/2001 07:00 AM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig]

 * C:\WINDOWS\System32\drivers\mountmgr.sys : 42,368 : 04/14/2008 00:09 AM : a80b9a0bad1b73637dbcbba7df72d3fd [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mountmgr.sys : 42,368 : 04/14/2008 00:09 AM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]

 * C:\WINDOWS\System32\drivers\mqac.sys : 92,544 : 04/14/2008 00:09 AM : 70c14f5cca5cf73f8a645c73a01d8726 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mqac.sys : 92,544 : 04/14/2008 00:09 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]

 * C:\WINDOWS\System32\drivers\mrxdav.sys : 180,608 : 04/14/2008 00:02 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mrxdav.sys : 180,608 : 04/14/2008 00:02 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]

 * C:\WINDOWS\System32\drivers\mrxsmb.sys : 456,320 : 07/15/2011 09:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/15/2011 09:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]
 +-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 09:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 09:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]

 * C:\WINDOWS\System32\drivers\msfs.sys : 19,072 : 04/14/2008 00:02 AM : c941ea2454ba8350021d774daf0f1027 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msfs.sys : 19,072 : 04/14/2008 00:02 AM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]

 * C:\WINDOWS\System32\drivers\msgpc.sys : 35,072 : 04/14/2008 00:26 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\msgpc.sys : 35,072 : 04/14/2008 00:26 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]

 * C:\WINDOWS\System32\drivers\MSKSSRV.sys : 7,552 : 04/14/2008 01:09 AM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mskssrv.sys : 7,552 : 04/14/2008 01:09 AM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]

 * C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 5,376 : 04/14/2008 01:09 AM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mspclock.sys : 5,376 : 04/14/2008 01:09 AM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]

 * C:\WINDOWS\System32\drivers\MSPQM.sys : 4,992 : 04/14/2008 01:09 AM : bad59648ba099da4a17680b39730cb3d [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mspqm.sys : 4,992 : 04/14/2008 01:09 AM : bad59648ba099da4a17680b39730cb3d [Pos Repl]

 * C:\WINDOWS\System32\drivers\mssmbios.sys : 15,488 : 04/14/2008 05:51 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig]

 * C:\WINDOWS\System32\drivers\mup.sys : 105,472 : 04/21/2011 09:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/21/2011 09:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 09:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ndis.sys : 182,656 : 04/14/2008 00:50 AM : 1df7f42665c94b825322fae71721130d [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ndis.sys : 182,656 : 04/14/2008 00:50 AM : 1df7f42665c94b825322fae71721130d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ndis.sys : 182,656 : 04/14/2008 00:50 AM : 1df7f42665c94b825322fae71721130d [Pos Repl]

 * C:\WINDOWS\System32\drivers\ndistapi.sys : 10,496 : 07/08/2011 10:02 AM : 0109c4f3850dfbab279542515386ae22 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/08/2011 09:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 10:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ndisuio.sys : 14,592 : 04/14/2008 05:51 AM : f927a4434c5028758a842943ef1a3849 [NoSig]

 * C:\WINDOWS\System32\drivers\ndiswan.sys : 91,520 : 04/14/2008 00:50 AM : edc1531a49c80614b2cfda43ca8659ab [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ndiswan.sys : 91,520 : 04/14/2008 00:50 AM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]

 * C:\WINDOWS\System32\drivers\ndproxy.sys : 40,960 : 11/27/2013 04:21 PM : 2f597bb467e05b1fe3830eabd821b8e0 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40,960 : 11/03/2010 01:55 AM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/27/2013 04:21 PM : 2f597bb467e05b1fe3830eabd821b8e0 [Pos Repl]

 * C:\WINDOWS\System32\drivers\netbios.sys : 34,688 : 04/14/2008 00:26 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\netbios.sys : 34,688 : 04/14/2008 00:26 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]

 * C:\WINDOWS\System32\drivers\netbt.sys : 162,816 : 04/14/2008 00:51 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig]
 +-> C:\WINDOWS\system32\dllcache\netbt.sys : 162,816 : 04/14/2008 00:51 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]

 * C:\WINDOWS\System32\drivers\nic1394.sys : 61,824 : 04/14/2008 05:51 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig]

 * C:\WINDOWS\System32\drivers\nikedrv.sys : 12,032 : 08/23/2001 07:00 AM : be984d604d91c217355cdd3737aad25d [NoSig]

 * C:\WINDOWS\System32\drivers\nmnt.sys : 40,320 : 04/14/2008 00:23 AM : 1e421a6bcf2203cc61b821ada9de878b [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nmnt.sys : 40,320 : 04/14/2008 00:23 AM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]

 * C:\WINDOWS\System32\drivers\npfs.sys : 30,848 : 04/14/2008 00:02 AM : 3182d64ae053d6fb034f44b6def8034a [NoSig]
 +-> C:\WINDOWS\system32\dllcache\npfs.sys : 30,848 : 04/14/2008 00:02 AM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]

 * C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 04/14/2008 00:45 AM : 78a08dd6a8d65e697c18e1db01c5cdca [NoSig]
 +-> C:\WINDOWS\erdnt\cache\ntfs.sys : 574,976 : 04/14/2008 00:45 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ntfs.sys : 574,976 : 04/14/2008 00:45 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]

 * C:\WINDOWS\System32\drivers\null.sys : 2,944 : 08/23/2001 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig]
 +-> C:\WINDOWS\erdnt\cache\null.sys : 2,944 : 08/23/2001 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 08/23/2001 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]

 * C:\WINDOWS\System32\drivers\nwlnkflt.sys : 12,416 : 08/23/2001 07:00 AM : b305f3fad35083837ef46a0bbce2fc57 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 08/23/2001 07:00 AM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]

 * C:\WINDOWS\System32\drivers\nwlnkfwd.sys : 32,512 : 08/23/2001 07:00 AM : c99b3415198d1aab7227f2c88fd664b9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 08/23/2001 07:00 AM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]

 * C:\WINDOWS\System32\drivers\nwlnkipx.sys : 88,320 : 04/14/2008 00:26 AM : 8b8b1be2dba4025da6786c645f77f123 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkipx.sys : 88,320 : 04/14/2008 00:26 AM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]

 * C:\WINDOWS\System32\drivers\nwlnknb.sys : 63,232 : 08/23/2001 07:00 AM : 56d34a67c05e94e16377c60609741ff8 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 08/23/2001 07:00 AM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]

 * C:\WINDOWS\System32\drivers\nwlnkspx.sys : 55,936 : 08/23/2001 07:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 08/23/2001 07:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]

 * C:\WINDOWS\System32\drivers\nwrdr.sys : 163,584 : 04/14/2008 00:04 AM : 36b9b950e3d2e100970a48d8bad86740 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwrdr.sys : 163,584 : 04/14/2008 00:04 AM : 36b9b950e3d2e100970a48d8bad86740 [Pos Repl]

 * C:\WINDOWS\System32\drivers\oprghdlr.sys : 3,456 : 08/23/2001 07:00 AM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig]

 * C:\WINDOWS\System32\drivers\p3.sys : 42,752 : 04/14/2008 05:51 AM : c90018bafdc7098619a4a95b046b30f3 [NoSig]

 * C:\WINDOWS\System32\drivers\parport.sys : 80,128 : 04/14/2008 05:51 AM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig]

 * C:\WINDOWS\System32\drivers\partmgr.sys : 19,712 : 04/14/2008 00:10 AM : beb3ba25197665d82ec7065b724171c6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\partmgr.sys : 19,712 : 04/14/2008 00:10 AM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]

 * C:\WINDOWS\System32\drivers\parvdm.sys : 6,784 : 08/23/2001 07:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 08/23/2001 07:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]

 * C:\WINDOWS\System32\drivers\pciidex.sys : 24,960 : 04/14/2008 01:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pciidex.sys : 24,960 : 04/14/2008 01:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\pciidex.sys : 24,960 : 04/14/2008 00:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\pciidex.sys : 24,960 : 04/14/2008 01:10 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]

 * C:\WINDOWS\System32\drivers\pci.sys : 68,224 : 04/14/2008 01:06 AM : a219903ccf74233761d92bef471a07b1 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\pci.sys : 68,224 : 04/14/2008 01:06 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\pci.sys : 68,224 : 04/14/2008 00:06 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\pci.sys : 68,224 : 04/14/2008 01:06 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]

 * C:\WINDOWS\System32\drivers\pcmcia.sys : 120,192 : 04/14/2008 00:06 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig]

 * C:\WINDOWS\System32\drivers\portcls.sys : 146,048 : 04/14/2008 01:49 AM : e82a496c3961efc6828b508c310ce98f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/14/2008 01:49 AM : e82a496c3961efc6828b508c310ce98f [Pos Repl]

 * C:\WINDOWS\System32\drivers\processr.sys : 35,840 : 04/14/2008 05:51 AM : a32bebaf723557681bfc6bd93e98bd26 [NoSig]

 * C:\WINDOWS\System32\drivers\psched.sys : 69,120 : 04/14/2008 00:26 AM : 09298ec810b07e5d582cb3a3f9255424 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\psched.sys : 69,120 : 04/14/2008 00:26 AM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]

 * C:\WINDOWS\System32\drivers\ptilink.sys : 17,792 : 08/23/2001 07:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 08/23/2001 07:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]

 * C:\WINDOWS\System32\drivers\rasacd.sys : 8,832 : 08/23/2001 07:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 08/23/2001 07:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]

 * C:\WINDOWS\System32\drivers\rasl2tp.sys : 51,328 : 04/14/2008 00:49 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasl2tp.sys : 51,328 : 04/14/2008 00:49 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]

 * C:\WINDOWS\System32\drivers\raspppoe.sys : 41,472 : 04/14/2008 00:27 AM : 5bc962f2654137c9909c3d4603587dee [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspppoe.sys : 41,472 : 04/14/2008 00:27 AM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]

 * C:\WINDOWS\System32\drivers\raspptp.sys : 48,384 : 04/14/2008 00:49 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspptp.sys : 48,384 : 04/14/2008 00:49 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]

 * C:\WINDOWS\System32\drivers\raspti.sys : 16,512 : 08/23/2001 07:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 08/23/2001 07:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]

 * C:\WINDOWS\System32\drivers\rawwan.sys : 34,432 : 08/23/2001 07:00 AM : 01524cd237223b18adbb48f70083f101 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 08/23/2001 07:00 AM : 01524cd237223b18adbb48f70083f101 [Pos Repl]

 * C:\WINDOWS\System32\drivers\rdbss.sys : 175,744 : 04/14/2008 00:58 AM : 7ad224ad1a1437fe28d89cf22b17780a [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdbss.sys : 175,744 : 04/14/2008 00:58 AM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]

 * C:\WINDOWS\System32\drivers\rdpcdd.sys : 4,224 : 08/23/2001 07:00 AM : 4912d5b403614ce99c28420f75353332 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 08/23/2001 07:00 AM : 4912d5b403614ce99c28420f75353332 [Pos Repl]

 * C:\WINDOWS\System32\drivers\rdpdr.sys : 196,224 : 04/14/2008 01:02 AM : 15cabd0f7c00c47c70124907916af3f1 [NoSig]

 * C:\WINDOWS\System32\drivers\rdpwd.sys : 139,784 : 07/04/2012 10:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2723135-v2\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 09:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/04/2012 10:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]

 * C:\WINDOWS\System32\drivers\redbook.sys : 57,600 : 04/13/2008 08:10 PM : f828dd7e1419b6653894a8f97a0094c5 [NoSig]

 * C:\WINDOWS\System32\drivers\rmcast.sys : 203,136 : 05/08/2008 10:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/08/2008 09:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys : 202,624 : 04/14/2008 00:25 AM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 10:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]

 * C:\WINDOWS\System32\drivers\rndismp.sys : 30,592 : 04/14/2008 00:26 AM : 601844cbcf617ff8c868130ca5b2039d [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rndismp.sys : 30,592 : 04/14/2008 00:26 AM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]

 * C:\WINDOWS\System32\drivers\rootmdm.sys : 5,888 : 08/23/2001 07:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 08/23/2001 07:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]

 * C:\WINDOWS\System32\drivers\scsiport.sys : 96,384 : 04/14/2008 00:10 AM : 76c465f570e90c28942d52ccb2580a10 [NoSig]

 * C:\WINDOWS\System32\drivers\sdbus.sys : 79,232 : 04/14/2008 00:06 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig]

 * C:\WINDOWS\System32\drivers\serenum.sys : 15,744 : 04/14/2008 00:10 AM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig]

 * C:\WINDOWS\System32\drivers\serial.sys : 64,512 : 04/14/2008 00:45 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig]

 * C:\WINDOWS\System32\drivers\sffdisk.sys : 11,904 : 04/14/2008 00:10 AM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig]

 * C:\WINDOWS\System32\drivers\sffp_sd.sys : 11,008 : 04/14/2008 00:10 AM : c17c331e435ed8737525c86a7557b3ac [NoSig]

 * C:\WINDOWS\System32\drivers\sfloppy.sys : 11,392 : 04/14/2008 00:10 AM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig]

 * C:\WINDOWS\System32\drivers\smclib.sys : 14,592 : 08/23/2001 07:00 AM : 017daecf0ed3aa731313433601ec40fa [NoSig]
 +-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 08/23/2001 07:00 AM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]

 * C:\WINDOWS\System32\drivers\sonydcam.sys : 25,344 : 04/14/2008 05:51 AM : 489703624dac94ed943c2abda022a1cd [NoSig]

 * C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 04/14/2008 01:15 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\splitter.sys : 6,272 : 04/14/2008 01:15 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]

 * C:\WINDOWS\System32\drivers\sr.sys : 73,472 : 04/14/2008 00:06 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sr.sys : 73,472 : 04/14/2008 00:06 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]

 * C:\WINDOWS\System32\drivers\srv.sys : 357,888 : 02/17/2011 09:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/26/2010 09:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/17/2011 09:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 09:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]

 * C:\WINDOWS\System32\drivers\stream.sys : 49,408 : 04/14/2008 01:15 AM : 3e5d89099ded9e86e5639f411693218f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/14/2008 01:15 AM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]

 * C:\WINDOWS\System32\drivers\swenum.sys : 4,352 : 04/14/2008 05:51 AM : 3941d127aef12e93addf6fe6ee027e0f [NoSig]

 * C:\WINDOWS\System32\drivers\swmidi.sys : 56,576 : 04/14/2008 01:15 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 01:15 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]

 * C:\WINDOWS\System32\drivers\sysaudio.sys : 60,800 : 04/14/2008 01:45 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 01:45 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]

 * C:\WINDOWS\System32\drivers\tape.sys : 14,976 : 04/14/2008 00:10 AM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tape.sys : 14,976 : 04/14/2008 00:10 AM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]

 * C:\WINDOWS\System32\drivers\tcpip6.sys : 226,880 : 02/11/2010 08:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 07:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 07:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 08:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]

 * C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 07:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 07:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
 +-> C:\WINDOWS\erdnt\cache\tcpip.sys : 361,600 : 06/20/2008 07:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 07:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]

 * C:\WINDOWS\System32\drivers\tdi.sys : 19,072 : 04/14/2008 00:30 AM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tdi.sys : 19,072 : 04/14/2008 00:30 AM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]

 * C:\WINDOWS\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 05:43 AM : 6471a66807f5e104e4885f5b67349397 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tdpipe.sys : 12,040 : 04/14/2008 05:43 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]

 * C:\WINDOWS\System32\drivers\tdtcp.sys : 21,896 : 04/14/2008 05:43 AM : c56b6d0402371cf3700eb322ef3aaf61 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\tdtcp.sys : 21,896 : 04/14/2008 05:43 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]

 * C:\WINDOWS\System32\drivers\termdd.sys : 40,840 : 04/14/2008 06:43 AM : 88155247177638048422893737429d9e [NoSig]

 * C:\WINDOWS\System32\drivers\tosdvd.sys : 51,712 : 08/23/2001 07:00 AM : 699450901c5ccfd82357cbc531cedd23 [NoSig]

 * C:\WINDOWS\System32\drivers\tunmp.sys : 12,288 : 04/14/2008 05:51 AM : 8f861eda21c05857eb8197300a92501c [NoSig]

 * C:\WINDOWS\System32\drivers\udfs.sys : 66,048 : 04/14/2008 00:02 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\udfs.sys : 66,048 : 04/14/2008 00:02 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]

 * C:\WINDOWS\System32\drivers\update.sys : 384,768 : 04/14/2008 00:09 AM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\update.sys : 384,768 : 04/14/2008 00:09 AM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]

 * C:\WINDOWS\System32\drivers\usb8023.sys : 12,928 : 02/11/2013 08:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/11/2013 08:43 PM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/11/2013 08:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]

 * C:\WINDOWS\System32\drivers\usbcamd2.sys : 25,728 : 04/14/2008 05:51 AM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig]

 * C:\WINDOWS\System32\drivers\usbcamd.sys : 25,600 : 04/14/2008 05:51 AM : 1c1a47b40c23358245aa8d0443b6935e [NoSig]

 * C:\WINDOWS\System32\drivers\usbccgp.sys : 32,384 : 08/08/2013 08:55 PM : 1b611611c28d2df25bc057d79c6f13fc [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\usbccgp.sys : 32,384 : 08/08/2013 08:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,384 : 08/08/2013 08:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]

 * C:\WINDOWS\System32\drivers\usbd.sys : 5,376 : 08/08/2013 08:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\usbd.sys : 5,376 : 08/08/2013 08:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbd.sys : 5,376 : 08/08/2013 08:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]

 * C:\WINDOWS\System32\drivers\usbehci.sys : 30,336 : 03/18/2009 07:02 AM : 4bac8df07f1d8434fc640e677a62204e [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\usbehci.sys : 30,336 : 03/18/2009 07:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbehci.sys : 30,336 : 03/18/2009 07:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\usbehci.sys : 30,208 : 04/14/2008 00:15 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\usbehci.sys : 30,208 : 04/14/2008 01:15 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]

 * C:\WINDOWS\System32\drivers\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 00:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 01:15 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]

 * C:\WINDOWS\System32\drivers\usbintel.sys : 15,872 : 04/14/2008 05:51 AM : 290913dc4f1125e5a82de52579a44c43 [NoSig]

 * C:\WINDOWS\System32\drivers\usbport.sys : 144,128 : 08/08/2013 08:55 PM : 6df35ca139c3bc15cc74390abb114efe [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\usbport.sys : 144,128 : 08/08/2013 08:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbport.sys : 144,128 : 08/08/2013 08:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]

 * C:\WINDOWS\System32\drivers\USBSTOR.sys : 26,368 : 04/14/2008 01:15 AM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbstor.sys : 26,368 : 04/14/2008 01:15 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]

 * C:\WINDOWS\System32\drivers\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 00:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 01:15 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]

 * C:\WINDOWS\System32\drivers\vga.sys : 20,992 : 04/14/2008 00:14 AM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\vga.sys : 20,992 : 04/14/2008 00:14 AM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]

 * C:\WINDOWS\System32\drivers\videoprt.sys : 81,664 : 04/14/2008 00:14 AM : e28726b72c46821a28830e077d39a55b [NoSig]
 +-> C:\WINDOWS\system32\dllcache\videoprt.sys : 81,664 : 04/14/2008 00:14 AM : e28726b72c46821a28830e077d39a55b [Pos Repl]

 * C:\WINDOWS\System32\drivers\volsnap.sys : 52,352 : 04/14/2008 00:11 AM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\volsnap.sys : 52,352 : 04/14/2008 00:11 AM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]

 * C:\WINDOWS\System32\drivers\wanarp.sys : 34,560 : 04/14/2008 00:27 AM : e20b95baedb550f32dd489265c1da1f6 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wanarp.sys : 34,560 : 04/14/2008 00:27 AM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]

 * C:\WINDOWS\System32\drivers\wdmaud.sys : 83,072 : 04/14/2008 01:47 AM : 6768acf64b18196494413695f0c3a00f [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 01:47 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl]

 * C:\WINDOWS\System32\drivers\wmilib.sys : 4,352 : 08/23/2001 07:00 AM : 2f31b7f954bed437f2c75026c65caf7b [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 08/23/2001 07:00 AM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]

 * C:\WINDOWS\System32\drivers\ws2ifsl.sys : 12,032 : 08/23/2001 07:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 08/23/2001 07:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1       localhost
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
  0.0.0.0 cdn.llogetfastcach.us

  20 out of 36 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/28/2015 07:39:17 PM
Execution time: 0 hours(s), 8 minute(s), and 9 seconds(s)
 



#9 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 01 November 2015 - 09:26 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-10-2015
Ran by owner (2015-11-01 21:22:22)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-03-01 18:52:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1085031214-2139871995-1417001333-500 - Administrator - Enabled)
Guest (S-1-5-21-1085031214-2139871995-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1085031214-2139871995-1417001333-1000 - Limited - Disabled)
owner (S-1-5-21-1085031214-2139871995-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner
SUPPORT_388945a0 (S-1-5-21-1085031214-2139871995-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\{6CBBF19C-2B69-4143-81C4-D5B56D32088C}) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{5dfbeba9-9f22-463d-8c95-c861911810a2}) (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}) (Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DuckCapture Standard 2.7 (HKLM\...\DuckCapture_is1) (Version: 2.7 - DuckLink)
Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eusing Cleaner (HKLM\...\Eusing Cleaner) (Version:  - Eusing Freeware)
Free Internet Window Washer (HKLM\...\Free Internet Window Washer) (Version:  - )
Gunship! (HKLM\...\Gunship!) (Version:  - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C821234A-3642-493B-95AF-46F776392E20}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 15.2.89.2 (HKLM\...\{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}) (Version: 15.2.89.2 - Intel)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Longbow (HKLM\...\InstallShield_{EF08AF39-BE53-4308-A97C-0327C0F5AA23}) (Version: 1.00.0000 - Activision Value)
Longbow (Version: 1.00.0000 - Activision Value) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{40147F4F-B73E-4C87-A3D3-8BD36F7C77F0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Reason Core Security (HKLM\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)
Tweaking.com - Simple System Tweaker (HKLM\...\Tweaking.com - Simple System Tweaker) (Version: 2.1.0 - Tweaking.com)
Tweaking.com - Technicians Toolbox (HKLM\...\Tweaking.com - Technicians Toolbox) (Version: 1.0.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.5.1 - Tweaking.com)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Wise Disk Cleaner 8.31 (HKLM\...\Wise Disk Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
Wise Folder Hider 1.35 (HKLM\...\Wise Folder Hider_is1) (Version: 1.35 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.18.19 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points =========================

05-08-2015 14:54:18 System Checkpoint
10-08-2015 15:44:25 System Checkpoint
11-08-2015 17:26:06 System Checkpoint
12-08-2015 19:15:27 System Checkpoint
13-08-2015 04:01:21 Software Distribution Service 3.0
13-08-2015 11:41:03 Software Distribution Service 3.0
14-08-2015 12:45:09 System Checkpoint
15-08-2015 13:02:55 System Checkpoint
16-08-2015 16:11:22 System Checkpoint
17-08-2015 16:34:56 System Checkpoint
19-08-2015 09:32:48 System Checkpoint
20-08-2015 10:58:44 System Checkpoint
21-08-2015 12:18:00 System Checkpoint
22-08-2015 15:04:30 System Checkpoint
24-08-2015 11:29:48 System Checkpoint
25-08-2015 12:19:11 System Checkpoint
27-08-2015 10:41:47 System Checkpoint
29-08-2015 09:06:20 System Checkpoint
31-08-2015 03:21:29 System Checkpoint
01-09-2015 13:43:33 System Checkpoint
03-09-2015 11:39:12 System Checkpoint
04-09-2015 14:08:11 System Checkpoint
05-09-2015 20:41:50 System Checkpoint
08-09-2015 11:26:03 System Checkpoint
09-09-2015 13:26:19 System Checkpoint
09-09-2015 13:50:58 Software Distribution Service 3.0
10-09-2015 16:05:49 System Checkpoint
11-09-2015 20:02:54 System Checkpoint
12-09-2015 23:21:53 System Checkpoint
14-09-2015 20:18:51 System Checkpoint
16-09-2015 01:16:27 System Checkpoint
17-09-2015 02:46:57 System Checkpoint
18-09-2015 14:30:25 System Checkpoint
19-09-2015 02:49:17 Revo Uninstaller's restore point - Heimdal
20-09-2015 03:02:58 System Checkpoint
21-09-2015 03:08:25 System Checkpoint
22-09-2015 03:35:13 System Checkpoint
23-09-2015 15:32:39 System Checkpoint
24-09-2015 19:26:21 System Checkpoint
26-09-2015 01:19:10 System Checkpoint
26-09-2015 12:04:47 GOOD
28-09-2015 01:16:30 System Checkpoint
30-09-2015 20:52:01 System Checkpoint
02-10-2015 01:24:24 System Checkpoint
03-10-2015 05:07:45 System Checkpoint
05-10-2015 01:52:12 System Checkpoint
06-10-2015 05:22:40 System Checkpoint
06-10-2015 17:34:00 Revo Uninstaller's restore point - Avira Antivirus
07-10-2015 18:58:17 System Checkpoint
09-10-2015 00:06:43 System Checkpoint
12-10-2015 01:44:35 System Checkpoint
13-10-2015 03:06:05 System Checkpoint
13-10-2015 20:01:54 Software Distribution Service 3.0
14-10-2015 20:11:18 Installed TurboTax 2014 wvaiper
15-10-2015 17:50:54 Revo Uninstaller's restore point - WinThruster
16-10-2015 16:51:13 GOOD CLEAN
20-10-2015 08:25:32 System Checkpoint
21-10-2015 10:15:57 System Checkpoint
23-10-2015 11:10:47 System Checkpoint
25-10-2015 01:15:11 System Checkpoint
27-10-2015 01:35:07 System Checkpoint
27-10-2015 16:30:28 Zemana AntiMalware 10/27/2015 5:29:57 PM
28-10-2015 02:07:45 Zemana AntiMalware 10/28/2015 3:07:27 AM
29-10-2015 02:09:15 System Checkpoint
30-10-2015 20:53:36 System Checkpoint
31-10-2015 22:23:59 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 06:00 - 2015-10-30 18:42 - 00001227 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ReasonSecurityScheduledScan.job => C:\Program Files\Reason\Security\rsUI.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-05 16:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-05 16:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-27 14:06 - 2015-10-27 14:09 - 00101744 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2015-09-10 22:47 - 2015-10-13 19:50 - 00241400 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-01-05 16:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-13 22:40 - 2011-10-30 14:28 - 00029696 _____ () C:\Program Files\DuckLink\DuckCapture\QtSolutions_SingleApplication-head.dll
2014-02-13 22:40 - 2011-10-22 08:05 - 08343040 _____ () C:\Program Files\DuckLink\DuckCapture\QtGui4.dll
2014-02-13 22:40 - 2011-08-28 20:41 - 02305536 _____ () C:\Program Files\DuckLink\DuckCapture\QtCore4.dll
2014-02-13 22:40 - 2011-08-28 20:42 - 00862720 _____ () C:\Program Files\DuckLink\DuckCapture\QtNetwork4.dll
2014-02-13 22:40 - 2011-10-30 14:28 - 00582144 _____ () C:\Program Files\DuckLink\DuckCapture\QtSolutions_PropertyBrowser-head.dll
2014-02-13 22:40 - 2011-08-28 20:57 - 01339904 _____ () C:\Program Files\DuckLink\DuckCapture\QtScript4.dll
2014-02-13 22:40 - 2011-08-28 21:50 - 00581120 _____ () C:\Program Files\DuckLink\DuckCapture\QtScriptTools4.dll
2014-02-13 22:40 - 2011-11-03 21:20 - 00617984 _____ () C:\Program Files\DuckLink\DuckCapture\QxtGui.dll
2014-02-13 22:40 - 2011-11-03 21:21 - 00395264 _____ () C:\Program Files\DuckLink\DuckCapture\QxtCore.dll
2014-02-13 22:40 - 2011-08-28 21:51 - 00026624 _____ () C:\Program Files\DuckLink\DuckCapture\plugins\imageformats\qgif4.dll
2014-02-13 22:40 - 2011-08-28 21:51 - 00029184 _____ () C:\Program Files\DuckLink\DuckCapture\plugins\imageformats\qico4.dll
2014-02-13 22:40 - 2011-08-28 21:51 - 00200704 _____ () C:\Program Files\DuckLink\DuckCapture\plugins\imageformats\qjpeg4.dll
2015-09-10 22:47 - 2015-10-13 19:50 - 00555768 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Deskjet 1510 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 1510 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2015 03:00:44 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5D003860F002ED829DEAA41868F788186D62127F.crt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (10/30/2015 09:19:15 PM) (Source: 0) (EventID: 25) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (10/30/2015 09:17:55 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 09:12:16 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 08:48:32 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 08:44:13 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 08:38:24 PM) (Source: 0) (EventID: 25) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (10/30/2015 08:36:52 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 08:29:47 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 08:23:17 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (10/30/2015 07:04:05 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 3053.23 MB
Available physical RAM: 1966 MB
Total Virtual: 4938.76 MB
Available Virtual: 3098.16 MB

==================== Drives ================================

Drive c: (CORNERSTONE) (Fixed) (Total:232.88 GB) (Free:186.28 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (TurboTax 2014) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: D1B5CA5A)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-2015
Ran by owner (administrator) on A-AC6ECF08BE344 (01-11-2015 21:21:26)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available Profiles: owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(DuckLink Software) C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-09-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [12588672 2015-10-23] (Zemana Ltd.)
HKLM\...\Run: [{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}] => C:\Documents and Settings\All Users\Application Data\Package Cache\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}\Avira.OE.Setup.Bundle.exe [916744 2015-10-29] (Avira Operations GmbH & Co. KG) <===== ATTENTION
Winlogon\Notify\SDWinLogon:
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [DuckCapture] => C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [ReasonSecurityStart] => C:\Program Files\Reason\Security\rsUI.exe [2052880 2015-08-12] (Reason Software Company Inc.)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled [2014-10-04]
ShortcutTarget: Secunia PSI Tray.lnk.disabled -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8C1F0E4-5787-459A-99EE-B017F3607176}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1085031214-2139871995-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-17] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368732929304

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\5plwafdn.default-1435777344750
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-19] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-26] (Cisco WebEx LLC)
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\5plwafdn.default-1435777344750\Extensions\firefox1@myibay.com.xpi [2015-07-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]
CHR Extension: (Store) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-04]
CHR Extension: (Google Search) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04]
CHR Extension: (Gmail) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7084784 2015-09-30] (Emsisoft Ltd)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [916968 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1210512 2015-09-01] (Avira Operations GmbH & Co. KG)
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [240360 2015-09-21] (Avira Operations GmbH & Co. KG)
R3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S4 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-17] (Oracle Corporation)
R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
R3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [241400 2015-10-13] ()
S2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
U2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12588672 2015-10-23] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation) [File not signed]
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [338944 2008-12-11] (Analog Devices, Inc.) [File not signed]
R3 AEAudio; C:\WINDOWS\System32\drivers\AEAudio.sys [112896 2009-03-12] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-09-01] (Avira Operations GmbH & Co. KG)
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
R1 epp32; C:\Program Files\Emsisoft Anti-Malware\epp32.sys [114200 2015-09-30] (Emsisoft GmbH)
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HECI; C:\WINDOWS\System32\DRIVERS\HECI.sys [45184 2009-09-18] (Intel Corporation) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [6048768 2008-12-12] (Intel Corporation) [File not signed]
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-09] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-23] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-09-01] (Avira Operations GmbH & Co. KG)
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [34808 2015-10-09] ()
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R1 WmiAcpi; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [100120 2015-10-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [100120 2015-10-27] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 21:19 - 2015-10-30 18:42 - 00001227 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151101-211947.backup
2015-11-01 21:19 - 2015-10-30 18:42 - 00001227 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151101-211901.backup
2015-10-30 19:20 - 2015-10-30 18:42 - 00001227 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151030-202043.backup
2015-10-30 19:03 - 2015-10-30 19:03 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-30 19:03 - 2015-07-28 16:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe
2015-10-30 18:52 - 2015-10-23 00:55 - 00000931 _____ C:\Documents and Settings\owner\Desktop\AdwCleaner[S30].txt
2015-10-29 23:21 - 2015-10-29 23:21 - 00038912 _____ C:\Documents and Settings\owner\Desktop\Staff Contact Numbers.xls
2015-10-29 23:16 - 2015-10-29 23:16 - 00037376 _____ C:\Documents and Settings\owner\Desktop\Copy of Clinical Time Sheet Blank 10-26.xls
2015-10-27 14:08 - 2015-10-27 14:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Zemana AntiMalware
2015-10-27 14:06 - 2015-10-27 14:09 - 00100120 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2015-10-27 14:06 - 2015-10-27 14:06 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2015-10-27 14:05 - 2015-10-28 01:30 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-10-27 14:05 - 2015-10-27 14:08 - 00001616 _____ C:\Documents and Settings\All Users\Desktop\Zemana AntiMalware.lnk
2015-10-27 14:01 - 2015-10-27 14:08 - 00100120 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2015-10-27 14:01 - 2015-10-27 14:01 - 00000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\Zemana
2015-10-26 19:26 - 2015-10-30 01:43 - 00000000 ____D C:\Documents and Settings\owner\Desktop\Election
2015-10-26 00:07 - 2015-10-29 12:30 - 00000000 ____D C:\Documents and Settings\owner\Desktop\GUNS DOGS
2015-10-21 01:38 - 2015-10-26 21:45 - 00000000 ____D C:\Documents and Settings\owner\Desktop\Beast
2015-10-15 17:05 - 2015-10-15 17:05 - 00000000 ____D C:\Spacekace
2015-10-15 13:35 - 2015-10-15 17:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-15 01:58 - 2014-08-04 17:28 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\owner\Desktop\TFC.exe
2015-10-15 01:55 - 2015-10-09 10:47 - 02019656 _____ (Bleeping Computer, LLC) C:\Documents and Settings\owner\Desktop\iExplore.exe
2015-10-14 15:29 - 2015-10-15 02:17 - 00000000 ____D C:\Documents and Settings\owner\My Documents\IRS
2015-10-12 23:06 - 2015-11-01 21:21 - 00000000 ____D C:\Documents and Settings\owner\Desktop\VIRUS SCANS
2015-10-06 22:30 - 2015-10-06 22:30 - 00000000 ____D C:\Documents and Settings\owner\Application Data\Avira
2015-10-06 22:30 - 2015-10-06 22:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Avira
2015-10-06 22:24 - 2015-09-01 16:10 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-10-06 22:24 - 2015-09-01 16:09 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-10-06 22:24 - 2015-09-01 16:09 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-10-06 22:24 - 2015-09-01 16:09 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 21:22 - 2014-11-21 03:03 - 00000000 ____D C:\Documents and Settings\owner\Local Settings\temp
2015-11-01 21:21 - 2014-03-18 00:04 - 00000000 ____D C:\FRST
2015-11-01 20:54 - 2015-05-01 16:03 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-11-01 20:40 - 2014-03-31 11:47 - 00000456 _____ C:\WINDOWS\Tasks\At2.job
2015-11-01 20:27 - 2015-07-10 12:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-01 14:00 - 2014-03-31 11:47 - 00000456 _____ C:\WINDOWS\Tasks\At4.job
2015-11-01 12:47 - 2014-03-31 11:47 - 00000456 _____ C:\WINDOWS\Tasks\At3.job
2015-11-01 10:46 - 2013-03-01 13:50 - 01788239 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-01 10:10 - 2014-03-31 11:47 - 00000456 _____ C:\WINDOWS\Tasks\At1.job
2015-11-01 02:00 - 2015-09-10 22:47 - 00000388 _____ C:\WINDOWS\Tasks\ReasonSecurityScheduledScan.job
2015-10-31 23:30 - 2015-01-05 16:30 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-10-31 11:27 - 2013-03-01 13:54 - 00032644 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-31 00:21 - 2013-07-19 12:29 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-10-30 19:04 - 2013-03-01 13:49 - 00000000 ____D C:\WINDOWS\Registration
2015-10-30 19:02 - 2013-10-11 07:02 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-10-30 18:50 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-30 18:46 - 2015-01-05 16:30 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-10-30 18:42 - 2013-03-01 08:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-30 18:42 - 2013-03-01 08:42 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-30 18:40 - 2014-04-24 19:26 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-30 18:40 - 2013-03-01 13:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-30 02:18 - 2013-03-01 13:55 - 00000278 ___SH C:\Documents and Settings\owner\ntuser.ini
2015-10-30 02:18 - 2013-03-01 13:55 - 00000000 ____D C:\Documents and Settings\owner
2015-10-30 02:15 - 2015-07-29 18:29 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-30 01:31 - 2015-07-29 19:49 - 00000000 ____D C:\Documents and Settings\owner\Desktop\baby
2015-10-29 18:41 - 2015-01-29 22:27 - 00000000 ____D C:\Documents and Settings\owner\Desktop\NEW STAFF EMPLOYEE
2015-10-29 12:59 - 2015-02-11 12:46 - 00215146 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-29 12:30 - 2015-08-14 14:33 - 00000000 ____D C:\Documents and Settings\owner\Desktop\New Folder
2015-10-29 12:27 - 2015-09-11 09:48 - 00000000 ____D C:\Payroll 2015
2015-10-29 12:27 - 2014-02-20 10:57 - 00000000 ____D C:\Documents and Settings\owner\Desktop\CLINICAL
2015-10-29 11:33 - 2014-08-12 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-10-29 11:01 - 2015-09-10 22:46 - 00065536 _____ C:\WINDOWS\system32\config\Reason.evt
2015-10-29 11:01 - 2015-02-11 12:46 - 04700922 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-2139871995-1417001333-1003-0.dat
2015-10-29 10:45 - 2014-10-17 13:48 - 00000000 ____D C:\Documents and Settings\owner\Desktop\SIGN
2015-10-29 01:13 - 2014-09-29 18:47 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-10-29 01:11 - 2014-11-21 04:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-10-28 15:24 - 2015-06-09 01:56 - 00000000 ____D C:\Documents and Settings\owner\Desktop\RESUMES
2015-10-28 15:24 - 2014-11-12 22:42 - 00000000 ____D C:\Documents and Settings\owner\Desktop\STAFF CASELOAD
2015-10-28 14:17 - 2015-06-18 23:40 - 00000000 ____D C:\Documents and Settings\owner\Desktop\ISP     Monthlys
2015-10-28 04:14 - 2013-05-23 12:33 - 00002497 _____ C:\Documents and Settings\owner\Desktop\Word.lnk
2015-10-28 04:12 - 2015-06-05 17:07 - 00000000 ____D C:\Documents and Settings\owner\Desktop\General
2015-10-27 23:46 - 2015-01-05 16:30 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-10-27 16:30 - 2014-07-14 12:05 - 00000000 ____D C:\Documents and Settings\owner\My Documents\recentfilesview
2015-10-25 23:00 - 2013-03-01 08:40 - 00563998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-25 21:36 - 2015-06-15 23:12 - 00000000 ____D C:\Documents and Settings\owner\Desktop\DMAS
2015-10-25 20:22 - 2014-12-02 19:20 - 00000000 ____D C:\Documents and Settings\owner\Desktop\Chart Visit Notes
2015-10-25 20:21 - 2015-01-13 12:04 - 00000000 ____D C:\Documents and Settings\owner\Desktop\LETTERS REPORTS
2015-10-25 19:49 - 2015-04-30 01:21 - 00000000 ____D C:\Documents and Settings\owner\Desktop\Random Files
2015-10-23 01:54 - 2015-01-27 00:03 - 00000000 ____D C:\Documents and Settings\owner\Desktop\PDF
2015-10-23 01:34 - 2015-02-12 11:19 - 00000000 ____D C:\Documents and Settings\owner\Desktop\Patient Evals
2015-10-23 01:34 - 2015-01-28 23:52 - 00030720 _____ C:\Documents and Settings\owner\Desktop\2015 Budget.xls
2015-10-23 00:59 - 2014-03-17 13:19 - 00000000 ____D C:\AdwCleaner
2015-10-20 07:58 - 2014-09-16 13:51 - 00000000 ____D C:\Documents and Settings\owner\Desktop\NEW CHART OPEN PACket
2015-10-19 11:27 - 2013-05-16 16:25 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-19 11:27 - 2013-05-16 16:25 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-16 16:05 - 2015-02-10 13:16 - 00000000 ____D C:\Documents and Settings\owner\My Documents\TurboTax
2015-10-16 16:05 - 2015-02-10 12:21 - 00000000 ____D C:\Program Files\TurboTax
2015-10-16 12:52 - 2013-05-16 15:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-15 02:50 - 2013-03-01 14:42 - 00050544 _____ C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-10-15 02:45 - 2013-03-01 08:40 - 00222432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-15 02:42 - 2015-05-27 02:38 - 00011548 _____ C:\WINDOWS\COM+.log
2015-10-15 02:35 - 2015-05-27 01:55 - 00060098 _____ C:\WINDOWS\bitssetup.log
2015-10-15 02:33 - 2013-03-01 13:51 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-15 02:33 - 2013-03-01 13:51 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-15 02:27 - 2015-05-27 01:55 - 00004450 _____ C:\WINDOWS\Windows Update.log
2015-10-14 22:17 - 2014-08-07 18:13 - 00000000 ____D C:\Documents and Settings\owner\Desktop\Internet Utility
2015-10-14 15:21 - 2015-01-27 00:24 - 00000000 ____D C:\Documents and Settings\owner\Desktop\TAX Websites
2015-10-14 12:13 - 2015-04-07 23:57 - 00000000 ____D C:\Documents and Settings\owner\Desktop\STAFF PAPER
2015-10-13 20:10 - 2013-08-15 02:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 20:04 - 2013-05-16 15:28 - 141105520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-13 07:25 - 2014-11-02 15:52 - 00000000 ____D C:\Documents and Settings\owner\My Documents\GENESIS HR
2015-10-12 00:12 - 2015-07-09 23:38 - 00000000 ____D C:\Documents and Settings\owner\Desktop\PRINT
2015-10-09 17:13 - 2014-10-09 23:59 - 00034808 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-09 09:02 - 2014-09-30 11:34 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-10-08 14:00 - 2014-04-24 19:26 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-10-07 10:45 - 2015-06-17 20:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-06 22:28 - 2013-05-16 15:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2015-10-06 22:24 - 2013-05-16 15:20 - 00000000 ____D C:\Program Files\Avira
2015-10-06 17:35 - 2013-03-01 08:40 - 00906642 _____ C:\WINDOWS\setupapi.log
2015-10-05 22:18 - 2015-06-15 22:25 - 00000000 ____D C:\Documents and Settings\owner\My Documents\Lorell FileCabinet

==================== Files in the root of some directories =======

2014-02-03 17:40 - 2014-02-03 17:40 - 0005632 ___SH () C:\Program Files\Thumbs.db
2014-09-29 16:18 - 2014-09-29 16:18 - 0068415 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\bgfpwxje
2013-05-20 16:06 - 2015-07-10 00:24 - 0020480 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-30 17:30 - 2014-07-30 17:30 - 0036601 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\hciprsms
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\setup.txt

Files to move or delete:
====================
C:\Documents and Settings\All Users\Application Data\Package Cache\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}\Avira.OE.Setup.Bundle.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some files in TEMP:
====================
C:\Documents and Settings\owner\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of FRST.txt ============================


:smash:



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:10 AM

Posted 02 November 2015 - 07:32 PM

Hello again,

 

Wow...there's a lot going on in those logs! Not a lot of malware at all, but you have an assortment of antimalware tools that are all running. I'm going to need another day or so to get back to you with the first set of instructions if that's alright?

 

Just as a note: I asked for a copy and paste of the FRST.txt and Addition.txt only.

 

...Everything else (older or other logs) should be attached to avoid topic clutter. It gets very hard to read when everything is copy/pasted as you have above. :wink:

 

But now that they're there, let them be for the time being. I'll clean them up later on. :)

 

Sorry for the delay, but I'll be back in the next day or two (unless I get extra time before then, but I doubt it). Okay? :)

 

bloopie



#11 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 02 November 2015 - 09:46 PM

oh man, sorry. Ok I will read more carefully next time. There's no rush at all. We're operating ok, just has its moments, and then with the AVIRA going off, I figured I had stuff hiding in there. THe biggest thing that seems to keep occurring are these notice from AVIRA reporting ADWARE/Bryte.Gen7 and BOO/Cidox.A, and variations thereof.  See you soon!!!!!!! :thumbup2:



#12 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 02 November 2015 - 09:49 PM

AVIRA just went off again alerting to detection of 105 viruses or unwanted programs?



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:10 AM

Posted 03 November 2015 - 07:18 PM

Hello again,

 

Okay, first of all, you really shouldn't be running a system with Windows XP any longer. It's no longer receiving security patches and that alone is a serious risk that your antivirus programs can't save you from. But if a new Operating System is really not an option, then we can try to at least get your system in a better running state.

 

You're still "rolling the dice" by using an XP machine on a daily basis, so I would seriously encourage you to upgrade to Windows7 at the least.

 

==========

 

AVIRA just went off again alerting to detection of 105 viruses or unwanted programs?

Well, we really can't go by what Avira is detecting right now, because of too many real-time protection programs running simultaneously...basically, that leaves the system prone to false positives, as well as crashing and system slowness (exactly the same symptoms your machine is showing you :wink: ).
 
Here is some information regarding what can happen when too many of these programs are running at the same time:

Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.


So, the first thing we need to do is remove some of them. I see you have Revo Uninstaller on your machine...I'd suggest using Revo Uninstaller to remove the following programs:

 

  • HiJackThis  <--This one is just way outdated and not used anymore
  • Microsoft Security Essentials
  • Reason Core Security
  • SUPERAntiSpyware <--This one is a system hog and not as good as some others you have
  • Zemana AntiMalware

 

I would also uninstall Spybot to free up system resources, but that one is up to you. Spybot was excellent several years back, but not so much anymore.

 

Is your Emsisoft Antimalware a paid version?? If so, then I would keep Emsisoft and surely uninstall Avira also. Your system will certainly run much better without all three running at the same time (Emsisoft, Avira, and Microsoft Security Essentials). :)

 

==========

 

Also, we don't recommend using Registry Cleaners here at BC either, and you have a few of those installed:

  • Auslogics Registry Cleaner
  • Eusing Cleaner
  • Wise Registry Cleaner 8.31

 

Having all of those is really unnecessary, and inherently dangerous as well. I would remove all of them. It's just not worth the risk of using them because you really don't gain much of anything at all.

 

For a disk cleanup program, CCleaner is excellent! It's probably the most trusted disk cleanup program out there (but no need to run the registry cleaner part of that either). :wink:

 

====================

 

Alright, so I gave you a bit of homework to do with all the above :lol: ! Once you've gotten your system freed up, then give it a test drive and let me know how things are running afterwards. :)

 

If you have any questions or problems with any of that, don't hesitate to ask!

 

bloopie



#14 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 03 November 2015 - 11:08 PM

Got it. I didnt even know Seciruty Essentials was still on here. So get rid of Avira and keep Emisoft/paid version? And no Spybot too?



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:10 AM

Posted 03 November 2015 - 11:49 PM

Yes, let's do that and see how things are after.

That should work nicely, and let me know how you get on with it! :)

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users