Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.Win32.Hosts2.gen Instance found in this machine...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan.Win32.Hosts2.gen Instance found in this machine...

Unread postby Grube » August 25th, 2012, 12:24 pm

Greetings, After a few days of very unstable and weird performance I decided to run a virus sweep. Performed a complete scan with avast and nothing showed up. However the erratic behavior continued, I decided to run Kaspersky system scan and it found Trojan.Win32.Hosts2.gen in the machine. I followed that by running Kaspersky virus removal tool and it had success removing the infection. However after doing that The erratic behavior increased. The computer will not shutdown or boot properly at all, on shutdown I get BSOD's a few of them. The most commons being more irp stack locations and irql not less or equal, also at times I get a message saying that my copy of windows is not legit. Windows update and defender are disabled and can't be turned back on as well as system restore, however once the computer boots up I can do everything just normal like nothing is going on. I understand the severity of the situation since my personal information could be compromised already, I would appreciate any advice, thanks!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Rafael at 12:20:50 on 2012-08-25
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_S3E68.tmp" /EF "HKCU"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{597649FD-27A4-4D35-AFDB-8328C72AAAD8} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\hneclf38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-08-25 11:30:01 -------- d-----w- C:\Users\Rafael\AppData\Roaming\Auslogics
2012-08-25 04:38:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-25 04:38:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-25 04:38:29 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 19:09:20 -------- d-----w- C:\Program Files\CCleaner
2012-08-22 23:48:03 -------- d-----w- C:\Users\Rafael\AppData\Roaming\Malwarebytes
2012-08-22 23:47:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-22 23:47:51 24904 ----a-r- C:\Windows\System32\drivers\mbam.sys
2012-08-22 22:48:10 -------- d-----w- C:\Users\Rafael\AppData\Roaming\simplitec
2012-08-22 22:48:10 -------- d-----w- C:\ProgramData\simplitec
2012-08-21 19:33:13 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689E7CF9-7DAF-4C63-A344-B644118DDCD7}\mpengine.dll
2012-08-18 08:54:40 -------- d-----w- C:\Users\Rafael\TruePianos Settings
2012-08-18 08:53:57 -------- d-----w- C:\Users\Rafael\AppData\Roaming\Cakewalk
2012-08-18 08:47:45 -------- d-----w- C:\Program Files (x86)\Native Instruments
2012-08-18 08:40:26 344064 ----a-r- C:\Windows\SysWow64\msvcr70.dll
2012-08-18 08:40:25 487424 ----a-r- C:\Windows\SysWow64\msvcp70.dll
2012-08-18 08:40:13 -------- d-----w- C:\Cakewalk Projects
2012-08-18 08:40:12 -------- d-----w- C:\ProgramData\Cakewalk
2012-08-18 08:40:12 -------- d-----w- C:\Program Files (x86)\Cakewalk
2012-08-17 22:24:09 -------- d-----w- C:\Users\Rafael\AppData\Roaming\MAGIX
2012-08-17 22:08:13 -------- d-----w- C:\Program Files (x86)\MAGIX
2012-08-17 22:08:13 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-08-15 22:53:55 -------- d-----w- C:\Users\Rafael\AppData\Roaming\Voxengo
2012-08-15 00:45:00 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-14 23:17:50 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 23:17:50 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 23:17:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 23:17:49 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 22:00:29 9826504 ----a-r- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-14 20:18:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 20:18:49 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 20:18:47 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 20:18:46 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 20:18:45 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 20:18:43 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 20:18:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-12 16:43:46 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-08-12 16:43:46 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-08-12 16:43:46 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-08-12 16:43:45 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-08-12 16:43:45 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-08-12 16:43:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-08-12 16:43:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-08-12 14:58:24 -------- d-----w- C:\Program Files (x86)\Spectrasonics
2012-08-06 21:35:35 -------- d-----w- C:\Users\Rafael\AppData\Roaming\MeldaProduction
2012-08-06 21:35:12 -------- d-----w- C:\Users\Rafael\AppData\Roaming\MTexturedStyles
2012-08-06 21:35:10 -------- d-----w- C:\Users\Rafael\AppData\Roaming\MeldaProduction MXXX
2012-08-06 21:35:03 -------- d-----w- C:\Users\Rafael\AppData\Roaming\MeldaProduction IR
2012-08-04 02:09:21 -------- dc-h--w- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-08-04 02:07:34 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-08-03 21:31:24 -------- d-----w- C:\Users\Rafael\AppData\Roaming\AudioMulch
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 16:43:38 -------- d-----w- C:\Program Files (x86)\ChordWizard
.
==================== Find3M ====================
.
2012-08-22 22:49:49 120200 ----a-r- C:\Windows\SysWow64\DLLDEV32i.dll
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:13:12 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-08-21 09:13:11 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-08-21 09:13:11 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-14 22:00:35 70344 ----a-r- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 22:00:35 426184 ----a-r- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 15:00:00 1966592 ----a-w- C:\Program Files\WaveShell-VST 9.1_x64.dll
2012-07-12 15:00:00 1490944 ----a-w- C:\Program Files (x86)\WaveShell-VST 9.1.dll
2012-07-10 09:43:08 759176 ----a-r- C:\Windows\SysWow64\DLLAV32.dll
2012-07-10 09:43:08 226696 ----a-r- C:\Windows\SysWow64\DLLDEV32.dll
2012-07-10 09:43:08 157064 ----a-r- C:\Windows\SysWow64\DLLCPY32.dll
2012-07-10 09:43:06 99720 ----a-r- C:\Windows\SysWow64\DLLIO32.dll
2012-07-10 09:43:06 95624 ----a-r- C:\Windows\SysWow64\DLLPRF32.dll
2012-07-10 09:43:06 83336 ----a-r- C:\Windows\SysWow64\DLLPNT32.dll
2012-07-10 09:43:06 218504 ----a-r- C:\Windows\SysWow64\DLLDRV32.dll
2012-07-10 09:43:04 71048 ----a-r- C:\Windows\SysWow64\STRING32.dll
2012-07-10 09:43:04 304520 ----a-r- C:\Windows\SysWow64\DLLRES32.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-r- C:\Windows\SysWow64\msxml4.dll
2012-06-07 00:59:42 1070152 ----a-r- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------r- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:21:19.81 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Ableton Live 8
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ASIO4ALL
avast! Internet Security
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Corel WinDVD
EPSON Scan
Evernote
FL Studio 10
Google Chrome
Google Update Helper
IL Download Manager
IL Shared Libraries
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iZotope Ozone Free 1.0 for Winamp
Java 7 Update 6
Java Auto Updater
Junk Mail filter update
LUXONIX Purity
Media Gallery
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Miroslav Philharmonik Instruments
MixMeister Studio Demo 7.4.4
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Native Instruments Guitar Rig 3
Native Instruments Kontakt 5
Native Instruments Service Center
Native Instruments Traktor
OOBE
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Setting Utility Series
Sibelius 6 First
Sonigen Modular version
Sony Home Network Library
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Personalization Manager
VAIO Power Management
VAIO Quick Web Access
VAIO Survey
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
Waves Complete V9r4
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.20 (32-bit)
.
==== End Of File ===========================
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am
Advertisement
Register to Remove

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby askey127 » August 27th, 2012, 7:16 am

Hi Grube,
Let's see if we can find out what's going on.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Right click and choose "Run as administrator")
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from RogueKiller and the two logs from OTL.
Also please tell me what model VAIO the machine is.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby Grube » August 27th, 2012, 5:21 pm

Hi and thanks for your help. Here is some of the information that you requested...


Model No VPC-EC2TFX/WI


Rogue Killer Report:


RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rafael [Admin rights]
Mode : Scan -- Date : 08/27/2012 16:32:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 59dd343ba4c065742eb8b3c768274c73
[BSP] f195d37d9962f8f1045f1457ccc1891c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10733 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21983232 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22188032 | Size: 294410 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



As far as the other logs, OTL freezes on me when it gets to Firefox settings. I double and tripled checked to make sure everything that you asked to be ticked off was and made sure to close all windows and leave the program run the scan without interruptions but the result was the same. Please advice, thanks.
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby askey127 » August 27th, 2012, 7:28 pm

Grube,
Let's try the OTL scan again with RKill in front.

The result from Rogue Killer is good.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are different versions with different names. If one of them won't run ,then download and try to run one of the other ones.
After the download, Vista and Win7 users will need to right click the icon and choose Run as Administrator. XP Users can just double-click.
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
iExplore.exe
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
uSeRiNiT.exe
  • Double-click on the iExplore, Rkill, eXplorer, or uSeRiNiT desktop icon to run the tool.(If using Vista or Windows 7 right-click on it and choose Run As Administrator).
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby Grube » August 27th, 2012, 9:39 pm

As requested I ran RKill, it killed a few processes and it showed a few possible patched files, also it performed a registry integrity check, in total the program ran for about 45 minutes, after all that OTL still stops responding at the same exact location during the scan. I will try to run it one more time before heading to bed, also I have the RKill log sitting on my desktop if interested in looking at it. Please advice...
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby askey127 » August 28th, 2012, 5:51 am

Grube,
Let me have a look at the RKill log please.
We will scan with another tool after seeing the RKill report.

Be aware that you may have a "polymorphic" infection which corrupts system files.
You should do what you can to save any important documents onto DVDs, flash drives, other media.
Don't save any programs, or any other executables until we see what this is.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby Grube » August 28th, 2012, 5:41 pm

Here is the requested Rkill log...

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/28/2012 04:49:14 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\system32\atiesrxx.exe (PID: 968) [WD-HEUR]
* C:\Windows\system32\atieclxx.exe (PID: 1372) [WD-HEUR]
* C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (PID: 2176) [AU-HEUR]
* C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (PID: 2208) [AU-HEUR]
* C:\Windows\SysWOW64\DllHost.exe (PID: 2888) [SFI]
* C:\Windows\system32\WUDFHost.exe (PID: 3380) [WD-HEUR]
* C:\Windows\system32\SearchIndexer.exe (PID: 4132) [WD-HEUR]

7 proccesses terminated!

Possibly Patched Files.

* C:\Windows\system32\csrss.exe
* C:\Windows\system32\wininit.exe
* C:\Windows\system32\csrss.exe
* C:\Windows\system32\services.exe
* C:\Windows\system32\lsass.exe
* C:\Windows\system32\lsm.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\winlogon.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\spoolsv.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\taskeng.exe
* C:\Windows\system32\Dwm.exe
* C:\Windows\Explorer.EXE
* C:\Windows\system32\taskeng.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\conhost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\system32\conhost.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* C:\Windows\System32\browser.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll : 136,192 : 07/13/2009 09:40 PM : 94fbc06f294d58d02361918418f996e3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_d4ff6bf4b79663c4\browser.dll : 136,704 : 07/04/2012 06:01 PM : 6b054c67aaa87843504e8e3c09102009 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_d5890aa5d0b400b5\browser.dll : 136,704 : 07/04/2012 06:17 PM : 00a7a2067e9822e4626de846574ada80 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll : 136,192 : 11/20/2010 06:25 AM : 8ef0d5c41ec907751b8429162b1239ed [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll : 136,704 : 07/04/2012 06:13 PM : 05f5a0d14a2ee1d8255c2aa0e9e8e694 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll : 136,704 : 07/04/2012 06:06 PM : 156768abae1daf29ba0b0c05c21fef09 [Pos Repl]

* C:\Windows\System32\cngaudit.dll [NoSig]
+-> C:\Windows\SysWOW64\cngaudit.dll : 12,288 : 07/13/2009 09:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll : 18,944 : 07/13/2009 09:40 PM : 86fe1b1f8fd42cd0db641ab1cdb13093 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll : 12,288 : 07/13/2009 09:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]

* C:\Windows\System32\comctl32.dll [NoSig]
+-> C:\Windows\SysWOW64\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll : 633,856 : 07/13/2009 09:40 PM : 7e8ab50ab7f2f81f30dcc8a98025b73a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll : 633,856 : 08/21/2010 09:31 AM : bc052efad10aca1ad69545b629f50d99 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll : 633,856 : 08/23/2010 08:55 PM : b0cb1d2d5ffa6335dd94b1b531756412 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll : 633,856 : 11/20/2010 08:25 AM : 14dfdeaf4e589ed3f1ff187a86b9408c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll : 633,856 : 07/13/2009 09:40 PM : 7e8ab50ab7f2f81f30dcc8a98025b73a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll : 633,856 : 08/21/2010 09:31 AM : bc052efad10aca1ad69545b629f50d99 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll : 633,856 : 08/23/2010 08:55 PM : b0cb1d2d5ffa6335dd94b1b531756412 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll : 633,856 : 11/20/2010 08:25 AM : 14dfdeaf4e589ed3f1ff187a86b9408c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll : 2,030,080 : 07/13/2009 09:24 PM : c093e7835c1372d6d70a6675edaa97b5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll : 2,030,080 : 08/21/2010 09:12 AM : 113921fc4a80a3ddf646852998b836d0 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll : 2,030,080 : 08/23/2010 08:46 PM : 882c1c473be598df08730da11c5b2b27 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll : 2,030,080 : 11/20/2010 08:51 AM : 7fa8fdc2c2a27817fd0f624e78d3b50c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll : 530,432 : 07/13/2009 09:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll : 530,432 : 08/21/2010 09:33 AM : d3ead1cf16ba729a7f7c9a5d94aa7c05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll : 530,432 : 08/21/2010 09:52 AM : bf5d71b4a40687a90c8b47f776758a6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll : 530,432 : 07/13/2009 09:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll : 530,432 : 08/21/2010 09:33 AM : d3ead1cf16ba729a7f7c9a5d94aa7c05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll : 530,432 : 08/21/2010 09:52 AM : bf5d71b4a40687a90c8b47f776758a6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll : 1,680,896 : 07/13/2009 09:03 PM : 0fa436a553408cbeba070e3182658de3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll : 1,680,896 : 08/21/2010 09:21 AM : 4b8dd8541c0e26602005dd0137333615 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll : 1,680,896 : 08/21/2010 09:43 AM : 70ef5dfef7069164eacf7140c2cc6344 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll : 1,680,896 : 11/20/2010 09:55 AM : 352b3dc62a0d259a82a052238425c872 [Pos Repl]

* C:\Windows\System32\comres.dll [NoSig]
+-> C:\Windows\SysWOW64\comres.dll : 1,297,408 : 07/13/2009 09:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll : 1,297,408 : 07/13/2009 09:26 PM : 1a47d52e303b7543e4e6026595b95422 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll : 1,297,408 : 07/13/2009 09:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl]

* C:\Windows\System32\conhost.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16385_none_d050b8f81bcacc5a\conhost.exe : 338,432 : 07/13/2009 09:39 PM : f64e8258351e501aa065ac499530367c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16850_none_d06c30c81bb6eb97\conhost.exe : 338,432 : 07/16/2011 09:17 AM : f0d1646162fb07476cccf62edb034b8b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20995_none_d0cf8f5534f079d8\conhost.exe : 338,432 : 06/24/2011 09:19 AM : fef07d3376cc5ee6198cc45537d35d5f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe : 337,920 : 11/20/2010 09:24 AM : bd51024fb014064bc9fe8c715c18392f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17641_none_d25e5e0418d454e9\conhost.exe : 338,432 : 06/24/2011 09:25 AM : 448bf22538f1dfcb3412ae2b1cf123a9 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_d2e22c5531f58f57\conhost.exe : 338,432 : 06/24/2011 09:18 AM : e86156efe7acd220dc5e705f1f735e05 [Pos Repl]

* C:\Windows\System32\cryptsvc.dll [NoSig]
+-> C:\Windows\SysWOW64\cryptsvc.dll : 140,288 : 04/24/2012 09:36 AM : 06e771aa596b8761107ab57e99f128d7 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll : 175,104 : 07/13/2009 09:40 PM : 8c57411b66282c01533cb776f98ad384 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll : 182,272 : 04/24/2012 09:59 AM : f02786b66375292e58c8777082d4396d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll : 183,808 : 04/24/2012 09:36 AM : ce8bf1423aee47da5275fbc8ad3bd642 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll : 177,152 : 11/20/2010 09:25 AM : 15597883fbe9b056f276ada3ad87d9af [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll : 184,320 : 04/24/2012 09:37 AM : 4f5414602e2544a4554d95517948b705 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll : 186,880 : 04/24/2012 09:22 AM : b7337e9c9e5936355bb700aa33e0936e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll : 135,680 : 07/13/2009 09:15 PM : 9c231178ce4fb385f4b54b0a9080b8a4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll : 139,264 : 04/24/2012 09:47 AM : 520a108a2657f4bca7fced9ca7d885de [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll : 141,312 : 04/24/2012 09:33 AM : f522279b4717e2bff269c771fac2b78e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll : 136,192 : 11/20/2010 09:18 AM : a585bebf7d054bd9618eda0922d5484a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll : 140,288 : 04/24/2012 09:36 AM : 06e771aa596b8761107ab57e99f128d7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : 142,336 : 04/24/2012 09:28 AM : 21993009e0ccb9b4fa195f14d3408626 [Pos Repl]

* C:\Windows\System32\csrss.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe : 7,680 : 07/13/2009 09:39 PM : 60c2862b4bf0fd9f582ef344c2b1ec72 [Pos Repl]

* C:\Windows\System32\ctfmon.exe [NoSig]
+-> C:\Windows\SysWOW64\ctfmon.exe : 8,704 : 07/13/2009 09:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe : 9,728 : 07/13/2009 09:39 PM : 42b6a94dd747df2b5f628a2752e62a98 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe : 8,704 : 07/13/2009 09:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl]

* C:\Windows\System32\d3d8thk.dll [NoSig]
+-> C:\Windows\SysWOW64\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d8thk.dll : 12,288 : 07/13/2009 09:40 PM : 3044d07abdf4bbea27e2ee7b1e0c0c65 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d8thk.dll : 12,288 : 07/13/2009 09:40 PM : 3044d07abdf4bbea27e2ee7b1e0c0c65 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]

* C:\Windows\System32\d3d9.dll [NoSig]
+-> C:\Windows\SysWOW64\d3d9.dll : 1,828,352 : 11/20/2010 09:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d9.dll : 2,065,920 : 07/13/2009 09:40 PM : 318285f1590c4484e3253ba2b189d2df [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d9.dll : 2,067,456 : 11/20/2010 09:26 AM : 4c3daee652b005b483f16b8e9131c99d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll : 1,826,816 : 07/13/2009 09:15 PM : 7459301d21c2e21468823f73042d9f87 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll : 1,828,352 : 11/20/2010 09:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl]

* C:\Windows\System32\ddraw.dll [NoSig]
+-> C:\Windows\SysWOW64\ddraw.dll : 531,968 : 07/13/2009 09:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564\ddraw.dll : 569,344 : 07/13/2009 09:40 PM : a6c09924c6730de8deed9890a12aa691 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll : 531,968 : 07/13/2009 09:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl]

* C:\Windows\System32\dllhost.exe [NoSig]
+-> C:\Windows\SysWOW64\dllhost.exe : 7,168 : 07/13/2009 09:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe : 9,728 : 07/13/2009 09:39 PM : a8edb86fc2a4d6d1285e4c70384ac35a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7,168 : 07/13/2009 09:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl]

* C:\Windows\System32\drivers\afd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys : 500,224 : 07/13/2009 07:21 PM : b9384e03479d2506bc924c16a3db87bc [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys : 499,200 : 12/27/2011 10:59 PM : db9d6c6b2cd95a9ca414d045b627422e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys : 499,200 : 12/27/2011 11:01 PM : cca39961e76b491ddf44b1e90fc8971d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys : 499,712 : 11/20/2010 11:23 AM : d31dc7a16dea4a9baf179f3d6fbdb38c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys : 498,688 : 12/27/2011 10:59 PM : 1c7857b62de5994a75b054a9fd4c3825 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys : 498,176 : 12/27/2011 11:01 PM : 36a14fd1a23f57046361733b792ca8db [Pos Repl]

* C:\Windows\System32\drivers\asyncmac.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys : 23,040 : 07/13/2009 08:10 PM : 769765ce2cc62867468cea93969b2242 [Pos Repl]

* C:\Windows\System32\drivers\beep.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys : 6,656 : 07/13/2009 08:00 PM : 16a47ce2decc9b099349a5f840654746 [Pos Repl]

* C:\Windows\System32\drivers\bridge.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridge.sys : 95,232 : 07/13/2009 09:01 PM : 5c2f352a4e961d72518261257aae204b [Pos Repl]

* C:\Windows\System32\drivers\bthport.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthport.sys : 552,960 : 04/27/2011 11:55 PM : 64c198198501f7560ee41d8d1efa7952 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys : 552,960 : 07/06/2012 04:07 PM : 738d0e9272f59eb7a1449c3ec118e6c4 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\bthport.sys : 552,448 : 11/20/2010 04:44 AM : 0d25b6d300ba26a5f2c3b2a8e96b158b [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.16385_none_ce39b5e2d5423e3c\bthport.sys : 551,936 : 07/13/2009 08:06 PM : a51fa9d0e85d5adabef72e67f386309c [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.16805_none_ce903ec0d5015077\bthport.sys : 552,448 : 04/27/2011 11:58 PM : 21084ceb85280468c9aca3c805c0f8cf [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.17058_none_ce5d0a0ad527589a\bthport.sys : 552,448 : 07/06/2012 03:58 PM : d59773c7fdd3d795d6fe402eeea8d71e [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.20955_none_cee3cbefee477bf6\bthport.sys : 552,448 : 04/27/2011 11:47 PM : 538392664fee486620dfea146f2500bc [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7600.21259_none_cee7a905ee440ee2\bthport.sys : 552,448 : 07/06/2012 04:06 PM : e10d1912634974ea273a1588c75ccb76 [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\bthport.sys : 552,448 : 11/20/2010 04:44 AM : 0d25b6d300ba26a5f2c3b2a8e96b158b [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_d0789c5ad225ef11\bthport.sys : 552,960 : 04/27/2011 11:55 PM : 64c198198501f7560ee41d8d1efa7952 [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_d024215ad264fb95\bthport.sys : 552,960 : 07/06/2012 04:07 PM : 738d0e9272f59eb7a1449c3ec118e6c4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_d0f668efeb4c9175\bthport.sys : 552,960 : 04/27/2011 11:40 PM : 9f88e8f37c7d432a2ecaf24ee4e4714f [Pos Repl]
+-> C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8\bthport.sys : 552,960 : 07/06/2012 03:58 PM : f4199097323b13f0d4976fb410673177 [Pos Repl]

* C:\Windows\System32\drivers\cdfs.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d\cdfs.sys : 92,160 : 07/13/2009 07:19 PM : b8bd2bb284668c84865658c77574381a [Pos Repl]

* C:\Windows\System32\drivers\cdrom.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys : 147,456 : 11/20/2010 04:19 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl]
+-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys : 147,456 : 07/13/2009 07:19 PM : 83d2d75e1efb81b3450c18131443f7db [Pos Repl]
+-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys : 147,456 : 11/20/2010 07:19 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl]

* C:\Windows\System32\drivers\CmBatt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\CmBatt.sys : 17,664 : 07/13/2009 07:31 PM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl]
+-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\CmBatt.sys : 17,664 : 07/13/2009 07:31 PM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl]

* C:\Windows\System32\drivers\drmkaud.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmkaud.sys : 5,632 : 07/13/2009 08:06 PM : 9b19f34400d24df84c858a421c205754 [Pos Repl]
+-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmkaud.sys : 5,632 : 07/13/2009 08:06 PM : 9b19f34400d24df84c858a421c205754 [Pos Repl]

* C:\Windows\System32\drivers\drmk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmk.sys : 116,224 : 07/13/2009 09:01 PM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl]
+-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmk.sys : 116,224 : 07/13/2009 09:01 PM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl]

* C:\Windows\System32\drivers\dxapi.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-useros_31bf3856ad364e35_6.1.7600.16385_none_2963a67886ddf81e\dxapi.sys : 16,896 : 07/13/2009 07:38 PM : bf24d6f2ed97fe830bfd52b246f98e67 [Pos Repl]

* C:\Windows\System32\drivers\dxg.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_04e0334574ce0f74\dxg.sys : 98,816 : 07/13/2009 07:38 PM : fede0629ecb23650d48989517d4914da [Pos Repl]

* C:\Windows\System32\drivers\fastfat.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys : 204,800 : 07/13/2009 07:23 PM : 0adc83218b66a6db380c330836f3e36d [Pos Repl]

* C:\Windows\System32\drivers\fdc.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\fdc.sys : 29,696 : 07/13/2009 08:00 PM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl]
+-> C:\Windows\winsxs\amd64_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_5d86a514fa18ed1d\fdc.sys : 29,696 : 07/13/2009 08:00 PM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl]

* C:\Windows\System32\drivers\flpydisk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\flpydisk.sys : 24,576 : 07/13/2009 08:00 PM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\flpydisk.sys : 24,576 : 07/13/2009 08:00 PM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl]

* C:\Windows\System32\drivers\hidclass.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidclass.sys : 76,800 : 11/20/2010 08:43 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidclass.sys : 76,288 : 07/13/2009 08:06 PM : 685fec2407fc121eb937cb658b3c0f35 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidclass.sys : 76,800 : 11/20/2010 08:43 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl]

* C:\Windows\System32\drivers\hidparse.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby Grube » August 28th, 2012, 5:42 pm

* C:\Windows\System32\drivers\hidusb.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidusb.sys : 30,208 : 11/20/2010 08:43 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidusb.sys : 30,208 : 07/13/2009 08:06 PM : b3bf6b5b50006def50b66306d99fcf6f [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidusb.sys : 30,208 : 11/20/2010 08:43 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl]

* C:\Windows\System32\drivers\http.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7600.16385_none_08b5edf0328bf3bf\http.sys : 751,616 : 07/13/2009 07:22 PM : cee049cac4efa7f4e1e4ad014414a5d4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys : 753,664 : 11/20/2010 07:25 AM : 0ea7de1acb728dd5a369fd742d6eee28 [Pos Repl]

* C:\Windows\System32\drivers\i8042prt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]

* C:\Windows\System32\drivers\intelppm.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\intelppm.sys : 62,464 : 07/13/2009 07:19 PM : ada036632c664caa754079041cf1f8c1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\intelppm.sys : 62,464 : 07/13/2009 07:19 PM : ada036632c664caa754079041cf1f8c1 [Pos Repl]

* C:\Windows\System32\drivers\ipfltdrv.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7600.16385_none_435e758fd8e07660\ipfltdrv.sys : 82,944 : 07/13/2009 08:10 PM : 722dd294df62483cecaae6e094b4d695 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7601.17514_none_458f8957d5cef9fa\ipfltdrv.sys : 82,944 : 11/20/2010 08:52 AM : c9f0e1bd74365a8771590e9008d22ab6 [Pos Repl]

* C:\Windows\System32\drivers\ipnat.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_b70d093f950ce2cf\ipnat.sys : 116,224 : 07/13/2009 08:10 PM : af9b39a7e7b6caa203b3862582e9f2d0 [Pos Repl]

* C:\Windows\System32\drivers\irenum.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-irdaircomm_31bf3856ad364e35_6.1.7600.16385_none_84866db23e5a6f30\irenum.sys : 17,920 : 07/13/2009 08:08 PM : 3abf5e7213eb28966d55d58b515d5ce9 [Pos Repl]

* C:\Windows\System32\drivers\ks.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16385_none_b375b3feaf9521f4\ks.sys : 243,200 : 07/13/2009 08:00 PM : 3e099cc843c4233e5af147c8ea8ba32b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16543_none_b39ef6e6af7679d0\ks.sys : 243,712 : 03/03/2010 11:32 PM : 5c7af4a20f5bf67042b2e613d123d111 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.20659_none_b423c581c896cd95\ks.sys : 243,712 : 03/03/2010 11:31 PM : 34f70f212083bd77a6cef1d1891a7fc1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e\ks.sys : 243,712 : 11/20/2010 11:33 AM : 24fbf5cc5c04150073c315a7c83521ee [Pos Repl]

* C:\Windows\System32\drivers\mcd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_249a5cc1e06b4240\mcd.sys : 22,016 : 07/13/2009 08:01 PM : 3c9f072f9dca856b9fb7a20cbd4281ac [Pos Repl]

* C:\Windows\System32\drivers\modem.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_8bf97498085ce154\modem.sys : 40,448 : 07/13/2009 08:10 PM : 800ba92f7010378b09f9ed9270f07137 [Pos Repl]

* C:\Windows\System32\drivers\mouhid.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys : 31,232 : 07/13/2009 08:00 PM : d3bf052c40b0c4166d9fd86a4288c1e6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys : 31,232 : 07/13/2009 08:00 PM : d3bf052c40b0c4166d9fd86a4288c1e6 [Pos Repl]

* C:\Windows\System32\drivers\mrxdav.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7600.16385_none_709fd6dedf6cab41\mrxdav.sys : 140,800 : 07/13/2009 07:23 PM : 30524261bb51d96d6fcbac20c810183c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_72d0eaa6dc5b2edb\mrxdav.sys : 140,800 : 11/20/2010 07:26 AM : dc722758b8261e1abafd31a3c0a66380 [Pos Repl]

* C:\Windows\System32\drivers\mrxsmb.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_db865edc6ace75ca\mrxsmb.sys : 157,184 : 07/13/2009 07:24 PM : cfdcd8ca87c2a657debc150ac35b5e08 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16499_none_db7f91fe6ad2f43e\mrxsmb.sys : 157,696 : 01/07/2010 10:38 PM : ab5892797c4114640ba333949568de8c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16765_none_db9c064c6abe3284\mrxsmb.sys : 157,696 : 02/23/2011 10:15 AM : b7f3d2c40bdf8ffb73ebfb19c77734e2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_dbdfe8986a8ad40a\mrxsmb.sys : 157,696 : 05/03/2011 10:51 PM : 040d62a9d8ad28922632137acdd984f2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20612_none_dc58ae0983b60046\mrxsmb.sys : 157,696 : 01/07/2010 10:45 PM : d16736a578236e7e4a796fa9a40db9af [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20907_none_dc68851983a95a7d\mrxsmb.sys : 158,208 : 02/22/2011 10:47 PM : be3a495095cd3307de152efdac946c2a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_dc34761183d018e0\mrxsmb.sys : 158,208 : 05/03/2011 10:41 PM : 629086cabfdfbe0af7253cb6a494e35a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_ddb772a467bcf964\mrxsmb.sys : 158,208 : 11/20/2010 10:27 AM : faf015b07e3a2874a790a39b7d2c579f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_dd82635267e49e70\mrxsmb.sys : 158,208 : 02/22/2011 11:56 PM : c2b4651001a867ff3f8865863b592991 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_ddc344c067b3f3f1\mrxsmb.sys : 158,208 : 04/26/2011 10:40 PM : a5d9106a73dc88564c825d317cac68ac [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_de0d006781015791\mrxsmb.sys : 158,208 : 02/22/2011 10:32 PM : cd291e3c21c61e17972dfaf8e2e2e5da [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_de41115580da9655\mrxsmb.sys : 158,208 : 04/26/2011 10:31 PM : 8d841161a355809ef86819fd3c6361d3 [Pos Repl]

* C:\Windows\System32\drivers\msfs.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42\msfs.sys : 26,112 : 07/13/2009 07:19 PM : aa3fb40e17ce1388fa1bedab50ea8f96 [Pos Repl]

* C:\Windows\System32\drivers\MSKSSRV.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mskssrv.sys : 11,136 : 07/13/2009 08:00 PM : 49ccf2c4fea34ffad8b1b59d49439366 [Pos Repl]

* C:\Windows\System32\drivers\MSPCLOCK.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspclock.sys : 7,168 : 07/13/2009 08:00 PM : bdd71ace35a232104ddd349ee70e1ab3 [Pos Repl]

* C:\Windows\System32\drivers\MSPQM.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspqm.sys : 6,784 : 07/13/2009 08:00 PM : 4ed981241db27c3383d72092b618a1d0 [Pos Repl]

* C:\Windows\System32\drivers\ndistapi.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\ndistapi.sys : 24,064 : 07/13/2009 08:10 PM : 30639c932d9fef22b31268fe25a1b6e5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndistapi.sys : 24,064 : 07/13/2009 08:10 PM : 30639c932d9fef22b31268fe25a1b6e5 [Pos Repl]

* C:\Windows\System32\drivers\ndisuio.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7600.16385_none_c7e5f96b008f2488\ndisuio.sys : 56,320 : 07/13/2009 08:09 PM : f105ba1e22bf1f2ee8f005d4305e4bec [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822\ndisuio.sys : 56,832 : 11/20/2010 08:50 AM : 136185f9fb2cc61e573e676aa5402356 [Pos Repl]

* C:\Windows\System32\drivers\ndiswan.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_4f2d826870fbcef5\ndiswan.sys : 164,352 : 07/13/2009 08:10 PM : 557dfab9ca1fcb036ac77564c010dad3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_515e96306dea528f\ndiswan.sys : 164,352 : 11/20/2010 08:52 AM : 53f7305169863f0a2bddc49e116c2e11 [Pos Repl]

* C:\Windows\System32\drivers\ndproxy.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\ndproxy.sys : 57,856 : 07/13/2009 08:10 PM : 659b74fb74b86228d6338d643cd3e3cf [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndproxy.sys : 57,856 : 11/20/2010 08:52 AM : 015c0d8e0e0421b4cfd48cffe2825879 [Pos Repl]

* C:\Windows\System32\drivers\netbios.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\netbios.sys : 44,544 : 07/13/2009 08:09 PM : 86743d9f5d2b1048062b14b1d84501c4 [Pos Repl]

* C:\Windows\System32\drivers\netbt.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys : 259,072 : 07/13/2009 07:21 PM : 9162b273a44ab9dce5b44362731d062a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys : 261,632 : 11/20/2010 07:23 AM : 09594d1089c523423b32a4229263f068 [Pos Repl]

* C:\Windows\System32\drivers\npfs.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-npfs_31bf3856ad364e35_6.1.7600.16385_none_02667684369c39b6\npfs.sys : 44,032 : 07/13/2009 07:19 PM : 1e4c4ab5c9b8dd13179bbdc75a2a01f7 [Pos Repl]

* C:\Windows\System32\drivers\null.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys : 6,144 : 07/13/2009 07:19 PM : 9899284589f75fa8724ff3d16aed75c1 [Pos Repl]

* C:\Windows\System32\drivers\parport.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\parport.sys : 97,280 : 07/13/2009 08:00 PM : 0086431c29c35be1dbc43f52cc273887 [Pos Repl]
+-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\parport.sys : 97,280 : 07/13/2009 08:00 PM : 0086431c29c35be1dbc43f52cc273887 [Pos Repl]

* C:\Windows\System32\drivers\portcls.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\portcls.sys : 230,400 : 07/13/2009 08:06 PM : 32e11315b5126921ffd9074840ef13d3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\portcls.sys : 230,400 : 07/13/2009 08:06 PM : 32e11315b5126921ffd9074840ef13d3 [Pos Repl]

* C:\Windows\System32\drivers\processr.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\processr.sys : 60,416 : 07/13/2009 07:19 PM : 0d922e23c041efb1c3fac2a6f943c9bf [Pos Repl]
+-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\processr.sys : 60,416 : 07/13/2009 07:19 PM : 0d922e23c041efb1c3fac2a6f943c9bf [Pos Repl]

* C:\Windows\System32\drivers\rasacd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys : 14,848 : 07/13/2009 08:10 PM : 5a0da8ad5762fa2d91678a8a01311704 [Pos Repl]

* C:\Windows\System32\drivers\rasl2tp.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7600.16385_none_f5d13e44019f50ed\rasl2tp.sys : 130,048 : 07/13/2009 08:10 PM : 87a6e852a22991580d6d39adc4790463 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487\rasl2tp.sys : 129,536 : 11/20/2010 08:52 AM : 471815800ae33e6f1c32fb1b97c490ca [Pos Repl]

* C:\Windows\System32\drivers\raspppoe.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.1.7600.16385_none_b22875c7b448dfbb\raspppoe.sys : 92,672 : 07/13/2009 08:10 PM : 855c9b1cd4756c5e9a2aa58a15f58c25 [Pos Repl]

* C:\Windows\System32\drivers\raspptp.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7600.16385_none_f5e410800187e3c3\raspptp.sys : 111,616 : 07/13/2009 08:10 PM : 27cc19e81ba5e3403c48302127bda717 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7601.17514_none_f8152447fe76675d\raspptp.sys : 111,104 : 11/20/2010 08:52 AM : f92a2c41117a11a00be01ca01a7fcde9 [Pos Repl]

* C:\Windows\System32\drivers\rdbss.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7600.16385_none_b5c9c9737b1a763b\rdbss.sys : 309,248 : 07/13/2009 07:24 PM : 3bac8142102c15d59a87757c1d41dce5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5\rdbss.sys : 309,248 : 11/20/2010 07:27 AM : 77f665941019a1594d887a74f301fa2f [Pos Repl]

* C:\Windows\System32\drivers\rdpcdd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_30d015c257effe8b\RDPCDD.sys : 7,680 : 07/13/2009 08:16 PM : cea6cc257fc9b7715f1c2b4849286d24 [Pos Repl]

* C:\Windows\System32\drivers\rdpwd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys : 204,800 : 07/13/2009 08:16 PM : 8a3e6bea1c53ea6177fe2b6eba2c80d7 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_a77e2496eea5135b\rdpwd.sys : 204,800 : 02/14/2012 11:47 PM : 074ac702d8b8b660b0e1371555995386 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.17011_none_a7b20bc0ee7e883a\rdpwd.sys : 204,800 : 04/27/2012 11:50 PM : 447de7e3dea39d422c1504f245b668b1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_a81068dc07bc97c8\rdpwd.sys : 205,824 : 02/16/2012 11:50 PM : 747e7011b3f92a947f0509820508ceaf [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21202_none_a8477aa807932291\rdpwd.sys : 205,824 : 04/28/2012 11:03 AM : 4ab6a3b0c3d94b0d3dbc1c2c847a02ef [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys : 210,944 : 11/20/2010 11:04 AM : 15b66c206b5cb095bab980553f38ed23 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_a95fb36cebce3342\rdpwd.sys : 210,944 : 02/16/2012 11:58 PM : 6d76e6433574b058adcb0c50df834492 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17830_none_a981f268ebb5dc96\rdpwd.sys : 210,944 : 04/27/2012 11:55 PM : e61608aa35e98999af9aaeeea6114b0a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_aa1a604804c7c5cb\rdpwd.sys : 210,944 : 02/16/2012 11:48 PM : 0b93aa14e7dcd85cc82bc7d7d1ca9b24 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21982_none_a9d7802c04fa3ac3\rdpwd.sys : 210,944 : 04/27/2012 11:51 PM : 1fe9863c6c5cc71e8e7e70f9efbd30e1 [Pos Repl]

* C:\Windows\System32\drivers\rmcast.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7600.16385_none_b072bdd8a19c0617\rmcast.sys : 145,920 : 07/13/2009 08:09 PM : 77b3b747eb2413072b8e4306018d0c9b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_b2a3d1a09e8a89b1\rmcast.sys : 146,432 : 11/20/2010 08:49 AM : caf88d6573d21cd2aa27001ddbfdc74d [Pos Repl]

* C:\Windows\System32\drivers\rndismp.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7600.16385_none_3d23a154a5966360\RNDISMP.sys : 41,472 : 07/13/2009 08:09 PM : fc6d5c50d846b795335deb3fce8b33f3 [Pos Repl]

* C:\Windows\System32\drivers\rootmdm.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_f08d2472ee3ef611\rootmdm.sys : 11,264 : 07/13/2009 08:10 PM : 388d3dd1a6457280f3badba9f3acd6b1 [Pos Repl]

* C:\Windows\System32\drivers\sdbus.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\sdbus.sys : 109,056 : 11/20/2010 07:37 AM : 111e0ebc0ad79cb0fa014b907b231cf0 [Pos Repl]
+-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7600.16385_none_cdd7ae6ae4081881\sdbus.sys : 109,056 : 07/13/2009 07:31 PM : 54e47ad086782d3ae9417c155cdceb9b [Pos Repl]
+-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7600.16437_none_ce0fc080e3ddbca1\sdbus.sys : 109,056 : 10/08/2009 10:47 PM : 4e54822ed2350eb1f31f95f0fd674ef3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7600.16438_none_ce10c0cae3dcd5f8\sdbus.sys : 109,056 : 10/09/2009 10:41 PM : 2c8d162efaf73abd36d8bcbb6340cae7 [Pos Repl]
+-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7600.20545_none_ce8c8ccbfd0545ae\sdbus.sys : 109,056 : 10/08/2009 10:48 PM : 7a94d00bb243cc032bfa89d6ef6dd440 [Pos Repl]
+-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7600.20546_none_ce8d8d15fd045f05\sdbus.sys : 109,056 : 10/09/2009 10:41 PM : bf7defbfe4bae06c0ddcfebe08553bc2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.1.7601.17514_none_d008c232e0f69c1b\sdbus.sys : 109,056 : 11/20/2010 10:37 AM : 111e0ebc0ad79cb0fa014b907b231cf0 [Pos Repl]

* C:\Windows\System32\drivers\serenum.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serenum.sys : 23,552 : 07/13/2009 08:00 PM : cb624c0035412af0debec78c41f5ca1b [Pos Repl]
+-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serenum.sys : 23,552 : 07/13/2009 08:00 PM : cb624c0035412af0debec78c41f5ca1b [Pos Repl]

* C:\Windows\System32\drivers\serial.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys : 94,208 : 07/13/2009 08:00 PM : c1d8e28b2c2adfaec4ba89e9fda69bd6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys : 94,208 : 07/13/2009 08:00 PM : c1d8e28b2c2adfaec4ba89e9fda69bd6 [Pos Repl]

* C:\Windows\System32\drivers\sffdisk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.16385_none_00307aaa039afa70\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.16438_none_00698d0a036fb7e7\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.20546_none_00e659551c9740f4\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7601.17514_none_02618e7200897e0a\sffdisk.sys : 14,336 : 07/13/2009 08:01 PM : a554811bcd09279536440c964ae35bbf [Pos Repl]

* C:\Windows\System32\drivers\sffp_sd.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\sffp_sd.sys : 14,336 : 11/20/2010 08:34 AM : dd85b78243a19b59f0637dcf284da63c [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.16385_none_00307aaa039afa70\sffp_sd.sys : 14,336 : 07/13/2009 08:01 PM : 5588b8c6193eb1522490c122eb94dffa [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.16438_none_00698d0a036fb7e7\sffp_sd.sys : 14,336 : 10/09/2009 11:17 PM : 178298f767fe638c9fedcbdef58bb5e4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7600.20546_none_00e659551c9740f4\sffp_sd.sys : 14,336 : 10/09/2009 11:18 PM : 702f29abeef21fa9426a9624446db97c [Pos Repl]
+-> C:\Windows\winsxs\amd64_sffdisk.inf_31bf3856ad364e35_6.1.7601.17514_none_02618e7200897e0a\sffp_sd.sys : 14,336 : 11/20/2010 11:34 AM : dd85b78243a19b59f0637dcf284da63c [Pos Repl]

* C:\Windows\System32\drivers\sfloppy.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys : 16,896 : 07/13/2009 08:01 PM : a9d601643a1647211a1ee2ec4e433ff4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys : 16,896 : 07/13/2009 08:01 PM : a9d601643a1647211a1ee2ec4e433ff4 [Pos Repl]

* C:\Windows\System32\drivers\smclib.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft.windows.s...smart_card_library_31bf3856ad364e35_6.1.7600.16385_none_55f89e9f01688dc0\smclib.sys : 20,992 : 07/13/2009 08:00 PM : a80348ba03e96c70852959655ca3e084 [Pos Repl]

* C:\Windows\System32\drivers\srv.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16385_none_35ec5b0210249e7c\srv.sys : 465,408 : 07/13/2009 07:25 PM : ec8f67289105bf270498095f14963464 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16481_none_35e85bc010283647\srv.sys : 464,896 : 12/08/2009 07:32 AM : 37c3abc2338010e110d2a6a3930f3149 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16664_none_36010042101544b8\srv.sys : 463,360 : 08/26/2010 11:38 PM : de6f5658da951c4bc8e498570b5b0d5f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_3643e42a0fe2ca0e\srv.sys : 461,312 : 04/28/2011 11:13 PM : 2408c0366d96bcdf63e8f1c78e4a29c5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20591_none_3667289f294df202\srv.sys : 464,896 : 12/08/2009 11:42 AM : e319934627647a6a93b880dda6b06c5e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20789_none_3679fea7293e9b17\srv.sys : 462,336 : 08/26/2010 11:39 PM : df128b7dfa3a5e399363b8f83275399d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_369771592928f58d\srv.sys : 460,800 : 04/28/2011 11:06 PM : cf6efaeb9eb9823a0d27ede6d1af662d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\srv.sys : 468,992 : 11/20/2010 11:28 AM : 2098b8556d1cec2aca9a29cd479e3692 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_382c41c40d0768a8\srv.sys : 467,456 : 04/28/2011 11:06 PM : 441fba48bff01fdb9d5969ebc1838f0b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys : 467,456 : 04/28/2011 10:54 PM : 10586f14752ace786ab120ff8bb6bda4 [Pos Repl]

* C:\Windows\System32\drivers\stream.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_ba5987585153b623\stream.sys : 68,864 : 07/13/2009 08:06 PM : 001cc10fa5e71ae1119115e126c8750d [Pos Repl]

* C:\Windows\System32\drivers\tape.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_6.1.7600.16385_none_ee1ec21ed6ff8107\tape.sys : 29,184 : 07/13/2009 08:01 PM : 6e316c01cba8b785fe495f5cc4f48c6f [Pos Repl]

* C:\Windows\System32\drivers\tdi.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7600.16385_none_c2e33a334fa77fd1\tdi.sys : 26,624 : 07/13/2009 07:21 PM : 0ca6fe26acc7ffee1bd0463f40835f32 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7601.17514_none_c5144dfb4c96036b\tdi.sys : 26,624 : 11/20/2010 07:22 AM : 6f020a220388eca0ab6062dc27bd16b6 [Pos Repl]

* C:\Windows\System32\drivers\tdpipe.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys : 15,872 : 07/13/2009 08:16 PM : 3371d21011695b16333a3934340c4e7c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_37b4d3bb5e59cdd8\tdpipe.sys : 15,872 : 07/13/2009 08:16 PM : 3371d21011695b16333a3934340c4e7c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_3847180077715245\tdpipe.sys : 15,872 : 07/13/2009 08:16 PM : 3371d21011695b16333a3934340c4e7c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_399662915b82edbf\tdpipe.sys : 15,872 : 07/13/2009 08:16 PM : 3371d21011695b16333a3934340c4e7c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_3a510f6c747c8048\tdpipe.sys : 15,872 : 07/13/2009 08:16 PM : 3371d21011695b16333a3934340c4e7c [Pos Repl]

* C:\Windows\System32\drivers\tdtcp.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys : 23,552 : 07/13/2009 08:16 PM : e4245bda3190a582d55ed09e137401a9 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_37b4d3bb5e59cdd8\tdtcp.sys : 23,552 : 02/14/2012 11:46 PM : 7518f7bcfd4b308abc9192bacaf6c970 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_3847180077715245\tdtcp.sys : 23,552 : 02/16/2012 11:49 PM : 16cb6a471a7fb48964aadb1356d80671 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_399662915b82edbf\tdtcp.sys : 23,552 : 02/16/2012 11:57 PM : 51c5eceb1cdee2468a1748be550cfbc8 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_3a510f6c747c8048\tdtcp.sys : 23,552 : 02/16/2012 11:47 PM : 7463523827b104317de03a87c6d3ea1b [Pos Repl]

* C:\Windows\System32\drivers\tdx.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys : 99,840 : 07/13/2009 07:21 PM : 079125c4b17b01fcaeebce0bcb290c0f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys : 119,296 : 11/20/2010 07:21 AM : ddad5a7ab24d8b65f8d724f5c20fd806 [Pos Repl]

* C:\Windows\System32\drivers\udfs.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-udfs_31bf3856ad364e35_6.1.7600.16385_none_026e89ea3694b78b\udfs.sys : 327,168 : 07/13/2009 07:23 PM : d47baead86c65d4f4069d7ce0a4edceb [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-udfs_31bf3856ad364e35_6.1.7601.17514_none_049f9db233833b25\udfs.sys : 328,192 : 11/20/2010 07:26 AM : ff4232a1a64012baa1fd97c7b67df593 [Pos Repl]

* C:\Windows\System32\drivers\usb8023.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_20e1b69f6c5c4250\usb8023.sys : 19,968 : 07/13/2009 08:09 PM : d0fe8cb5f84303e73ff0754437fad3d1 [Pos Repl]

* C:\Windows\System32\drivers\usbcamd2.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7600.16385_none_fb7d533791ec1504\USBCAMD2.sys : 32,896 : 07/13/2009 08:06 PM : faec06c1d24e2770ecc4f7c37659824d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_fdae66ff8eda989e\USBCAMD2.sys : 32,896 : 11/20/2010 08:44 AM : 292a8e03b3fce04e39b5be9b14132030 [Pos Repl]

* C:\Windows\System32\drivers\usbccgp.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys : 98,816 : 03/24/2011 11:29 PM : 6f1a3157a1c89435352ceb543cdb359c [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbccgp.sys : 98,816 : 11/20/2010 11:44 AM : 481dff26b4dca8f4cbac1f7dce1d6829 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_26ed589d28235a16\usbccgp.sys : 98,816 : 07/13/2009 08:06 PM : b26afb54a534d634523c4fb66765b026 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16788_none_26f0611328209ab7\usbccgp.sys : 98,816 : 03/24/2011 11:23 PM : 7b6a127c93ee590e4d79a5f2a76fe46f [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.20934_none_27ac0e3841194697\usbccgp.sys : 99,328 : 03/28/2011 11:32 PM : 537a4e03d7103c12d42dfd8ffdb5bdc9 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbccgp.sys : 98,816 : 11/20/2010 11:44 AM : 481dff26b4dca8f4cbac1f7dce1d6829 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbccgp.sys : 98,816 : 03/24/2011 11:29 PM : 6f1a3157a1c89435352ceb543cdb359c [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbccgp.sys : 99,328 : 03/24/2011 11:24 PM : 19ad7990c0b67e48dac5b26f99628223 [Pos Repl]

* C:\Windows\System32\drivers\usbd.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys : 7,936 : 03/24/2011 11:28 PM : cca2ab1752a61f29c3c941cd79d78cea [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbd.sys : 7,936 : 07/13/2009 08:06 PM : 63c8d74bed9f80f4dd0aa7a3101eb639 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbd.sys : 7,936 : 07/13/2009 08:06 PM : 63c8d74bed9f80f4dd0aa7a3101eb639 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbd.sys : 7,936 : 03/24/2011 11:22 PM : 70b5a5a7e0ddd5ebaf6e35b7257a6b9d [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbd.sys : 7,936 : 03/28/2011 11:32 PM : f96f7835c8818895c47f6213e3a01f5d [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbd.sys : 7,936 : 07/13/2009 08:06 PM : 63c8d74bed9f80f4dd0aa7a3101eb639 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbd.sys : 7,936 : 03/24/2011 11:28 PM : cca2ab1752a61f29c3c941cd79d78cea [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbd.sys : 7,936 : 03/24/2011 11:24 PM : 9fed58941ec600a96cb0cc37ec841ffb [Pos Repl]

* C:\Windows\System32\drivers\usbehci.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys : 52,736 : 03/24/2011 11:29 PM : c025055fe7b87701eb042095df1a2d7b [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbehci.sys : 52,224 : 11/20/2010 11:43 AM : 74ee782b1d9c241efe425565854c661c [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbehci.sys : 51,200 : 07/13/2009 08:06 PM : 2ea4aff7be7eb4632e3aa8595b0803b5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbehci.sys : 52,224 : 03/24/2011 11:22 PM : 92969ba5ac44e229c55a332864f79677 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbehci.sys : 52,224 : 03/28/2011 11:32 PM : fbb21ebe49f6d560db37ac25fbc68e66 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbehci.sys : 52,224 : 11/20/2010 11:43 AM : 74ee782b1d9c241efe425565854c661c [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbehci.sys : 52,736 : 03/24/2011 11:29 PM : c025055fe7b87701eb042095df1a2d7b [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbehci.sys : 52,736 : 03/24/2011 11:24 PM : db1d7bfac2ae51766aad8f4edad753d0 [Pos Repl]

* C:\Windows\System32\drivers\usbhub.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys : 343,040 : 03/24/2011 11:29 PM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys : 343,040 : 11/20/2010 11:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys : 343,040 : 03/24/2011 11:29 PM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbhub.sys : 343,040 : 11/20/2010 11:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_26ed589d28235a16\usbhub.sys : 343,040 : 07/13/2009 08:07 PM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16788_none_26f0611328209ab7\usbhub.sys : 343,040 : 03/24/2011 11:23 PM : e7df1cfd28ca86b35ef5add0735ceef3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.20934_none_27ac0e3841194697\usbhub.sys : 343,040 : 03/28/2011 11:32 PM : 6b7a8a99c4a459e73c286a6763ea24cc [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbhub.sys : 343,040 : 11/20/2010 11:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbhub.sys : 343,040 : 03/24/2011 11:29 PM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbhub.sys : 343,040 : 03/24/2011 11:24 PM : 8b892002d7b79312821169a14317ab86 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbhub.sys : 343,040 : 07/13/2009 08:07 PM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbhub.sys : 343,040 : 03/24/2011 11:23 PM : e7df1cfd28ca86b35ef5add0735ceef3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbhub.sys : 343,040 : 03/28/2011 11:32 PM : 6b7a8a99c4a459e73c286a6763ea24cc [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbhub.sys : 343,040 : 11/20/2010 11:44 AM : dc96bd9ccb8403251bcf25047573558e [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbhub.sys : 343,040 : 03/24/2011 11:29 PM : 287c6c9410b111b68b52ca298f7b8c24 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbhub.sys : 343,040 : 03/24/2011 11:24 PM : 8b892002d7b79312821169a14317ab86 [Pos Repl]

* C:\Windows\System32\drivers\usbport.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys : 325,120 : 03/24/2011 11:29 PM : ae259c75f9a0b057b6bf9e9695632b09 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbport.sys : 325,120 : 11/20/2010 11:44 AM : b6d64ee607637301ff8c33139b4950de [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbport.sys : 324,608 : 07/13/2009 08:06 PM : a91291136d1e70966645252f6b828711 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbport.sys : 324,608 : 03/24/2011 11:23 PM : bbf36eb7117f6b976975c9d8d877df18 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbport.sys : 324,608 : 03/28/2011 11:32 PM : b37c3bf3ffc97177b1a9c016b7c8cdd6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbport.sys : 325,120 : 11/20/2010 11:44 AM : b6d64ee607637301ff8c33139b4950de [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbport.sys : 325,120 : 03/24/2011 11:29 PM : ae259c75f9a0b057b6bf9e9695632b09 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbport.sys : 325,120 : 03/24/2011 11:24 PM : 985205ef2e427b4f5e464f0f0f8671f0 [Pos Repl]
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby Grube » August 28th, 2012, 5:44 pm

* C:\Windows\System32\drivers\USBSTOR.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\USBSTOR.SYS : 91,648 : 11/20/2010 11:44 AM : d76510cfa0fc09023077f22c2f979d86 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS : 91,648 : 03/10/2011 11:37 PM : fed648b01349a3c8395a5169db5fb7d6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS : 89,600 : 07/13/2009 08:06 PM : 080d3820da6c046be82fc8b45a893e83 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16778_none_a48918bfb179469a\USBSTOR.SYS : 91,136 : 03/10/2011 11:31 PM : f39983647bc1f3e6100778ddfe9dce29 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.20921_none_a541c506ca74a675\USBSTOR.SYS : 91,136 : 03/10/2011 11:29 PM : 3a6cb8c3b8904f01e73d10081b7d0ec7 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS : 91,648 : 11/20/2010 11:44 AM : d76510cfa0fc09023077f22c2f979d86 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_a66e757baea0992f\USBSTOR.SYS : 91,648 : 03/10/2011 11:37 PM : fed648b01349a3c8395a5169db5fb7d6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_a6e64054c7cca389\USBSTOR.SYS : 91,648 : 03/10/2011 11:21 PM : 36106ac439edfbb7b8bdbf99079c7590 [Pos Repl]

* C:\Windows\System32\drivers\usbuhci.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys : 30,720 : 03/24/2011 11:29 PM : 62069a34518bcf9c1fd9e74b3f6db7cd [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16788_none_19ba59901d3be89e\usbuhci.sys : 30,720 : 03/24/2011 11:22 PM : bc3070350a491d84b518d7cca9abd36f [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.20934_none_1a7606b53634947e\usbuhci.sys : 30,720 : 03/28/2011 11:32 PM : 0b5b3b2df3fd1709618acfa50b8392b0 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbuhci.sys : 30,720 : 03/24/2011 11:29 PM : 62069a34518bcf9c1fd9e74b3f6db7cd [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbuhci.sys : 30,720 : 03/24/2011 11:24 PM : 23d13cd7d90e8857f06647fed5d0f3dd [Pos Repl]

* C:\Windows\System32\drivers\vga.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-standardvga_31bf3856ad364e35_6.1.7600.16385_none_f881232cf3b0c322\vga.sys : 29,184 : 07/13/2009 07:38 PM : 53e92a310193cb3c03bea963de7d9cfc [Pos Repl]

* C:\Windows\System32\drivers\videoprt.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-videoport_31bf3856ad364e35_6.1.7600.16385_none_180f3dba1e158073\videoprt.sys : 129,024 : 07/13/2009 07:38 PM : e7353d59c9842bc7299faeb7e7e09340 [Pos Repl]

* C:\Windows\System32\drivers\wanarp.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\wanarp.sys : 88,576 : 07/13/2009 08:10 PM : 47ca49400643effd3f1c9a27e1d69324 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\wanarp.sys : 88,576 : 11/20/2010 08:52 AM : 356afd78a6ed4457169241ac3965230c [Pos Repl]

* C:\Windows\System32\drivers\ws2ifsl.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys : 21,504 : 07/13/2009 08:10 PM : 6bcc1d7d2fd2453957c5479a32364e52 [Pos Repl]

* C:\Windows\System32\dsound.dll [NoSig]
+-> C:\Windows\SysWOW64\dsound.dll : 453,632 : 07/13/2009 09:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_b490afff5b93e5a7\dsound.dll : 540,672 : 07/13/2009 09:40 PM : 9110ffad124283f37d38771bb60556af [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll : 453,632 : 07/13/2009 09:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl]

* C:\Windows\System32\dwm.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe : 120,320 : 07/13/2009 09:39 PM : f162d5f5e845b9dc352dd1bad8cef1bc [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe : 120,320 : 07/13/2009 09:39 PM : f162d5f5e845b9dc352dd1bad8cef1bc [Pos Repl]

* C:\Windows\System32\es.dll [NoSig]
+-> C:\Windows\SysWOW64\es.dll : 271,360 : 07/13/2009 09:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll : 402,944 : 07/13/2009 09:40 PM : 4166f82be4d24938977dd1746be9b8a0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll : 271,360 : 07/13/2009 09:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl]

* C:\Windows\System32\hid.dll [NoSig]
+-> C:\Windows\SysWOW64\hid.dll : 22,016 : 07/13/2009 09:15 PM : 63df770df74acb370ef5a16727069aaf [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede\hid.dll : 30,208 : 07/13/2009 09:41 PM : 896f15a6434d93edb42519d5e18e6b50 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_3cf5e466d58070d9\hid.dll : 22,016 : 07/13/2009 09:15 PM : 63df770df74acb370ef5a16727069aaf [Pos Repl]

* C:\Windows\System32\hnetcfg.dll [NoSig]
+-> C:\Windows\SysWOW64\hnetcfg.dll : 288,256 : 07/13/2009 09:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll : 424,448 : 07/13/2009 09:41 PM : 3b367397320c26dba890b260f80d1b1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_167fe1ade2ab4f33\hnetcfg.dll : 288,256 : 07/13/2009 09:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl]

* C:\Windows\System32\ias.dll [NoSig]
+-> C:\Windows\SysWOW64\ias.dll : 19,456 : 07/13/2009 09:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_54f5cc4b5c3749bf\ias.dll : 26,624 : 07/13/2009 09:41 PM : 39415b10172c431f5ab87488d79e9dc4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_5726e0135925cd59\ias.dll : 26,624 : 07/13/2009 09:41 PM : 39415b10172c431f5ab87488d79e9dc4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll : 19,456 : 07/13/2009 09:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll : 19,456 : 07/13/2009 09:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl]

* C:\Windows\System32\imm32.dll [NoSig]
+-> C:\Windows\SysWOW64\imm32.dll : 119,808 : 11/20/2010 09:08 AM : a6f09e5669d9a19035f6d942caa15882 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll : 167,424 : 07/13/2009 09:41 PM : aa2c08ce85653b1a0d2e4ab407fa176c [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll : 119,808 : 07/13/2009 09:11 PM : 0de3069d6e09ba262856ef31c941befe [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll : 119,808 : 11/20/2010 09:08 AM : a6f09e5669d9a19035f6d942caa15882 [Pos Repl]

* C:\Windows\System32\ipsecsvc.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_a003697905b64513\IPSECSVC.DLL : 500,224 : 07/13/2009 09:41 PM : 166eb40d1f5b47e615de3d0fffe5f243 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\IPSECSVC.DLL : 501,248 : 11/20/2010 09:26 AM : 4f15d75adf6156bf56eced6d4a55c389 [Pos Repl]

* C:\Windows\System32\kernel32.dll [NoSig]
+-> C:\Windows\SysWOW64\kernel32.dll : 1,114,112 : 07/16/2011 09:24 AM : 99c3f8e9cc59d95666eb8d8a8b4c2beb [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll : 1,162,240 : 07/13/2009 09:41 PM : 5b4b379ad10deda4eda01b8c6961b193 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll : 1,162,240 : 07/16/2011 09:21 AM : ddbd24dc04da5fd0edf45cf72b7c01e2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll : 1,162,240 : 07/16/2011 09:21 AM : 06835b46d9676bedd80af25acf6845fd [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll : 1,161,216 : 11/20/2010 09:26 AM : 7a6326d96d53048fdec542df23d875a0 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll : 1,162,752 : 07/16/2011 09:37 AM : b9b42a302325537d7b9dc52d47f33a73 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll : 1,163,264 : 07/16/2011 09:28 AM : 27ac02d8ee4c02e7648c41cb880151da [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll : 836,608 : 07/13/2009 09:11 PM : 606ecb76a424cc535407e7a24e2a34bc [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll : 1,048,576 : 07/16/2011 09:30 AM : 4ea99f1644627b1ebad99d0b93cdee1c [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll : 1,114,112 : 07/16/2011 09:21 AM : 2113248db2d1af9ca790b09f3e6c6e85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll : 837,632 : 11/20/2010 09:08 AM : e80758cf485db142fca1ee03a34ead05 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll : 1,114,112 : 07/16/2011 09:24 AM : 99c3f8e9cc59d95666eb8d8a8b4c2beb [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll : 1,114,112 : 07/16/2011 09:49 AM : d3cb12854171df61d117d7c2bf22c675 [Pos Repl]

* C:\Windows\System32\ksuser.dll [NoSig]
+-> C:\Windows\SysWOW64\ksuser.dll : 4,608 : 07/13/2009 09:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll : 5,120 : 07/13/2009 09:41 PM : 8560fffc8eb3a806dcd4f82252cfc8c6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll : 5,120 : 07/13/2009 09:41 PM : 8560fffc8eb3a806dcd4f82252cfc8c6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll : 4,608 : 07/13/2009 09:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll : 4,608 : 07/13/2009 09:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl]

* C:\Windows\System32\linkinfo.dll [NoSig]
+-> C:\Windows\SysWOW64\linkinfo.dll : 22,016 : 07/13/2009 09:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll : 29,696 : 07/13/2009 09:41 PM : a0a65d306a5490d2eb8e7de66898ecfd [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll : 22,016 : 07/13/2009 09:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl]

* C:\Windows\System32\lpk.dll [NoSig]
+-> C:\Windows\SysWOW64\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll : 41,984 : 07/13/2009 09:41 PM : d202223587518b13d72d68937b7e3f70 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll : 25,600 : 07/13/2009 09:11 PM : 384721ef4024890092625e20cadfaf85 [Pos Repl]

* C:\Windows\System32\lsass.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe : 31,232 : 07/13/2009 09:39 PM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe : 31,232 : 07/13/2009 09:39 PM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe : 31,232 : 11/17/2011 09:05 AM : 156f6159457d0aa7e59b62681b56eb90 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe : 31,232 : 11/17/2011 09:05 AM : 156f6159457d0aa7e59b62681b56eb90 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe : 31,232 : 07/13/2009 09:39 PM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe : 31,232 : 11/17/2011 09:42 AM : d21bd47e528cd62e79311fb5df0150e6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe : 31,232 : 06/02/2012 09:30 AM : bf63ce11a25f3509129888710d5111fc [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe : 31,232 : 07/13/2009 09:39 PM : 0793f40b9b8a1bdd266296409dbd91ea [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe : 31,232 : 11/17/2011 09:33 AM : c118a82cd78818c29ab228366ebf81c3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe : 31,232 : 11/17/2011 09:33 AM : c118a82cd78818c29ab228366ebf81c3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe : 31,232 : 11/17/2011 09:20 AM : 0a10b74fbb437ff9a23f1d5de4446a83 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe : 31,232 : 06/04/2012 09:51 AM : 79c908caa6f43021eb05f4c733a927d1 [Pos Repl]

* C:\Windows\System32\lsm.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7600.16385_none_0139be68243bb634\lsm.exe : 333,312 : 07/13/2009 09:39 PM : 04fca22b77a2e37332cc8226187af87b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce\lsm.exe : 343,040 : 11/20/2010 09:24 AM : 9662ee182644511439f1c53745dc1c88 [Pos Repl]

* C:\Windows\System32\midimap.dll [NoSig]
+-> C:\Windows\SysWOW64\midimap.dll : 16,896 : 07/13/2009 09:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\midimap.dll : 20,480 : 07/13/2009 09:41 PM : ca2a0750ed830678997695ff61b04c30 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll : 16,896 : 07/13/2009 09:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl]

* C:\Windows\System32\mshtml.dll [NoSig]
+-> C:\Windows\SysWOW64\mshtml.dll : 12,317,184 : 06/28/2012 08:52 PM : 5e8e869e1342308752a37a2c90cca79d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_89f24b7ab2dc7a40\mshtml.dll : 9,271,296 : 07/13/2009 09:41 PM : 12c3f25ea578daa752024e1918d59313 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_89e27c02b2e914a5\mshtml.dll : 9,276,928 : 12/19/2009 09:47 AM : f172328c926ff41aa3cc81eb37f7e0ae [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_8a236508b2b85ec2\mshtml.dll : 9,335,296 : 12/16/2011 09:42 AM : 7f821bed26d263f3853c6aaa62df5b43 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_8acd69ffcbbdb61d\mshtml.dll : 9,280,512 : 12/19/2009 09:09 AM : 4c8fc7269f660374f398f75b240ef446 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_8ad54c09cbb6a8b3\mshtml.dll : 9,338,368 : 12/16/2011 09:38 AM : 0fbd1ed7a6b4f15b767a9aef12e4c135 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll : 8,988,160 : 11/20/2010 09:27 AM : 1c8b787baa52dead1a6fec1502d652f0 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_8c02f34aafe34bfb\mshtml.dll : 9,019,904 : 12/16/2011 09:45 AM : a668888b8aa45e8c21a451a936b589a2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_8c702179c915a4f4\mshtml.dll : 9,019,392 : 12/16/2011 09:39 AM : 3b3cba1c6f0f83ed1b869c66ea31e36e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll : 17,790,464 : 03/28/2012 09:22 AM : e61288581ad9e647abefb1489b250b5c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll : 17,790,976 : 02/28/2012 09:34 AM : d785a16a6f03f76cb862f28c9f8c9672 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll : 17,807,360 : 05/17/2012 10:47 PM : de469470d93deb4a1a81ede72b848198 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll : 17,807,360 : 06/02/2012 10:49 AM : 89c4b3bf66d3c2f3d83f9dedf1b218d6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll : 17,809,920 : 06/29/2012 10:55 AM : 8415f4792d7bc07be328df56fe32045a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll : 17,790,976 : 02/27/2012 10:54 PM : 97bb8c752a400556a4ff2e1aafa0a138 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll : 17,807,360 : 05/17/2012 09:35 PM : be1e4779329040ed334651cd877c416d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll : 17,807,360 : 06/02/2012 09:45 AM : 0c26f50d6c347ce294c84347e6faeaa8 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll : 17,809,920 : 06/28/2012 10:39 PM : c4de0e2b31f60acb15e6b4154e26298a [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll : 5,957,632 : 07/13/2009 09:15 PM : 43592d31aff84dd957199248898d9430 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_94372654e749d6a0\mshtml.dll : 5,961,728 : 12/19/2009 09:02 AM : 6ee36579e69e37d2ab2926a40b16dbb3 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_94780f5ae71920bd\mshtml.dll : 5,999,104 : 12/16/2011 09:59 AM : 65631f456004e4df6add6f8c2550fea2 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_95221452001e7818\mshtml.dll : 5,962,240 : 12/19/2009 09:10 AM : 96990605689b601287d4a83dd2b05f0b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_9529f65c00176aae\mshtml.dll : 6,000,640 : 12/16/2011 09:49 AM : 41adbc5327bbdd802266b965b9dc9c9b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll : 5,977,600 : 11/20/2010 09:19 AM : c50799f0d47dfb9774f721521b6c41d5 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_96579d9ce4440df6\mshtml.dll : 5,997,568 : 12/16/2011 09:52 AM : bdb0402589bdd0d47d0ce9b2a0187d94 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_96c4cbcbfd7666ef\mshtml.dll : 5,998,080 : 12/16/2011 09:58 AM : d829890a3ce83ee4332d2be11755e590 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll : 12,282,368 : 03/28/2012 09:22 AM : 497c9c3db953a60ec4f43a097e15f75e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll : 12,281,856 : 02/27/2012 08:52 PM : f82bf2cb075b49e9fab5ff213c45c020 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll : 12,314,624 : 05/17/2012 07:11 PM : 9fb58f71104107d44540af1195f7a14d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll : 12,314,624 : 06/02/2012 07:07 AM : 6820a9e91aff7cb3a510360d8ccd9bdd [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll : 12,317,184 : 06/28/2012 08:52 PM : 5e8e869e1342308752a37a2c90cca79d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll : 12,281,856 : 02/27/2012 08:21 PM : b9e083b14b1994f1255983f2df31c7df [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll : 12,314,624 : 05/17/2012 06:53 PM : 761d9111f5a2619cb5060661d36fbfff [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll : 12,314,624 : 06/02/2012 06:48 AM : 1abf770552ea9d4fe90f654468faf4ce [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll : 12,317,184 : 06/28/2012 07:11 PM : aec51857aec2f5ce4520366240afc671 [Pos Repl]

* C:\Windows\System32\msimg32.dll [NoSig]
+-> C:\Windows\SysWOW64\msimg32.dll : 4,608 : 07/13/2009 09:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll : 8,192 : 07/13/2009 09:41 PM : e424b3ef666b184cee0b6871aaa8c9f6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll : 4,608 : 07/13/2009 09:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl]

* C:\Windows\System32\msprivs.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.1.7600.16385_none_680de2b99516e12e\msprivs.dll : 2,048 : 07/13/2009 09:29 PM : 02b64609f865a39365ff88580df11738 [Pos Repl]

* C:\Windows\System32\msvcrt.dll [NoSig]
+-> C:\Windows\SysWOW64\msvcrt.dll : 690,688 : 12/16/2011 09:52 AM : 9dc80a8aaaaac397bdab3c67165a824e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll : 634,880 : 07/13/2009 09:41 PM : 7319bb10fa1f86e49e3dcf4136f6c957 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_2d7b4155b87308d6\msvcrt.dll : 634,368 : 12/16/2011 09:42 AM : 579f6afc6a6561951fa2202efc3fe485 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_2e2d2856d17152c7\msvcrt.dll : 634,880 : 12/16/2011 09:38 AM : 7d8b505e35ab89d3c3e9ae54a2c95dd2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll : 634,880 : 12/16/2011 09:46 AM : c391fc68282a000cdf953f8b6b55d2ef [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll : 634,880 : 12/16/2011 09:39 AM : f9a4c695c86cc32048fe2c987a0bd387 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll : 690,688 : 07/13/2009 09:15 PM : e46d48a7fe961401f1cbf85531cdf05d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll : 690,688 : 12/16/2011 09:59 AM : f8a61b2e713309b4616d107919bdab6e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll : 690,688 : 12/16/2011 09:49 AM : 10142c1975202a767c0edb3bc066fd88 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll : 690,688 : 12/16/2011 09:52 AM : 9dc80a8aaaaac397bdab3c67165a824e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll : 690,688 : 12/16/2011 09:58 AM : 2f740c4b458331357e825e94afb0953a [Pos Repl]

* C:\Windows\System32\mswsock.dll [NoSig]
+-> C:\Windows\SysWOW64\mswsock.dll : 232,448 : 11/20/2010 09:19 AM : 8999b8631c7fd9f7f9ec3cafd953ba24 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll : 320,000 : 07/13/2009 09:41 PM : fc76fe3c1e1fdb761244d4f74ef560fd [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll : 326,144 : 11/20/2010 09:27 AM : 1d5185a4c7e6695431ae4b55c3d7d333 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll : 232,448 : 07/13/2009 09:15 PM : 11a41f17527ed75d6b758fdd7f4fd00d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll : 232,448 : 11/20/2010 09:19 AM : 8999b8631c7fd9f7f9ec3cafd953ba24 [Pos Repl]

* C:\Windows\System32\netlogon.dll [NoSig]
+-> C:\Windows\SysWOW64\netlogon.dll : 563,712 : 11/20/2010 09:20 AM : c1809b9907adedaf16f50c894100883b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll : 692,736 : 07/13/2009 09:41 PM : 956d030d375f207b22fb111e06ef9c35 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll : 695,808 : 11/20/2010 09:27 AM : aa339dd8bb128ef66660dfbbb59043d3 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll : 563,712 : 07/13/2009 09:16 PM : eaa75d9000b71f10eec04d2ae6c60e81 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll : 563,712 : 11/20/2010 09:20 AM : c1809b9907adedaf16f50c894100883b [Pos Repl]

* C:\Windows\System32\netman.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll : 360,448 : 07/13/2009 09:41 PM : 847d3ae376c0817161a14a82c8922a9e [Pos Repl]

* C:\Windows\System32\ole32.dll [NoSig]
+-> C:\Windows\SysWOW64\ole32.dll : 1,414,144 : 11/20/2010 09:20 AM : 928cf7268086631f54c3d8e17238c6dd [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_081299030c02672b\ole32.dll : 2,084,352 : 07/13/2009 09:41 PM : 4b25dde615ac2cabab73169ca7da96e6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll : 2,085,376 : 06/29/2010 09:39 AM : ac8f79017c5c1fb316930edead0af517 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_08c67ae62500754f\ole32.dll : 2,085,376 : 06/29/2010 09:37 AM : 49401892e8305914a9e7f64c7000d6a6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll : 2,086,912 : 11/20/2010 09:27 AM : 6c60b5aca7442efb794082cdacfc001c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll : 1,412,608 : 07/13/2009 09:16 PM : 4acb903ad1693858a918907358cbd9e4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll : 1,413,632 : 06/29/2010 09:02 AM : e2c2d8c982316c8abf800c6ce3f28fab [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll : 1,414,144 : 06/29/2010 09:56 AM : 40e6bf57f6a923038b94c07387118089 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll : 1,414,144 : 11/20/2010 09:20 AM : 928cf7268086631f54c3d8e17238c6dd [Pos Repl]

* C:\Windows\System32\perfctrs.dll [NoSig]
+-> C:\Windows\SysWOW64\perfctrs.dll : 39,424 : 07/13/2009 09:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_8d682f6a76cad93f\perfctrs.dll : 44,544 : 07/13/2009 09:41 PM : 8056a3e51b569c3f437a5026a0abe66d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll : 39,424 : 07/13/2009 09:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl]

* C:\Windows\System32\powrprof.dll [NoSig]
+-> C:\Windows\SysWOW64\powrprof.dll : 145,408 : 07/13/2009 09:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll : 167,424 : 07/13/2009 09:41 PM : 716175021bda290504ce434273f666bc [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll : 145,408 : 07/13/2009 09:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl]

* C:\Windows\System32\psbase.dll [NoSig]
+-> C:\Windows\SysWOW64\psbase.dll : 50,688 : 07/13/2009 09:16 PM : 274992d0945889a6b56d0e1bd4288a6e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b\psbase.dll : 52,224 : 07/13/2009 09:41 PM : ab95fbae4f9a5a56b177cec427b2b35e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_ae92b0937e708d46\psbase.dll : 50,688 : 07/13/2009 09:16 PM : 274992d0945889a6b56d0e1bd4288a6e [Pos Repl]

* C:\Windows\System32\pstorsvc.dll [NoSig]
+-> C:\Windows\SysWOW64\pstorsvc.dll : 23,552 : 07/13/2009 09:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b\pstorsvc.dll : 36,352 : 07/13/2009 09:41 PM : 35ba5aa671887fe8a62b88a9a6229fd5 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_ae92b0937e708d46\pstorsvc.dll : 23,552 : 07/13/2009 09:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [Pos Repl]

* C:\Windows\System32\qmgr.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll : 848,384 : 07/13/2009 09:41 PM : 7f0c323fe3da28aa4aa1bda3f575707f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll : 849,920 : 11/20/2010 09:27 AM : 1ea7969e3271cbc59e1730697dc74682 [Pos Repl]

* C:\Windows\System32\rasadhlp.dll [NoSig]
+-> C:\Windows\SysWOW64\rasadhlp.dll : 11,776 : 07/13/2009 09:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasadhlp.dll : 16,384 : 07/13/2009 09:41 PM : 88351b29b622b30962d2feb6ca8d860b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll : 11,776 : 07/13/2009 09:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl]

* C:\Windows\System32\regsvc.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll : 159,232 : 07/13/2009 09:41 PM : e4d94f24081440b5fc5aa556c7c62702 [Pos Repl]

* C:\Windows\System32\rpcss.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 09:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 09:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]

* C:\Windows\System32\scecli.dll [NoSig]
+-> C:\Windows\SysWOW64\scecli.dll : 175,616 : 11/20/2010 09:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll : 232,448 : 07/13/2009 09:41 PM : 398712dddaefb85edf61df6a07b65c79 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll : 232,960 : 11/20/2010 09:27 AM : ed78427259134c63ed69804d2132b86c [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll : 175,616 : 07/13/2009 09:16 PM : 26073302daea83cc5b944c546d6b47d2 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll : 175,616 : 11/20/2010 09:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [Pos Repl]

* C:\Windows\System32\schannel.dll [NoSig]
+-> C:\Windows\SysWOW64\schannel.dll : 225,280 : 06/02/2012 09:40 AM : 3d3cbd1847f980fb03343a63671e7886 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_7e0b3cb56ef3dd68\schannel.dll : 348,672 : 07/13/2009 09:41 PM : 5a148b1574be77742d337ec81c23fc7a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_7e56f78d6ebb08bb\schannel.dll : 340,992 : 11/17/2011 09:10 AM : 65238bdc2ec498ef5bc52ccf0ac2736b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.17035_none_7e412fd76ecb73df\schannel.dll : 340,992 : 06/02/2012 09:27 AM : 90b780886bd813882cb382ff3e90e092 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_7e86ea56881c7223\schannel.dll : 339,456 : 11/17/2011 09:49 AM : 4abe93525123ba830a3d33ea0d5d93ad [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21225_none_7ed59e7487e0f4df\schannel.dll : 338,944 : 06/02/2012 09:37 AM : 107519f9849d947ee1ba5085f7bc2763 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_803c507d6be26102\schannel.dll : 340,992 : 11/20/2010 09:27 AM : a199de544bf5c61c134b22c7592226fc [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098\schannel.dll : 340,992 : 11/17/2011 09:35 AM : fbd1d2169aceee3073861f8ca3a28c49 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17856_none_801317136c00fae9\schannel.dll : 340,992 : 06/02/2012 09:45 AM : 1573c45e65de32b1bc3572634f8f1e8e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_808ce09a852b3aca\schannel.dll : 340,992 : 11/17/2011 09:26 AM : ed848d806f639ce611b3bedc6c958140 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22010_none_80c1c9f48503c627\schannel.dll : 340,992 : 06/04/2012 09:54 AM : f6184411925d84c41a87fb9821554da8 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16385_none_885fe707a3549f63\schannel.dll : 220,160 : 07/13/2009 09:16 PM : 0a53fd4ebbd92002ccc362a9b8087885 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_88aba1dfa31bcab6\schannel.dll : 224,768 : 11/17/2011 09:39 AM : 83041697ae93aa4b783ae8746904edd2 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.17035_none_8895da29a32c35da\schannel.dll : 225,280 : 06/02/2012 09:48 AM : 76c48f0cd8a526858ab9a4886586942a [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_88db94a8bc7d341e\schannel.dll : 224,768 : 11/17/2011 09:15 AM : cb6b6b1f8d283de4540445c5313cb445 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21225_none_892a48c6bc41b6da\schannel.dll : 225,280 : 06/02/2012 09:45 AM : 1f7939c11281755a7b0a6ac47929f701 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_8a90facfa04322fd\schannel.dll : 224,256 : 11/20/2010 09:21 AM : 135f7ac9be35ab1df727faf2e60e92f8 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_8a872ef9a04a5293\schannel.dll : 224,768 : 11/17/2011 09:34 AM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17856_none_8a67c165a061bce4\schannel.dll : 225,280 : 06/02/2012 09:40 AM : 3d3cbd1847f980fb03343a63671e7886 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_8ae18aecb98bfcc5\schannel.dll : 224,768 : 11/17/2011 09:29 AM : 3dbcbd8adb406c43a2127544d7ba974e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22010_none_8b167446b9648822\schannel.dll : 225,280 : 06/02/2012 09:55 AM : c5b2dc72f2453cef2e150a81f696703d [Pos Repl]

* C:\Windows\System32\schedsvc.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll : 1,104,384 : 07/13/2009 09:41 PM : ec56b171f85c7e855e7b0588ac503eea [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_8aef4726b0b7f821\schedsvc.dll : 1,114,624 : 11/02/2010 09:16 AM : 624d0f5ff99428bb90a5b8a4123e918e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_8bb0c2c5c9ad095d\schedsvc.dll : 1,114,624 : 11/02/2010 09:22 AM : 5269a787c24d968d291b22f7ed4955b1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll : 1,110,016 : 11/20/2010 09:27 AM : 262f6592c3299c005fd6bec90fc4463a [Pos Repl]

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe : 328,704 : 07/13/2009 09:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl]

* C:\Windows\System32\setupapi.dll [NoSig]
+-> C:\Windows\SysWOW64\setupapi.dll : 1,667,584 : 11/20/2010 09:21 AM : 10fb16b50affda6d44588f3c445dc273 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_90ea4b57dfeee0fc\setupapi.dll : 1,899,520 : 07/13/2009 09:41 PM : 6a4ea4c29fbf78112ae20013fb71e9c1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_931b5f1fdcdd6496\setupapi.dll : 1,900,544 : 11/20/2010 09:27 AM : 5d8e6c95156ed1f79a63d1eade6f9ed5 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_9b3ef5aa144fa2f7\setupapi.dll : 1,668,608 : 07/13/2009 09:16 PM : 41323ab614a2b66ad77b1121d24ac895 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\setupapi.dll : 1,667,584 : 11/20/2010 09:21 AM : 10fb16b50affda6d44588f3c445dc273 [Pos Repl]

* C:\Windows\System32\sfc.dll [NoSig]
+-> C:\Windows\SysWOW64\sfc.dll : 2,560 : 07/13/2009 09:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll : 3,072 : 07/13/2009 09:33 PM : c6dcd1d11ed6827f05c00773c3e7053c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll : 2,560 : 07/13/2009 09:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl]

* C:\Windows\System32\shsvcs.dll [NoSig]
+-> C:\Windows\SysWOW64\shsvcs.dll : 328,192 : 11/20/2010 09:21 AM : 414da952a35bf5d50192e28263b40577 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll : 369,664 : 07/13/2009 09:41 PM : 0298ac45d0efffb2db4baa7dd186e7bf [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll : 370,688 : 11/20/2010 09:27 AM : aaf932b4011d14052955d4b212a4da8d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_3379f9236aff5f84\shsvcs.dll : 328,192 : 07/13/2009 09:16 PM : cd2e48fa5b29ee2b3b5858056d246ef2 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll : 328,192 : 11/20/2010 09:21 AM : 414da952a35bf5d50192e28263b40577 [Pos Repl]

* C:\Windows\System32\smss.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe : 112,640 : 07/13/2009 09:39 PM : 1911a3356fa3f77ccc825ccbac038c2a [Pos Repl]

* C:\Windows\System32\spoolsv.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe : 558,080 : 07/13/2009 09:39 PM : 89e8550c5862999fcf482ea562b0e98e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe : 558,592 : 08/21/2010 09:29 AM : f8e1fa03cb70d54a9892ac88b91d1e7b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_32533f26db2c36c0\spoolsv.exe : 559,104 : 02/11/2012 09:29 AM : 567977dc43cc13c4c35ed7084c0b84d5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe : 559,104 : 08/20/2010 09:38 AM : 8547491be7086ee317163365d83a37d2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_32f955f1f433834b\spoolsv.exe : 559,104 : 02/11/2012 09:26 AM : 807b5b0e287027f72ac37b0cda9512da [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe : 559,104 : 11/20/2010 09:25 AM : b96c17b5dc1424d56eea3a99e97428cd [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe : 559,104 : 02/11/2012 09:36 AM : 85daa09a98c9286d4ea2ba8d0e644377 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe : 559,616 : 02/11/2012 09:20 AM : b9d7a4858cf32a6a15d2763f1de47e0e [Pos Repl]

* C:\Windows\System32\ssdpsrv.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll : 193,024 : 07/13/2009 09:41 PM : 51b52fbd583cde8aa9ba62b8b4298f33 [Pos Repl]

* C:\Windows\System32\svchost.exe [NoSig]
+-> C:\Windows\SysWOW64\svchost.exe : 20,992 : 07/13/2009 09:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe : 27,136 : 07/13/2009 09:39 PM : c78655bc80301d76ed4fef1c1ea40a7d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe : 20,992 : 07/13/2009 09:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl]

* C:\Windows\System32\tapisrv.dll [NoSig]
+-> C:\Windows\SysWOW64\tapisrv.dll : 242,176 : 11/20/2010 09:21 AM : 613bf4820361543956909043a265c6ac [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll : 316,416 : 07/13/2009 09:41 PM : 884264ac597b690c5707c89723bb8e7b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll : 316,928 : 11/20/2010 09:27 AM : 40f0849f65d13ee87b9a9ae3c1dd6823 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll : 241,664 : 07/13/2009 09:16 PM : 2f46b0c70a4adc8c90cf825da3b4feaf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll : 242,176 : 11/20/2010 09:21 AM : 613bf4820361543956909043a265c6ac [Pos Repl]

* C:\Windows\System32\taskeng.exe [NoSig]
+-> C:\Windows\SysWOW64\taskeng.exe : 192,000 : 11/20/2010 09:17 AM : 4f2659160afcca990305816946f69407 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_41a13ed5d88b73fe\taskeng.exe : 463,872 : 07/13/2009 09:39 PM : c1bdc97e8c9404245de87f1ef08d1764 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_419a75c3d88fecc0\taskeng.exe : 464,384 : 11/02/2010 09:10 AM : 60cae1fa4888ed41b41aee91c774e4a2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_425bf162f184fdfc\taskeng.exe : 464,384 : 11/02/2010 09:16 AM : 84343003e0e6716b3e782ff781b92815 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe : 464,384 : 11/20/2010 09:25 AM : 65ea57712340c09b1b0c427b4848ae05 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe : 190,464 : 07/13/2009 09:14 PM : de5dacebd4c89834ec6d2c41c8643cda [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe : 192,000 : 11/02/2010 09:34 AM : f8952e80b7f778da2f7aa8393ca2d30e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe : 192,000 : 11/02/2010 09:24 AM : 41c52af44fb96bddb1efb25d2d943bba [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe : 192,000 : 11/20/2010 09:17 AM : 4f2659160afcca990305816946f69407 [Pos Repl]

* C:\Windows\System32\taskhost.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_84339a007406dfa0\taskhost.exe : 69,120 : 07/13/2009 09:39 PM : 3eefb971d61ef9638fd21f14c703ca11 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe : 69,120 : 11/20/2010 09:25 AM : 517110bd83835338c037269e603db55d [Pos Repl]

* C:\Windows\System32\termsrv.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll : 706,560 : 07/13/2009 09:41 PM : 0f05ec2887bfe197ad82a13287d2f404 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll : 680,960 : 11/20/2010 09:27 AM : 2e648163254233755035b46dd7b89123 [Pos Repl]

* C:\Windows\System32\upnphost.dll [NoSig]
+-> C:\Windows\SysWOW64\upnphost.dll : 266,752 : 07/13/2009 09:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476\upnphost.dll : 353,792 : 07/13/2009 09:41 PM : d47ec6a8e81633dd18d2436b19baf6de [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll : 266,752 : 07/13/2009 09:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl]

* C:\Windows\System32\user32.dll [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833,024 : 11/20/2010 09:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1,008,640 : 07/13/2009 09:41 PM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 09:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833,024 : 07/13/2009 09:11 PM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 09:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

* C:\Windows\System32\userinit.exe [NoSig]
+-> C:\Windows\SysWOW64\userinit.exe : 26,624 : 11/20/2010 09:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe : 30,208 : 07/13/2009 09:39 PM : 6f8f1376a13114cc10c0e69274f5a4de [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe : 30,720 : 11/20/2010 09:25 AM : bafe84e637bf7388c96ef48d4d3fdd53 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe : 26,112 : 07/13/2009 09:14 PM : 6de80f60d7de9ce6b8c2ddfdf79ef175 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe : 26,624 : 11/20/2010 09:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [Pos Repl]

* C:\Windows\System32\usp10.dll [NoSig]
+-> C:\Windows\SysWOW64\usp10.dll : 626,176 : 11/20/2010 09:21 AM : 804aaafebb3ad5f49334dd906bcb1de5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll : 801,280 : 07/13/2009 09:41 PM : 5f2bdca5fa0f20a6f452cf0ee2a2b18c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll : 800,256 : 11/20/2010 09:27 AM : 2f8b1e3ee3545d3b5a8d56fa1ae07b65 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll : 627,200 : 07/13/2009 09:16 PM : 0ba19f3198c40ac4e8cc66ee02eda6c6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll : 626,176 : 11/20/2010 09:21 AM : 804aaafebb3ad5f49334dd906bcb1de5 [Pos Repl]

* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 09:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

* C:\Windows\System32\version.dll [NoSig]
+-> C:\Windows\SysWOW64\version.dll : 21,504 : 07/13/2009 09:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_70f340d66a96c29b\version.dll : 29,184 : 07/13/2009 09:41 PM : 94e026870a55aaeaff7853c1754091e9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll : 21,504 : 07/13/2009 09:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl]

* C:\Windows\System32\w32time.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll : 381,952 : 07/13/2009 09:41 PM : 1c9d80cc3849b3788048078c26486e1a [Pos Repl]

* C:\Windows\System32\wbem\wmiprvse.exe [NoSig]
+-> C:\Windows\SysWOW64\wbem\WmiPrvSE.exe : 257,536 : 11/20/2010 09:17 AM : 4fb491ac8d46aaf22ba8bc5c73dabef7 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7600.16385_none_6c57b032a516106e\WmiPrvSE.exe : 368,640 : 07/13/2009 09:39 PM : 64d757051b5b273e55c93e4503ea4f3e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe : 372,736 : 11/20/2010 09:25 AM : 619a67c9f617b7e69315bb28ecd5e1df [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7600.16385_none_76ac5a84d976d269\WmiPrvSE.exe : 254,976 : 07/13/2009 09:14 PM : 203c3380a744ca5b9b1a9caeb57f7d57 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe : 257,536 : 11/20/2010 09:17 AM : 4fb491ac8d46aaf22ba8bc5c73dabef7 [Pos Repl]

* C:\Windows\System32\wdigest.dll [NoSig]
+-> C:\Windows\SysWOW64\wdigest.dll : 171,520 : 07/13/2009 09:16 PM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_96c23cbe96661a70\wdigest.dll : 210,432 : 07/13/2009 09:41 PM : 95fb6ca4374e343ddd653fcc43f9d26b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_a116e710cac6dc6b\wdigest.dll : 171,520 : 07/13/2009 09:16 PM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl]

* C:\Windows\System32\wiaservc.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_8e892cb8cd0462ae\wiaservc.dll : 578,560 : 07/13/2009 09:41 PM : 52d0e33b681bd0f33fdc08812fee4f7d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_90ba4080c9f2e648\wiaservc.dll : 580,096 : 11/20/2010 09:27 AM : 8dd52e8e6128f4b2da92ce27402871c1 [Pos Repl]

* C:\Windows\System32\wininet.dll [NoSig]
+-> C:\Windows\SysWOW64\wininet.dll : 1,129,472 : 06/28/2012 08:09 PM : 75a97a2c060e72ab49e071e08c7dd2ba [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll : 1,193,472 : 07/13/2009 09:41 PM : b1037f0131c9a010d611f6914e03cd92 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_78885ce43292ab6f\wininet.dll : 1,192,960 : 12/19/2009 09:51 AM : 9c0e12fb8bd14397ec9cca99ec0ed5a3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_78d712e832572b52\wininet.dll : 1,197,056 : 12/21/2010 09:16 AM : e71db117dbda6b33646f37936c17d226 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_78c945ea3261f58c\wininet.dll : 1,197,568 : 12/16/2011 09:45 AM : a283f0c807968f45d50b9b8ac10ba438 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_79734ae14b674ce7\wininet.dll : 1,192,960 : 12/19/2009 09:12 AM : 46c47a10db10e3055ade41c4eb4ff7ca [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_79346fb94b962189\wininet.dll : 1,198,080 : 12/21/2010 09:09 AM : 1d3466e7e9d63f8b2b84a8ad5e833c29 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_797b2ceb4b603f7d\wininet.dll : 1,198,080 : 12/16/2011 09:41 AM : 5dcd862869a5e06f5a7e03ee22ddd738 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll : 1,188,864 : 11/20/2010 09:27 AM : f6c5302e1f4813d552f41a0ac82455e5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_7aa8d42c2f8ce2c5\wininet.dll : 1,188,864 : 12/16/2011 09:47 AM : f6c45d1d448b38a3298505917710f047 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_7b16025b48bf3bbe\wininet.dll : 1,189,376 : 12/16/2011 09:39 AM : 7710ecf9f1355f986463d4351562439e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll : 1,390,080 : 03/28/2012 09:22 AM : b1ac85b6adc005cf3f9eb4e28dfdcce6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll : 1,390,080 : 02/28/2012 09:49 AM : 228443ff3a1fb0b974d278f7c6403fad [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll : 1,392,128 : 05/17/2012 09:59 PM : 870ecfebd41c7b8f9c6777748368d51f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll : 1,392,128 : 06/02/2012 09:05 AM : 5a45fa344f4ad99d903f4b20e43b89ec [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_767893ed7480bdd4\wininet.dll : 1,392,128 : 06/28/2012 11:49 PM : 8ea68fd3780dddd5072f8cb830b3cb3d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll : 1,390,080 : 02/27/2012 10:09 PM : b70cdc073f70e6d082a62ab5880d6b07 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll : 1,392,128 : 05/17/2012 08:47 PM : bdc16d105bf011d4b1c3f09cf7a64314 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll : 1,392,128 : 06/02/2012 08:09 AM : 571e809181ebf0a04fefaa9bc9961f5b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_76f35fa48daa1433\wininet.dll : 1,392,128 : 06/28/2012 09:51 PM : 8ba7eda2656ed7fbc93bdd5cb02b8d4e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll : 977,920 : 07/13/2009 09:16 PM : 0d874f3bc751cc2198af2e6783fb8b35 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll : 977,920 : 12/19/2009 09:02 AM : f1c359ce656bd76f90e0e6c4bc04a4be [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll : 981,504 : 12/21/2010 09:38 AM : 78b9ada2bc8946af7b17678e0d07a773 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll : 981,504 : 12/16/2011 09:02 AM : 653109c31f7f190072c9e4df31154225 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll : 977,920 : 12/19/2009 09:10 AM : 23587164011ec849e58e229abc49e239 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll : 981,504 : 12/21/2010 09:29 AM : 1b3dd46bc6396143a205eaaf05f38039 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll : 982,016 : 12/16/2011 09:51 AM : 8dfdd881cef74ed749ba968e060418ca [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll : 980,992 : 11/20/2010 09:21 AM : 44214c94911c7cfb1d52cb64d5e8368d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll : 981,504 : 12/16/2011 09:54 AM : bdb7450cc556f238fd973c9da300feb8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll : 982,016 : 12/16/2011 09:00 AM : 808c0ce9d4dbc0a6f72761294eb10fb2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll : 1,127,424 : 03/28/2012 09:22 AM : 1d94fa7c81d2ffe494af094619ba706f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll : 1,127,424 : 02/27/2012 08:11 PM : 44465367256d1c72b58f5abaa19e7016 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll : 1,129,472 : 05/17/2012 06:35 PM : 1c191a4f0960f21b5d58c8a65baf5427 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll : 1,129,472 : 06/02/2012 06:25 AM : 8e87270c4704cf2951e1e7820d6c8a2b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll : 1,129,472 : 06/28/2012 08:09 PM : 75a97a2c060e72ab49e071e08c7dd2ba [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll : 1,127,424 : 02/27/2012 07:58 PM : 11a34dca08eb2a586246f2d6c2a81d58 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll : 1,129,472 : 05/17/2012 06:19 PM : 43bac67996d8765a5f1b3a4ea6231e21 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll : 1,129,472 : 06/02/2012 06:16 AM : e430161a632f9a8fe512de0ca5685559 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll : 1,129,472 : 06/28/2012 06:54 PM : 54c30a4066a28f9a017e095e283b2762 [Pos Repl]

* C:\Windows\System32\wininit.exe [NoSig]
+-> C:\Windows\SysWOW64\wininit.exe : 96,256 : 07/13/2009 09:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe : 129,024 : 07/13/2009 09:39 PM : 94355c28c1970635a31b3fe52eb7ceba [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe : 96,256 : 07/13/2009 09:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl]

* C:\Windows\System32\winlogon.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe : 389,120 : 07/13/2009 09:39 PM : 132328df455b0028f13bf0abee51a63a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe : 389,632 : 10/28/2009 09:24 AM : da3e2a6fa9660cc75b471530ce88453a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe : 389,632 : 10/28/2009 09:01 AM : a93d41a4d4b0d91c072d11dd8af266de [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390,656 : 11/20/2010 09:25 AM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl]

* C:\Windows\System32\ws2_32.dll [NoSig]
+-> C:\Windows\SysWOW64\ws2_32.dll : 206,848 : 11/20/2010 09:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll : 296,448 : 07/13/2009 09:41 PM : 7083f463788cb34fcc42f565d56f89e8 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll : 297,984 : 11/20/2010 09:27 AM : 4bbfa57f594f7e8a8edc8f377184c3f0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll : 206,336 : 07/13/2009 09:16 PM : daae8a9b8c0acc7f858454132553c30d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll : 206,848 : 11/20/2010 09:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [Pos Repl]

* C:\Windows\System32\ws2help.dll [NoSig]
+-> C:\Windows\SysWOW64\ws2help.dll : 4,608 : 07/13/2009 09:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll : 4,608 : 07/13/2009 09:34 PM : 8396c6c26aaddfe4590ccef0f419b6b7 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll : 4,608 : 07/13/2009 09:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl]

* C:\Windows\explorer.exe [NoSig]
+-> C:\Windows\SysWOW64\explorer.exe : 2,616,320 : 02/25/2011 09:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/13/2009 09:39 PM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 08/03/2009 09:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 10/31/2009 09:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe : 2,870,272 : 02/26/2011 09:23 AM : 0862495e0c825893db75ef44faea8e93 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 08/03/2009 09:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 10/31/2009 09:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe : 2,870,784 : 02/26/2011 09:26 AM : e38899074d4951d31b4040e994dd7c8d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2,872,320 : 11/20/2010 09:24 AM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/25/2011 09:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/26/2011 09:14 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/13/2009 09:14 PM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 08/03/2009 09:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 10/31/2009 09:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe : 2,614,784 : 02/26/2011 09:33 AM : 2af58d15edc06ec6fdacce1f19482bbf [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 08/03/2009 09:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 10/31/2009 09:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe : 2,614,784 : 02/26/2011 09:51 AM : 255cf508d7cfb10e0794d6ac93280bd8 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2,616,320 : 11/20/2010 09:17 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/25/2011 09:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/26/2011 09:19 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]

Program finished at: 08/28/2012 05:32:20 PM
Execution time: 0 hours(s), 43 minute(s), and 5 seconds(s)
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby askey127 » August 28th, 2012, 6:50 pm

Grube,
-----------------------------------------------------------
Your logs show definite signs of a Remote Access Infection on your computer.
A Remote Access Infection will allow the person who infected your computer to use your computer as if he were sitting in front of it, and he may ....
  • Steal bank account details.
  • Steal credit card numbers.
  • Steal your personal details.
  • Modify your computer to make it easier to infect.
  • Use your computer as part of a botnet, to distribute porn or spam.
  • Anything else he cares to think of ..... and most attackers are very inventive people.
You are strongly advised to do the following immediately ....
  • Disconnect the infected computer from the internet and from any networked computers.
  • Call all of your banks, credit card companies, and financial institutions, and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change all your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do not change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

It is impossible to discover all of the modifications that your attacker may have made to your computer while he had access to it.
The modifications that have been made are such that the machine will never work correctly again until Windows is re-installed.


If you use your computer for any of the following ....
  • Online Banking.
  • Finances or credit of any kind.
  • Filling out your tax forms online or offline.
  • Filling out Social Security or Personal Insurance forms online or offline.
  • Making online purchases or payments of any type.
  • Anything involving the use of confidential data.

    .... then a re-format and re-install should be the only choice you should make.
  • Help: I Got Hacked. Now What Do I Do?
  • Help: I Got Hacked. Now What Do I Do? Part II

In this case, fixing the computer is not feasible, even ignoring the serious security issues. There are too many corrupted Windows files.
=================================================
I would suggest using the Sony Recovery Wizard to put the machine back into its original condition.
You will lose all installed programs, all documents, e-mails, and settings.


Sony

User Guide is here: http://www.docs.sony.com/release/VPCEC2_series.pdf
==================================================
  • After you have repaved your computer ... then there are certain things that should be done before you connect to the Internet, and others that you should do as soon as you are connected. Your computer has been reverted to an earlier state, and your defenses will not be as they were before repaving.

    Before you connect ....
    • Uninstall any obsolete trial Anti-Virus programs that may be present after an OEM repave ... (out of date AV programs offer no protection, and will interfere with any up to date AV program that you will need to install)
    • Install an up to date Anti-Virus program.
    • Install an up to date Anti-Malware program.
    • Install a suitable 3rd party Firewall, or ensure that the Firewall that comes with Windows is switched on.

    There are links to free AV, AM and FWs .... HERE .... which can be downloaded on a clean computer and transferred to your newly repaved machine using a USB drive ... (install only one AV, AM and FW, multiple programs will conflict and offer less not more protection)
    As soon as you are connected ....
    • Install any Service Packs that are applicable to your computer.
    • Update your computer to the latest Security updates from Windows.
    • Update any other programs you might have installed.
    • Read the information in ... COMPUTER SECURITY - a short guide to staying safer online ... and install any additional security you think is appropriate.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby askey127 » August 28th, 2012, 7:30 pm

Grube,
One more thought..
You may (if you're lucky) be able to get to the VAIO Recovery Center User Guide this way:
Click the Start circle, Help and Support, and choose Use My Vaio
You should be able to find VAIO Recovery Center User Guide
Bear in mind that any "Repair" type of recovery that leaves your applications intact WILL NOT WORK.
You need to restore your entire hard drive to original factory settings.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby Grube » August 29th, 2012, 4:14 am

I see, thank you so much for your help!
Grube
Active Member
 
Posts: 7
Joined: August 25th, 2012, 11:58 am

Re: Trojan.Win32.Hosts2.gen Instance found in this machine..

Unread postby askey127 » August 29th, 2012, 6:57 am

Since this issue will need to be corrected with a complete System Recovery, this thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware