Hijacked by File Recovery - unable to use cd

[freakish]

It appears that I have been hijacked by File Recovery SMART. 

I read the posts here and tried to run these steps:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

I was able to run cccleaner from a dvd

I was then able to run Adwcleaner from a dvd (the results are posted) below. 

I was also able to run MBAM from a dvd (results below).

However, I was unable to download the DDS program, so while I went to my second computer to find a way to download DDS from a different link than those provided in the "do this first instruction," I restarted the infected computer.  Now I cannot open the dvd drive at all to access the files.

How the problem started:
1. I noticed that IE was asking me, via a semi-transparent bar, to download chrome several times.  In my fatigue, I didn't make sense of it.
2. When using FireFox, the browser suddenly restarted.
3. A dialogue came up and said windows need to install some updates, and it was confirmed by MS, once again in my fatigue (trying to stay away from caffeine and yohimbine which normally keeps me going), I did a perfunctory check for MS updates, didn't find any, but then agreed to update.  Big mistake.
4. Immediately my computer lost internet connection.
5. I restarted and everything was gone from the desktop and the libraries. I received dozens of error messages on the desktop and the File Recovery software began its check.
6. One other problem, I plugged in a WD external drive and tried to pull of some important documents.  When I checked the driver everything was missing too.  So I think this may have become infected.  Of course, when I check properties, it shows that 157gig of space is also being used.  Eventhough everything was missing, I then did a search for .jpegs on my infected computer and copied them onto the hard drive.  They show in the folder, but my other documents and previous backups do not show.

What I need is to get the photos of my kids off my computer and save them.  We have so many duplicates that I foolishly was waiting to back them up until I deleted the duplicates.  These are the only things I care about.

Also, I cannot bring up the task manager.  The method I was using to get to access the cd drive was via the search menu, it does not work.

FOLLOWING ARE THE LOGS.  I would be eternally grateful for any help and assistance.

# AdwCleaner v2.000 - Logfile created 09/01/2012 at 14:53:39
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Family - WORK
# Boot Mode : Normal
# Running from : D:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Family\AppData\Local\APN

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-3004351535-993559344-1784565233-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\f63mzf9o.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1897 octets] - [01/09/2012 14:53:39]

########## EOF - C:\AdwCleaner[R1].txt - [1957 octets] ##########




Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Family :: WORK [administrator]

Protection: Enabled

9/1/2012 2:58:07 PM
mbam-log-2012-09-01 (14-58-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197980
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Reboot your computer in Safe Mode with Networking and download the following program.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run the following.
*************************************************
Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

**************************************************

iExplore.exe

When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Smart HDD and other Rogue programs. If you cannot find the iExplore.exe icon that you downloaded, you can also execute the program by doing the following steps based on your version of Windows:

For Windows 7 and Windows Vista, click on the Start button and then in the search field enter %userprofile%\desktop\iexplore.exe and then press the Enter key on your keyboard. If you Windows prompts you to allow it to run, please allow it to do so.

For Windows XP, click on the Start button and then click on the Run menu option. In the Open: field enter %userprofile%\desktop\iexplore.exe and press the OK button. If you Windows prompts you to allow it to run, please allow it to do so.

Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Smart HDD when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Smart HDD . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.

Do not reboot your computer after running RKill as the malware programs will start again.
Now try to run MBAM in Safe Mode and let me know what happens.

[freakish]

Dave,

Thanks for your help.  I really appreciate it. 

Everything didn't go smoothly as some of the logs disappeared during the process.  The first rkill and adwcleaner logs were not available (or so I thought), so I reran everything. 

So we should have had one rkill, one adwcleaner and one mbam log.  Instead we have one mbam, from the first go-around, and then logs for each from the second go-around.  The first mbam was performed in normal mode, all round 2 logs are from the processes being run while windows was in safe mode.  I was unsure if when the computer restarts after adwcleaner, I was supposed to instigate safe mode.  The first time, I didn't and the malware was out with force, so I decided for second round to start mbam in safe mode.


PRESENT STATE OF PC: I have not restarted the machine since running MBAM.  It remains in safe mode.  When I view the libraries, they are still empty (my documents, pics, etc), also the system is still offline. 


***************************************************

MBAM first log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Family :: WORK [administrator]

Protection: Disabled

9/1/2012 10:17:44 PM
mbam-log-2012-09-01 (22-17-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197157
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


***********************************
second attempt logs

RKILL log (I don't think I am supposed to post, but just in case, I am posting):

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/01/2012 10:29:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

 * No malware services found to stop.

Checking for processes to terminate.

 * C:\Windows\SYSTEM32\WISPTIS.EXE (PID: 632) [WD-HEUR]
 * C:\Windows\SYSTEM32\WISPTIS.EXE (PID: 1308) [WD-HEUR]

2 proccesses terminated!

Possibly Patched Files.

 * C:\Windows\system32\csrss.exe
 * C:\Windows\system32\wininit.exe
 * C:\Windows\system32\csrss.exe
 * C:\Windows\system32\winlogon.exe
 * C:\Windows\system32\services.exe
 * C:\Windows\system32\lsass.exe
 * C:\Windows\system32\lsm.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\System32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\System32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\Explorer.EXE
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\ctfmon.exe
 * C:\Windows\System32\svchost.exe
 * C:\Windows\system32\conhost.exe

Checking Registry for malware related settings.

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

 * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

 * Background Intelligent Transfer Service (BITS) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * AppMgmt [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 * UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

 * C:\Windows\System32\browser.dll [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll : 136,192 : 07/13/2009 09:40 PM : 94fbc06f294d58d02361918418f996e3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_d4ff6bf4b79663c4\browser.dll : 136,704 : 07/04/2012 06:01 PM : 6b054c67aaa87843504e8e3c09102009 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_d5890aa5d0b400b5\browser.dll : 136,704 : 07/04/2012 06:17 PM : 00a7a2067e9822e4626de846574ada80 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll : 136,192 : 11/20/2010 06:25 AM : 8ef0d5c41ec907751b8429162b1239ed [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll : 136,704 : 07/04/2012 06:13 PM : 05f5a0d14a2ee1d8255c2aa0e9e8e694 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll : 136,704 : 07/04/2012 06:06 PM : 156768abae1daf29ba0b0c05c21fef09 [Pos Repl]

 * C:\Windows\System32\cngaudit.dll [NoSig]
 +-> C:\Windows\SysWOW64\cngaudit.dll : 12,288 : 07/13/2009 09:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll : 18,944 : 07/13/2009 09:40 PM : 86fe1b1f8fd42cd0db641ab1cdb13093 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll : 12,288 : 07/13/2009 09:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]

 * C:\Windows\System32\comctl32.dll [NoSig]
 +-> C:\Windows\SysWOW64\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll : 633,856 : 07/13/2009 09:40 PM : 7e8ab50ab7f2f81f30dcc8a98025b73a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll : 633,856 : 08/21/2010 09:31 AM : bc052efad10aca1ad69545b629f50d99 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll : 633,856 : 08/23/2010 08:55 PM : b0cb1d2d5ffa6335dd94b1b531756412 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll : 633,856 : 11/20/2010 08:25 AM : 14dfdeaf4e589ed3f1ff187a86b9408c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll : 633,856 : 07/13/2009 09:40 PM : 7e8ab50ab7f2f81f30dcc8a98025b73a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll : 633,856 : 08/21/2010 09:31 AM : bc052efad10aca1ad69545b629f50d99 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll : 633,856 : 08/23/2010 08:55 PM : b0cb1d2d5ffa6335dd94b1b531756412 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll : 633,856 : 11/20/2010 08:25 AM : 14dfdeaf4e589ed3f1ff187a86b9408c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll : 2,030,080 : 07/13/2009 09:24 PM : c093e7835c1372d6d70a6675edaa97b5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll : 2,030,080 : 08/21/2010 09:12 AM : 113921fc4a80a3ddf646852998b836d0 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll : 2,030,080 : 08/23/2010 08:46 PM : 882c1c473be598df08730da11c5b2b27 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll : 2,030,080 : 11/20/2010 08:51 AM : 7fa8fdc2c2a27817fd0f624e78d3b50c [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll : 530,432 : 07/13/2009 09:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll : 530,432 : 08/21/2010 09:33 AM : d3ead1cf16ba729a7f7c9a5d94aa7c05 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll : 530,432 : 08/21/2010 09:52 AM : bf5d71b4a40687a90c8b47f776758a6f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll : 530,432 : 07/13/2009 09:15 PM : b62aa1bb1f63839051441d2c6dd7b775 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll : 530,432 : 08/21/2010 09:33 AM : d3ead1cf16ba729a7f7c9a5d94aa7c05 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll : 530,432 : 08/21/2010 09:52 AM : bf5d71b4a40687a90c8b47f776758a6f [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll : 530,432 : 11/20/2010 09:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll : 1,680,896 : 07/13/2009 09:03 PM : 0fa436a553408cbeba070e3182658de3 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll : 1,680,896 : 08/21/2010 09:21 AM : 4b8dd8541c0e26602005dd0137333615 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll : 1,680,896 : 08/21/2010 09:43 AM : 70ef5dfef7069164eacf7140c2cc6344 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll : 1,680,896 : 11/20/2010 09:55 AM : 352b3dc62a0d259a82a052238425c872 [Pos Repl]

 * C:\Windows\System32\comres.dll [NoSig]
 +-> C:\Windows\SysWOW64\comres.dll : 1,297,408 : 07/13/2009 09:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll : 1,297,408 : 07/13/2009 09:26 PM : 1a47d52e303b7543e4e6026595b95422 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll : 1,297,408 : 07/13/2009 09:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl]

 * C:\Windows\System32\conhost.exe [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16385_none_d050b8f81bcacc5a\conhost.exe : 338,432 : 07/13/2009 09:39 PM : f64e8258351e501aa065ac499530367c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16816_none_d09d72341b9113dd\conhost.exe : 338,944 : 05/14/2011 09:32 AM : 4e61a3edd4f8b6b8278c54e15a5eef34 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16850_none_d06c30c81bb6eb97\conhost.exe : 338,432 : 07/16/2011 09:17 AM : f0d1646162fb07476cccf62edb034b8b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20978_none_d0e8300b34dd8dfb\conhost.exe : 338,944 : 06/03/2011 09:50 AM : 410d122273d8b4b6282d2b555ef064f7 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20995_none_d0cf8f5534f079d8\conhost.exe : 338,432 : 06/24/2011 09:19 AM : fef07d3376cc5ee6198cc45537d35d5f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe : 337,920 : 11/20/2010 09:24 AM : bd51024fb014064bc9fe8c715c18392f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17617_none_d284cf8418b69920\conhost.exe : 338,432 : 05/14/2011 09:16 AM : 28b04ed2c7f75723b1b4fc490f8a20d4 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17641_none_d25e5e0418d454e9\conhost.exe : 338,432 : 06/24/2011 09:25 AM : 448bf22538f1dfcb3412ae2b1cf123a9 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21728_none_d3049cad31db6e32\conhost.exe : 338,432 : 05/14/2011 09:09 AM : 5b738b95803cf1fd00cd8c5477dfbeae [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_d2e22c5531f58f57\conhost.exe : 338,432 : 06/24/2011 09:18 AM : e86156efe7acd220dc5e705f1f735e05 [Pos Repl]

 * C:\Windows\System32\cryptsvc.dll [NoSig]
 +-> C:\Windows\SysWOW64\cryptsvc.dll : 140,288 : 04/24/2012 09:36 AM : 06e771aa596b8761107ab57e99f128d7 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll : 175,104 : 07/13/2009 09:40 PM : 8c57411b66282c01533cb776f98ad384 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll : 182,272 : 04/24/2012 09:59 AM : f02786b66375292e58c8777082d4396d [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll : 183,808 : 04/24/2012 09:36 AM : ce8bf1423aee47da5275fbc8ad3bd642 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll : 177,152 : 11/20/2010 09:25 AM : 15597883fbe9b056f276ada3ad87d9af [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll : 184,320 : 04/24/2012 09:37 AM : 4f5414602e2544a4554d95517948b705 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll : 186,880 : 04/24/2012 09:22 AM : b7337e9c9e5936355bb700aa33e0936e [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll : 135,680 : 07/13/2009 09:15 PM : 9c231178ce4fb385f4b54b0a9080b8a4 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll : 139,264 : 04/24/2012 09:47 AM : 520a108a2657f4bca7fced9ca7d885de [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll : 141,312 : 04/24/2012 09:33 AM : f522279b4717e2bff269c771fac2b78e [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll : 136,192 : 11/20/2010 09:18 AM : a585bebf7d054bd9618eda0922d5484a [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll : 140,288 : 04/24/2012 09:36 AM : 06e771aa596b8761107ab57e99f128d7 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : 142,336 : 04/24/2012 09:28 AM : 21993009e0ccb9b4fa195f14d3408626 [Pos Repl]

 * C:\Windows\System32\csrss.exe [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe : 7,680 : 07/13/2009 09:39 PM : 60c2862b4bf0fd9f582ef344c2b1ec72 [Pos Repl]

 * C:\Windows\System32\ctfmon.exe [NoSig]
 +-> C:\Windows\SysWOW64\ctfmon.exe : 8,704 : 07/13/2009 09:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe : 9,728 : 07/13/2009 09:39 PM : 42b6a94dd747df2b5f628a2752e62a98 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe : 8,704 : 07/13/2009 09:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl]

 * C:\Windows\System32\d3d8thk.dll [NoSig]
 +-> C:\Windows\SysWOW64\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d8thk.dll : 12,288 : 07/13/2009 09:40 PM : 3044d07abdf4bbea27e2ee7b1e0c0c65 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d8thk.dll : 12,288 : 07/13/2009 09:40 PM : 3044d07abdf4bbea27e2ee7b1e0c0c65 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d8thk.dll : 11,264 : 07/13/2009 09:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]

 * C:\Windows\System32\d3d9.dll [NoSig]
 +-> C:\Windows\SysWOW64\d3d9.dll : 1,828,352 : 11/20/2010 09:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d9.dll : 2,065,920 : 07/13/2009 09:40 PM : 318285f1590c4484e3253ba2b189d2df [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d9.dll : 2,067,456 : 11/20/2010 09:26 AM : 4c3daee652b005b483f16b8e9131c99d [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll : 1,826,816 : 07/13/2009 09:15 PM : 7459301d21c2e21468823f73042d9f87 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll : 1,828,352 : 11/20/2010 09:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl]

 * C:\Windows\System32\ddraw.dll [NoSig]
 +-> C:\Windows\SysWOW64\ddraw.dll : 531,968 : 07/13/2009 09:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564\ddraw.dll : 569,344 : 07/13/2009 09:40 PM : a6c09924c6730de8deed9890a12aa691 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll : 531,968 : 07/13/2009 09:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl]

 * C:\Windows\System32\dllhost.exe [NoSig]
 +-> C:\Windows\SysWOW64\dllhost.exe : 7,168 : 07/13/2009 09:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe : 9,728 : 07/13/2009 09:39 PM : a8edb86fc2a4d6d1285e4c70384ac35a [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7,168 : 07/13/2009 09:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl]

 * C:\Windows\System32\drivers\acpi.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\acpi.sys : 334,208 : 11/20/2010 00:32 AM : d81d9e70b8a6dd14d42d7b4efa65d5f2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_7e7db5aae7b8d5ef\acpi.sys : 334,416 : 07/13/2009 09:52 PM : 6f11e88748cdefd2f76aa215f97ddfe5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys : 334,208 : 11/20/2010 09:32 AM : d81d9e70b8a6dd14d42d7b4efa65d5f2 [Pos Repl]

 * C:\Windows\System32\drivers\afd.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys : 500,224 : 07/13/2009 07:21 PM : b9384e03479d2506bc924c16a3db87bc [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys : 499,712 : 04/24/2011 10:44 PM : 6ef20ddf3172e97d69f596fb90602f29 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys : 499,200 : 12/27/2011 10:59 PM : db9d6c6b2cd95a9ca414d045b627422e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys : 499,712 : 04/24/2011 10:44 PM : fbff8b7c9d116229e9208a0d1caeb49b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys : 499,200 : 12/27/2011 11:01 PM : cca39961e76b491ddf44b1e90fc8971d [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys : 499,712 : 11/20/2010 11:23 AM : d31dc7a16dea4a9baf179f3d6fbdb38c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys : 499,200 : 04/24/2011 10:34 PM : d5b031c308a409a0a576bff4cf083d30 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys : 498,688 : 12/27/2011 10:59 PM : 1c7857b62de5994a75b054a9fd4c3825 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys : 499,200 : 04/24/2011 11:09 PM : f4ad06143eac303f55d0e86c40802976 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys : 498,176 : 12/27/2011 11:01 PM : 36a14fd1a23f57046361733b792ca8db [Pos Repl]

 * C:\Windows\System32\drivers\agp440.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys : 61,008 : 07/13/2009 09:52 PM : 608c14dba7299d8cb6ed035a68a15799 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys : 61,008 : 07/13/2009 09:52 PM : 608c14dba7299d8cb6ed035a68a15799 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys : 61,008 : 07/13/2009 09:52 PM : 608c14dba7299d8cb6ed035a68a15799 [Pos Repl]

 * C:\Windows\System32\drivers\asyncmac.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys : 23,040 : 07/13/2009 08:10 PM : 769765ce2cc62867468cea93969b2242 [Pos Repl]

 * C:\Windows\System32\drivers\atapi.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys : 24,128 : 07/13/2009 09:52 PM : 02062c0b390b7729edc9e69c680a6f3c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys : 24,128 : 07/13/2009 09:52 PM : 02062c0b390b7729edc9e69c680a6f3c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys : 24,128 : 07/13/2009 09:52 PM : 02062c0b390b7729edc9e69c680a6f3c [Pos Repl]

 * C:\Windows\System32\drivers\battc.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\battc.sys : 28,240 : 07/13/2009 09:52 PM : f4de2ae7a9e1badac70bc71ea2c17612 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\battc.sys : 28,240 : 07/13/2009 09:52 PM : f4de2ae7a9e1badac70bc71ea2c17612 [Pos Repl]

 * C:\Windows\System32\drivers\beep.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys : 6,656 : 07/13/2009 08:00 PM : 16a47ce2decc9b099349a5f840654746 [Pos Repl]

 * C:\Windows\System32\drivers\bridge.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridge.sys : 95,232 : 07/13/2009 09:01 PM : 5c2f352a4e961d72518261257aae204b [Pos Repl]

 * C:\Windows\System32\drivers\cdfs.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d\cdfs.sys : 92,160 : 07/13/2009 07:19 PM : b8bd2bb284668c84865658c77574381a [Pos Repl]

 * C:\Windows\System32\drivers\cdrom.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys : 147,456 : 11/20/2010 09:19 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys : 147,456 : 07/13/2009 07:19 PM : 83d2d75e1efb81b3450c18131443f7db [Pos Repl]
 +-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys : 147,456 : 11/20/2010 07:19 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl]

 * C:\Windows\System32\drivers\classpnp.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7600.16385_none_71782042c5c2dbe9\Classpnp.sys : 178,752 : 07/13/2009 09:52 PM : 62f1ed63f0cb0b5a2f65d15a6490c2fd [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\Classpnp.sys : 179,072 : 11/20/2010 09:32 AM : acfad0b512226c7a83c7cb09fd55a9ad [Pos Repl]

 * C:\Windows\System32\drivers\CmBatt.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\CmBatt.sys : 17,664 : 07/13/2009 07:31 PM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\CmBatt.sys : 17,664 : 07/13/2009 07:31 PM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl]

 * C:\Windows\System32\drivers\compbatt.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\compbatt.sys : 21,584 : 07/13/2009 09:52 PM : 102de219c3f61415f964c88e9085ad14 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\compbatt.sys : 21,584 : 07/13/2009 09:52 PM : 102de219c3f61415f964c88e9085ad14 [Pos Repl]

 * C:\Windows\System32\drivers\diskdump.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7600.16385_none_c2b327b3b0f73784\Diskdump.sys : 27,216 : 07/13/2009 09:47 PM : 77a4b22c0be4568872521dd5e4279cee [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e\Diskdump.sys : 27,520 : 11/20/2010 09:33 AM : b27a7b563f66ead82b488ebad5e4dd55 [Pos Repl]

 * C:\Windows\System32\drivers\disk.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys : 73,280 : 07/13/2009 09:47 PM : 9819eee8b5ea3784ec4af3b137a5244c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys : 73,280 : 07/13/2009 09:47 PM : 9819eee8b5ea3784ec4af3b137a5244c [Pos Repl]

 * C:\Windows\System32\drivers\drmkaud.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmkaud.sys : 5,632 : 07/13/2009 08:06 PM : 9b19f34400d24df84c858a421c205754 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmkaud.sys : 5,632 : 07/13/2009 08:06 PM : 9b19f34400d24df84c858a421c205754 [Pos Repl]

 * C:\Windows\System32\drivers\drmk.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmk.sys : 116,224 : 07/13/2009 09:01 PM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmk.sys : 116,224 : 07/13/2009 09:01 PM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl]

 * C:\Windows\System32\drivers\dxapi.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-useros_31bf3856ad364e35_6.1.7600.16385_none_2963a67886ddf81e\dxapi.sys : 16,896 : 07/13/2009 07:38 PM : bf24d6f2ed97fe830bfd52b246f98e67 [Pos Repl]

 * C:\Windows\System32\drivers\dxg.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_04e0334574ce0f74\dxg.sys : 98,816 : 07/13/2009 07:38 PM : fede0629ecb23650d48989517d4914da [Pos Repl]

 * C:\Windows\System32\drivers\fastfat.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys : 204,800 : 07/13/2009 07:23 PM : 0adc83218b66a6db380c330836f3e36d [Pos Repl]

 * C:\Windows\System32\drivers\fdc.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\fdc.sys : 29,696 : 07/13/2009 08:00 PM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl]
 +-> C:\Windows\winsxs\amd64_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_5d86a514fa18ed1d\fdc.sys : 29,696 : 07/13/2009 08:00 PM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl]

 * C:\Windows\System32\drivers\flpydisk.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\flpydisk.sys : 24,576 : 07/13/2009 08:00 PM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\flpydisk.sys : 24,576 : 07/13/2009 08:00 PM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl]

 * C:\Windows\System32\drivers\fltMgr.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.1.7600.16385_none_6cfe6499447d182c\fltMgr.sys : 290,368 : 07/13/2009 09:47 PM : f7866af72abbaf84b1fa5aa195378c59 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.1.7601.17514_none_6f2f7861416b9bc6\fltMgr.sys : 289,664 : 11/20/2010 09:33 AM : da6b67270fd9db3697b20fce94950741 [Pos Repl]

 * C:\Windows\System32\drivers\fs_rec.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16385_none_814737ee58024dde\fs_rec.sys : 23,104 : 07/13/2009 09:47 PM : e95ef8547de20cf0603557c0cf7a9462 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16970_none_814d11cc57fea224\fs_rec.sys : 22,896 : 03/01/2012 09:54 AM : d3e3f93d67821a2db2b3d9fac2dc2064 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.21160_none_81e156a57114593f\fs_rec.sys : 22,896 : 03/01/2012 09:55 AM : 42392c9659cf296c1ed77804c95fabd5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178\fs_rec.sys : 23,104 : 07/13/2009 09:47 PM : e95ef8547de20cf0603557c0cf7a9462 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_832fa0ec5526db62\fs_rec.sys : 23,408 : 03/01/2012 09:46 AM : 6bd9295cc032dd3077c671fccf579a7b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.21933_none_83eb4e116e1f8742\fs_rec.sys : 23,408 : 03/01/2012 09:33 AM : b67646b415693fac2a45124ebf873d78 [Pos Repl]

 * C:\Windows\System32\drivers\hidclass.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidclass.sys : 76,800 : 11/20/2010 08:43 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidclass.sys : 76,288 : 07/13/2009 08:06 PM : 685fec2407fc121eb937cb658b3c0f35 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidclass.sys : 76,800 : 11/20/2010 08:43 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl]

 * C:\Windows\System32\drivers\hidparse.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidparse.sys : 32,896 : 07/13/2009 08:06 PM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]

 * C:\Windows\System32\drivers\hidusb.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidusb.sys : 30,208 : 11/20/2010 08:43 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7600.16385_none_7c648b6e39ceb682\hidusb.sys : 30,208 : 07/13/2009 08:06 PM : b3bf6b5b50006def50b66306d99fcf6f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidusb.sys : 30,208 : 11/20/2010 08:43 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl]

 * C:\Windows\System32\drivers\http.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7600.16385_none_08b5edf0328bf3bf\http.sys : 751,616 : 07/13/2009 07:22 PM : cee049cac4efa7f4e1e4ad014414a5d4 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys : 753,664 : 11/20/2010 07:25 AM : 0ea7de1acb728dd5a369fd742d6eee28 [Pos Repl]

 * C:\Windows\System32\drivers\i8042prt.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
 +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys : 105,472 : 07/13/2009 07:19 PM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]

 * C:\Windows\System32\drivers\intelide.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\intelide.sys : 16,960 : 07/13/2009 09:48 PM : f00f20e70c6ec3aa366910083a0518aa [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\intelide.sys : 16,960 : 07/13/2009 09:48 PM : f00f20e70c6ec3aa366910083a0518aa [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\intelide.sys : 16,960 : 07/13/2009 09:48 PM : f00f20e70c6ec3aa366910083a0518aa [Pos Repl]

 * C:\Windows\System32\drivers\intelppm.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\intelppm.sys : 62,464 : 07/13/2009 07:19 PM : ada036632c664caa754079041cf1f8c1 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\intelppm.sys : 62,464 : 07/13/2009 07:19 PM : ada036632c664caa754079041cf1f8c1 [Pos Repl]

 * C:\Windows\System32\drivers\ipfltdrv.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7600.16385_none_435e758fd8e07660\ipfltdrv.sys : 82,944 : 07/13/2009 08:10 PM : 722dd294df62483cecaae6e094b4d695 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7601.17514_none_458f8957d5cef9fa\ipfltdrv.sys : 82,944 : 11/20/2010 08:52 AM : c9f0e1bd74365a8771590e9008d22ab6 [Pos Repl]

 * C:\Windows\System32\drivers\ipnat.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_b70d093f950ce2cf\ipnat.sys : 116,224 : 07/13/2009 08:10 PM : af9b39a7e7b6caa203b3862582e9f2d0 [Pos Repl]

 * C:\Windows\System32\drivers\irenum.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-irdaircomm_31bf3856ad364e35_6.1.7600.16385_none_84866db23e5a6f30\irenum.sys : 17,920 : 07/13/2009 08:08 PM : 3abf5e7213eb28966d55d58b515d5ce9 [Pos Repl]

 * C:\Windows\System32\drivers\isapnp.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys : 20,544 : 07/13/2009 09:48 PM : 2f7b28dc3e1183e5eb418df55c204f38 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys : 20,544 : 07/13/2009 09:48 PM : 2f7b28dc3e1183e5eb418df55c204f38 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys : 20,544 : 07/13/2009 09:48 PM : 2f7b28dc3e1183e5eb418df55c204f38 [Pos Repl]

 * C:\Windows\System32\drivers\kbdclass.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys : 50,768 : 07/13/2009 09:48 PM : bc02336f1cba7dcc7d1213bb588a68a5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\kbdclass.sys : 50,768 : 07/13/2009 09:48 PM : bc02336f1cba7dcc7d1213bb588a68a5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys : 50,768 : 07/13/2009 09:48 PM : bc02336f1cba7dcc7d1213bb588a68a5 [Pos Repl]

 * C:\Windows\System32\drivers\ksecdd.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\ksecdd.sys : 95,312 : 07/13/2009 09:48 PM : e8b6fcc9c83535c67f835d407620bd27 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\ksecdd.sys : 95,312 : 07/13/2009 09:48 PM : e8b6fcc9c83535c67f835d407620bd27 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\ksecdd.sys : 95,088 : 11/17/2011 09:17 AM : 16c1b906fc5ead84769f90b736b6bf0e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\ksecdd.sys : 95,088 : 06/02/2012 09:38 AM : 4f4b5fde429416877de7143044582eb5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\ksecdd.sys : 95,312 : 07/13/2009 09:48 PM : e8b6fcc9c83535c67f835d407620bd27 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\ksecdd.sys : 95,600 : 11/17/2011 09:56 AM : eaf17270656e4ce60ec549047c9e63dc [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\ksecdd.sys : 95,600 : 06/02/2012 09:41 AM : 01fe2267aca17a4c689c3d103757ec17 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\ksecdd.sys : 95,616 : 11/20/2010 09:33 AM : ccd53b5bd33ce0c889e830d839c8b66e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\ksecdd.sys : 95,600 : 11/17/2011 09:49 AM : da1e991a61cfdd755a589e206b97644b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\ksecdd.sys : 95,600 : 06/02/2012 09:48 AM : 97a7070aea4c058b6418519e869a63b4 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\ksecdd.sys : 95,600 : 11/17/2011 09:31 AM : 44112506709c9ee7e8ac38e161706e34 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\ksecdd.sys : 95,600 : 06/04/2012 09:55 AM : d44556c48f351bb26f3a8c90200f495a [Pos Repl]

 * C:\Windows\System32\drivers\ks.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16385_none_b375b3feaf9521f4\ks.sys : 243,200 : 07/13/2009 08:00 PM : 3e099cc843c4233e5af147c8ea8ba32b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e\ks.sys : 243,712 : 11/20/2010 08:33 AM : 24fbf5cc5c04150073c315a7c83521ee [Pos Repl]

 * C:\Windows\System32\drivers\mcd.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_249a5cc1e06b4240\mcd.sys : 22,016 : 07/13/2009 08:01 PM : 3c9f072f9dca856b9fb7a20cbd4281ac [Pos Repl]

 * C:\Windows\System32\drivers\modem.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_8bf97498085ce154\modem.sys : 40,448 : 07/13/2009 08:10 PM : 800ba92f7010378b09f9ed9270f07137 [Pos Repl]

 * C:\Windows\System32\drivers\mouclass.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys : 49,216 : 07/13/2009 09:48 PM : 7d27ea49f3c1f687d357e77a470aea99 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys : 49,216 : 07/13/2009 09:48 PM : 7d27ea49f3c1f687d357e77a470aea99 [Pos Repl]

 * C:\Windows\System32\drivers\mouhid.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys : 31,232 : 07/13/2009 08:00 PM : d3bf052c40b0c4166d9fd86a4288c1e6 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys : 31,232 : 07/13/2009 08:00 PM : d3bf052c40b0c4166d9fd86a4288c1e6 [Pos Repl]

 * C:\Windows\System32\drivers\mountmgr.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_4e8d166d20b6ca3b\mountmgr.sys : 94,784 : 07/13/2009 09:48 PM : 791af66c4d0e7c90a3646066386fb571 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.17514_none_50be2a351da54dd5\mountmgr.sys : 94,592 : 11/20/2010 09:33 AM : 32e7a3d591d671a6df2db515a5cbe0fa [Pos Repl]

 * C:\Windows\System32\drivers\mrxdav.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7600.16385_none_709fd6dedf6cab41\mrxdav.sys : 140,800 : 07/13/2009 07:23 PM : 30524261bb51d96d6fcbac20c810183c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_72d0eaa6dc5b2edb\mrxdav.sys : 140,800 : 11/20/2010 07:26 AM : dc722758b8261e1abafd31a3c0a66380 [Pos Repl]

 * C:\Windows\System32\drivers\mrxsmb.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_db865edc6ace75ca\mrxsmb.sys : 157,184 : 07/13/2009 07:24 PM : cfdcd8ca87c2a657debc150ac35b5e08 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16499_none_db7f91fe6ad2f43e\mrxsmb.sys : 157,696 : 01/07/2010 10:38 PM : ab5892797c4114640ba333949568de8c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_dbc0736c6aa249bf\mrxsmb.sys : 157,696 : 02/27/2010 10:52 AM : 767a4c3bcf9410c286ced15a2db17108 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16765_none_db9c064c6abe3284\mrxsmb.sys : 157,696 : 02/23/2011 10:15 AM : b7f3d2c40bdf8ffb73ebfb19c77734e2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_dbdfe8986a8ad40a\mrxsmb.sys : 157,696 : 05/03/2011 10:51 PM : 040d62a9d8ad28922632137acdd984f2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20612_none_dc58ae0983b60046\mrxsmb.sys : 157,696 : 01/07/2010 10:45 PM : d16736a578236e7e4a796fa9a40db9af [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_dc306f3783d3bc0f\mrxsmb.sys : 157,696 : 02/27/2010 10:52 AM : 968613cc6c0f7427fac62aced6f7b8c5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20907_none_dc68851983a95a7d\mrxsmb.sys : 158,208 : 02/22/2011 10:47 PM : be3a495095cd3307de152efdac946c2a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_dc34761183d018e0\mrxsmb.sys : 158,208 : 05/03/2011 10:41 PM : 629086cabfdfbe0af7253cb6a494e35a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_ddb772a467bcf964\mrxsmb.sys : 158,208 : 11/20/2010 10:27 AM : faf015b07e3a2874a790a39b7d2c579f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_dd82635267e49e70\mrxsmb.sys : 158,208 : 02/22/2011 11:56 PM : c2b4651001a867ff3f8865863b592991 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_ddc344c067b3f3f1\mrxsmb.sys : 158,208 : 04/26/2011 10:40 PM : a5d9106a73dc88564c825d317cac68ac [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_de0d006781015791\mrxsmb.sys : 158,208 : 02/22/2011 10:32 PM : cd291e3c21c61e17972dfaf8e2e2e5da [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_de41115580da9655\mrxsmb.sys : 158,208 : 04/26/2011 10:31 PM : 8d841161a355809ef86819fd3c6361d3 [Pos Repl]

 * C:\Windows\System32\drivers\msfs.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42\msfs.sys : 26,112 : 07/13/2009 07:19 PM : aa3fb40e17ce1388fa1bedab50ea8f96 [Pos Repl]

 * C:\Windows\System32\drivers\MSKSSRV.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mskssrv.sys : 11,136 : 07/13/2009 08:00 PM : 49ccf2c4fea34ffad8b1b59d49439366 [Pos Repl]

 * C:\Windows\System32\drivers\MSPCLOCK.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspclock.sys : 7,168 : 07/13/2009 08:00 PM : bdd71ace35a232104ddd349ee70e1ab3 [Pos Repl]

 * C:\Windows\System32\drivers\MSPQM.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspqm.sys : 6,784 : 07/13/2009 08:00 PM : 4ed981241db27c3383d72092b618a1d0 [Pos Repl]

 * C:\Windows\System32\drivers\mssmbios.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\mssmbios.sys : 32,320 : 07/13/2009 09:48 PM : 0eed230e37515a0eaee3c2e1bc97b288 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\mssmbios.sys : 32,320 : 07/13/2009 09:48 PM : 0eed230e37515a0eaee3c2e1bc97b288 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\mssmbios.sys : 32,320 : 07/13/2009 09:48 PM : 0eed230e37515a0eaee3c2e1bc97b288 [Pos Repl]

 * C:\Windows\System32\drivers\mup.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-mup_31bf3856ad364e35_6.1.7600.16385_none_08e73ad57234cf5f\mup.sys : 60,496 : 07/13/2009 09:48 PM : f9a18612fd3526fe473c1bda678d61c8 [Pos Repl]

 * C:\Windows\System32\drivers\ndis.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys : 947,776 : 07/13/2009 09:48 PM : cad515dbd07d082bb317d9928ce8962c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys : 951,680 : 11/20/2010 09:33 AM : 79b47fd40d9a817e932f9d26fac0a81c [Pos Repl]

 * C:\Windows\System32\drivers\ndistapi.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\ndistapi.sys : 24,064 : 07/13/2009 08:10 PM : 30639c932d9fef22b31268fe25a1b6e5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndistapi.sys : 24,064 : 07/13/2009 08:10 PM : 30639c932d9fef22b31268fe25a1b6e5 [Pos Repl]

 * C:\Windows\System32\drivers\ndisuio.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7600.16385_none_c7e5f96b008f2488\ndisuio.sys : 56,320 : 07/13/2009 08:09 PM : f105ba1e22bf1f2ee8f005d4305e4bec [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822\ndisuio.sys : 56,832 : 11/20/2010 08:50 AM : 136185f9fb2cc61e573e676aa5402356 [Pos Repl]

 * C:\Windows\System32\drivers\ndiswan.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_4f2d826870fbcef5\ndiswan.sys : 164,352 : 07/13/2009 08:10 PM : 557dfab9ca1fcb036ac77564c010dad3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_515e96306dea528f\ndiswan.sys : 164,352 : 11/20/2010 08:52 AM : 53f7305169863f0a2bddc49e116c2e11 [Pos Repl]

 * C:\Windows\System32\drivers\ndproxy.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7600.16385_none_69d5598894204bc0\ndproxy.sys : 57,856 : 07/13/2009 08:10 PM : 659b74fb74b86228d6338d643cd3e3cf [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\ndproxy.sys : 57,856 : 11/20/2010 08:52 AM : 015c0d8e0e0421b4cfd48cffe2825879 [Pos Repl]

 * C:\Windows\System32\drivers\netbios.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\netbios.sys : 44,544 : 07/13/2009 08:09 PM : 86743d9f5d2b1048062b14b1d84501c4 [Pos Repl]

 * C:\Windows\System32\drivers\netbt.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys : 259,072 : 07/13/2009 07:21 PM : 9162b273a44ab9dce5b44362731d062a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys : 261,632 : 11/20/2010 07:23 AM : 09594d1089c523423b32a4229263f068 [Pos Repl]

 * C:\Windows\System32\drivers\npfs.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-npfs_31bf3856ad364e35_6.1.7600.16385_none_02667684369c39b6\npfs.sys : 44,032 : 07/13/2009 07:19 PM : 1e4c4ab5c9b8dd13179bbdc75a2a01f7 [Pos Repl]

 * C:\Windows\System32\drivers\ntfs.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys : 1,659,984 : 07/13/2009 09:48 PM : 356698a13c4630d5b31c37378d469196 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys : 1,659,776 : 11/20/2010 09:33 AM : 05d78aa5cb5f3f5c31160bdb955d0b7c [Pos Repl]

 * C:\Windows\System32\drivers\null.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys : 6,144 : 07/13/2009 07:19 PM : 9899284589f75fa8724ff3d16aed75c1 [Pos Repl]

 * C:\Windows\System32\drivers\parport.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\parport.sys : 97,280 : 07/13/2009 08:00 PM : 0086431c29c35be1dbc43f52cc273887 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\parport.sys : 97,280 : 07/13/2009 08:00 PM : 0086431c29c35be1dbc43f52cc273887 [Pos Repl]

 * C:\Windows\System32\drivers\partmgr.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7600.16385_none_3d910532d420973a\partmgr.sys : 75,840 : 07/13/2009 09:45 PM : 7daa117143316c4a1537e074a5a9eaf0 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7600.16979_none_3d9fe1aad414cf8f\partmgr.sys : 75,632 : 03/17/2012 09:55 AM : 90061b1acfe8ccaa5345750ffe08d8b8 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7600.21172_none_3e225491ed38f13a\partmgr.sys : 75,120 : 03/17/2012 09:10 AM : 8ece8be80b47bcb0f40109976d357c7a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.17514_none_3fc218fad10f1ad4\partmgr.sys : 75,136 : 11/20/2010 09:33 AM : 871eadac56b0a4c6512bbe32753ccf79 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.17796_none_3f6d9dfad14e2758\partmgr.sys : 75,120 : 03/17/2012 09:58 AM : e9766131eeade40a27dc27d2d68fba9c [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.21946_none_402d4c47ea433894\partmgr.sys : 75,120 : 03/17/2012 09:07 AM : affcceff5818f560be37b4223175b84c [Pos Repl]

 * C:\Windows\System32\drivers\pciidex.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\pciidex.sys : 48,720 : 07/13/2009 09:45 PM : 144497daa145ba0f7be896064146c058 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\pciidex.sys : 48,720 : 07/13/2009 09:45 PM : 144497daa145ba0f7be896064146c058 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\pciidex.sys : 48,720 : 07/13/2009 09:45 PM : 144497daa145ba0f7be896064146c058 [Pos Repl]

 * C:\Windows\System32\drivers\pci.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\pci.sys : 184,704 : 11/20/2010 09:33 AM : 94575c0571d1462a0f70bde6bd6ee6b3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\pci.sys : 183,872 : 07/13/2009 09:45 PM : f36f6504009f2fb0dfd1b17a116ad74b [Pos Repl]
 +-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\pci.sys : 184,704 : 11/20/2010 09:33 AM : 94575c0571d1462a0f70bde6bd6ee6b3 [Pos Repl]

 * C:\Windows\System32\drivers\pcmcia.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\pcmcia.sys : 220,752 : 07/13/2009 09:45 PM : b2e81d4e87ce48589f98cb8c05b01f2f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_pcmcia.inf_31bf3856ad364e35_6.1.7600.16385_none_e1c0c386b4f754a7\pcmcia.sys : 220,752 : 07/13/2009 09:45 PM : b2e81d4e87ce48589f98cb8c05b01f2f [Pos Repl]

 * C:\Windows\System32\drivers\portcls.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\portcls.sys : 230,400 : 07/13/2009 08:06 PM : 32e11315b5126921ffd9074840ef13d3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\portcls.sys : 230,400 : 07/13/2009 08:06 PM : 32e11315b5126921ffd9074840ef13d3 [Pos Repl]

 * C:\Windows\System32\drivers\processr.sys [NoSig]
 +-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\processr.sys : 60,416 : 07/13/2009 07:19 PM : 0d922e23c041efb1c3fac2a6f943c9bf [Pos Repl]
 +-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\processr.sys : 60,416 : 07/13/2009 07:19 PM : 0d922e23c041efb1c3fac2a6f943c9bf [Pos Repl]

 * C:\Windows\System32\drivers\rasacd.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys : 14,848 : 07/13/2009 08:10 PM : 5a0da8ad5762fa2d91678a8a01311704 [Pos Repl]

 * C:\Windows\System32\drivers\rasl2tp.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7600.16385_none_f5d13e44019f50ed\rasl2tp.sys : 130,048 : 07/13/2009 08:10 PM : 87a6e852a22991580d6d39adc4790463 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487\rasl2tp.sys : 129,536 : 11/20/2010 08:52 AM : 471815800ae33e6f1c32fb1b97c490ca [Pos Repl]

 * C:\Windows\System32\drivers\raspppoe.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.1.7600.16385_none_b22875c7b448dfbb\raspppoe.sys : 92,672 : 07/13/2009 08:10 PM : 855c9b1cd4756c5e9a2aa58a15f58c25 [Pos Repl]

 * C:\Windows\System32\drivers\raspptp.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7600.16385_none_f5e410800187e3c3\raspptp.sys : 111,616 : 07/13/2009 08:10 PM : 27cc19e81ba5e3403c48302127bda717 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7601.17514_none_f8152447fe76675d\raspptp.sys : 111,104 : 11/20/2010 08:52 AM : f92a2c41117a11a00be01ca01a7fcde9 [Pos Repl]

 * C:\Windows\System32\drivers\rdbss.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7600.16385_none_b5c9c9737b1a763b\rdbss.sys : 309,248 : 07/13/2009 07:24 PM : 3bac8142102c15d59a87757c1d41dce5 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5\rdbss.sys : 309,248 : 11/20/2010 07:27 AM : 77f665941019a1594d887a74f301fa2f [Pos Repl]

 * C:\Windows\System32\drivers\rdpcdd.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_30d015c257effe8b\RDPCDD.sys : 7,680 : 07/13/2009 08:16 PM : cea6cc257fc9b7715f1c2b4849286d24 [Pos Repl]

 * C:\Windows\System32\drivers\rdpwd.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys : 204,800 : 07/13/2009 08:16 PM : 8a3e6bea1c53ea6177fe2b6eba2c80d7 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_a77e2496eea5135b\rdpwd.sys : 204,800 : 02/14/2012 11:47 PM : 074ac702d8b8b660b0e1371555995386 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.17011_none_a7b20bc0ee7e883a\rdpwd.sys : 204,800 : 04/27/2012 11:50 PM : 447de7e3dea39d422c1504f245b668b1 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_a81068dc07bc97c8\rdpwd.sys : 205,824 : 02/16/2012 11:50 PM : 747e7011b3f92a947f0509820508ceaf [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21202_none_a8477aa807932291\rdpwd.sys : 205,824 : 04/28/2012 11:03 AM : 4ab6a3b0c3d94b0d3dbc1c2c847a02ef [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys : 210,944 : 11/20/2010 11:04 AM : 15b66c206b5cb095bab980553f38ed23 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_a95fb36cebce3342\rdpwd.sys : 210,944 : 02/16/2012 11:58 PM : 6d76e6433574b058adcb0c50df834492 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17830_none_a981f268ebb5dc96\rdpwd.sys : 210,944 : 04/27/2012 11:55 PM : e61608aa35e98999af9aaeeea6114b0a [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_aa1a604804c7c5cb\rdpwd.sys : 210,944 : 02/16/2012 11:48 PM : 0b93aa14e7dcd85cc82bc7d7d1ca9b24 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21982_none_a9d7802c04fa3ac3\rdpwd.sys : 210,944 : 04/27/2012 11:51 PM : 1fe9863c6c5cc71e8e7e70f9efbd30e1 [Pos Repl]

 * C:\Windows\System32\drivers\rmcast.sys [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7600.16385_none_b072bdd8a19c0617\rmcast.sys : 145,920 : 0

[freakish]

It looks like my first message was cut off at the RKILL log.

I have posted the entire RKILL log to a Google Doc:
https://docs.google.com/document/d/15SMNWq1Kixw3Z0GUis_FgSovn9ul4r2B5H7_qKjrvAU/edit


*****************************************************
SECOND ROUND ADWCLEANER LOG

# AdwCleaner v2.000 - Logfile created 09/01/2012 at 22:55:00
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Family - WORK
# Boot Mode : Safe mode with networking
# Running from : G:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\f63mzf9o.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************



************************************************************************************
LOG AFTER IEXPLORER.EXE

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/01/2012 10:59:38 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

 * No malware services found to stop.

Checking for processes to terminate.

 * No malware processes found to kill.

Checking Registry for malware related settings.

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

 * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

 * Background Intelligent Transfer Service (BITS) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * AppMgmt [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 * UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Program finished at: 09/01/2012 10:59:49 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)




**********************************************************************************

SECOND ROUND MBAM LOG
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Family :: WORK [administrator]

Protection: Disabled

9/1/2012 11:01:24 PM
mbam-log-2012-09-01 (23-01-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197153
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[SuperDave]

Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[freakish]

Thanks so much.

I ran the combo program, but my daughter was sick and called me to the other room.  When I returned the log below was posted.  As it stands, the PC has not be restarted by me.  The homepage is still black but for recycle bin, firefox, malwarebytes, and the log files.  The PC remains offline.  When I use the double right arrow icon adjacent on the bottom desktop toolbar, I can now see all the user files such as my pictures and see the folders within and the photos within.  When I clicked one of the photos, I received a message that reference the location, then read, "Illegal operation attempted on a registry key that has been marked for deletion." 

Because of that message I don't want to touch the pc, until I hear back from you.

Regarding the backup USB driver that I initially tried to save files to (off the infected computer), all the previous files disappeared, but are now back.  I have not clicked on the files to see if they have contents as I don't want to infect my clean computer or risk anything.



COMBO LOG FILE


ComboFix 12-08-31.08 - Family 09/02/2012  20:57:46.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.2898 [GMT -4:00]
Running from: G:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\8gzdeGPsMPO0LK
c:\programdata\8gzdeGPsMPO0LK.exe
c:\programdata\KbTTesIdWitxJO.exe
c:\users\Family\AppData\Roaming\12933374464bc792f23e5480.66658460
c:\users\Family\g2mdlhlpx.exe
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-03 to 2012-09-03  )))))))))))))))))))))))))))))))
.
.
2012-09-02 02:14 . 2012-09-02 02:14   711240   ----a-w-   c:\windows\isRS-000.tmp
2012-09-01 18:57 . 2012-09-01 18:57   --------   d--h--w-   c:\users\Family\AppData\Roaming\Malwarebytes
2012-09-01 18:56 . 2012-09-02 02:15   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 18:56 . 2012-09-01 18:56   --------   d--h--w-   c:\programdata\Malwarebytes
2012-09-01 18:56 . 2012-07-03 17:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-01 18:48 . 2012-09-01 18:48   --------   d-----w-   c:\program files\CCleaner
2012-08-31 13:59 . 2012-08-23 08:26   9310152   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{675D8F4A-2E6C-44F6-AABA-6BE65513C22A}\mpengine.dll
2012-08-28 01:07 . 2012-08-28 01:07   --------   d--h--w-   c:\programdata\3dCart
2012-08-15 17:18 . 2012-07-04 22:16   73216   ----a-w-   c:\windows\system32\netapi32.dll
2012-08-15 17:18 . 2012-07-04 22:13   59392   ----a-w-   c:\windows\system32\browcli.dll
2012-08-15 17:18 . 2012-07-04 22:13   136704   ----a-w-   c:\windows\system32\browser.dll
2012-08-15 17:18 . 2012-07-04 21:14   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
2012-08-15 17:18 . 2012-07-18 18:15   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-08-15 17:18 . 2012-05-14 05:26   956928   ----a-w-   c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 07:01 . 2010-08-28 22:12   62134624   ----a-w-   c:\windows\system32\MRT.exe
2012-07-30 17:39 . 2012-06-08 21:12   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 17:39 . 2011-05-19 21:28   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 00:46   14172672   ----a-w-   c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 00:46   2004480   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 00:46   1881600   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 00:48   1133568   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 00:46   1390080   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 00:46   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 00:48   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
2011-07-17 15:13 . 2011-07-17 15:13   378   ----a-w-   c:\program files (x86)\temp995.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ---ha-w-   c:\users\Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ---ha-w-   c:\users\Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ---ha-w-   c:\users\Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\users\Family\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-04-10 30705792]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2010-05-11 55808]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Family\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Fishbowl\database\bin\fb_inet_server.exe

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-01 239136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1255736]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2010-08-23 12688]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2010-08-23 15888]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2010-08-23 23952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 22:54]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 22:54]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004351535-993559344-1784565233-1001Core.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 22:54]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004351535-993559344-1784565233-1001UA.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 22:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ---ha-w-   c:\users\Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ---ha-w-   c:\users\Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ---ha-w-   c:\users\Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106545l04g4z1h5t46m2n446
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\f63mzf9o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Vidalia - c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Family\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-KbTTesIdWitxJO.exe - c:\programdata\KbTTesIdWitxJO.exe
Wow6432Node-HKCU-Run-8gzdeGPsMPO0LK - c:\programdata\8gzdeGPsMPO0LK.exe
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-3dCart_-_Quickbooks_2.2 - c:\windows\iun6002.exe
AddRemove-{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE} - c:\users\Family\AppData\Local\{B8113D28-DEB3-477F-974F-637E3A2089FC}\TreeFrog.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2012-09-02  21:19:37 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-03 01:19
.
Pre-Run: 22,796,062,720 bytes free
Post-Run: 22,137,577,472 bytes free
.
- - End Of File - - DF89ACDC5FAEEC197F9F00FF0ABF7361

[SuperDave]

Illegal operation attempted on a registry key that has been marked for deletion."

When you see that message it means you must re-boot.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

[freakish]

Thank you for your continued help and assistance.  I really appreciate it.


PC status:  everything has been run in safe mode.  The icons are back on the desktop and all the files seem to open.
The PC is still offline, wirelessly (this happened during the attack).  The icon in the tray reads that no connections are available, which is false.  I don't know if it is because I am in safe mode or not.

The files on my usb backup drive are all back, but I am not sure if I should open any, or if we need to do cleansing of that drive.  During the attack, I pulled my important folder from the infected pc onto the drive.  Then at the reboot all the icons were missing.  They are back now.   Since I don't know how these attacks work, I am not sure if the culprit was in the file that I dragged off the infected PC, or if the entire problem is that the hijacker just makes all connected drives look empty.  Of course, when I hooked the usb backup drive to my non-infected PC, the files were still missing.

Thanks so much.  Here are the logs


SUPER ANTISPYWARE LOG FILE


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2012 at 11:57 PM

Application Version : 5.5.1012

Core Rules Database Version : 9166
Trace Rules Database Version: 6978

Scan type       : Complete Scan
Total Scan Time : 01:32:50

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 414
Memory threats detected   : 0
Registry items scanned    : 67229
Registry threats detected : 0
File items scanned        : 249364
File threats detected     : 5

Trojan.Agent/Gen-RogueRel
   C:\QOOBOX\QUARANTINE\C\PROGRAMDATA\8GZDEGPSMPO0LK.EXE.VIR

Trojan.Agent/Gen-Autorun[Swisyn]
   C:\USERS\FAMILY\DESKTOP\ADOBE CS5 ALL PRODUCTS KEYMAKER V1.10 (WINDOWS)\ADOBE CS5 ALL PRODUCTS KEYMAKER V1.10 (WINDOWS)\KEYMAKER.EXE

Trojan.Dropper/UserInit-Fake
   C:\USERS\FAMILY\DESKTOP\RKILL MAJOR\USERINIT.EXE

PUP.CNETInstaller
   C:\USERS\FAMILY\DOWNLOADS\CNET2_INSTALLRARFILEOPENKNIFE_EXE.EXE

Adware.OpenInstall
   C:\USERS\FAMILY\DOWNLOADS\VIDEO AND PHOTO FILES\MP4PLAYER.EXE




*************************************************
ASWMBR LOG FILE

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 00:06:28
-----------------------------
00:06:28.951    OS Version: Windows x64 6.1.7601 Service Pack 1
00:06:28.951    Number of processors: 4 586 0x2502
00:06:28.967    ComputerName: WORK  UserName:
00:06:30.168    Initialize success
00:06:42.351    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:06:42.351    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
00:06:42.367    Disk 0 MBR read successfully
00:06:42.367    Disk 0 MBR scan
00:06:42.398    Disk 0 Windows 7 default MBR code
00:06:42.398    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14339 MB offset 63
00:06:42.414    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 29366820
00:06:42.429    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290803 MB offset 29575665
00:06:42.445    Disk 0 scanning C:\Windows\system32\drivers
00:06:50.557    Service scanning
00:07:13.536    Modules scanning
00:07:13.536    Disk 0 trace - called modules:
00:07:13.567    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:07:13.567    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f93060]
00:07:13.567    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f9a050]
00:07:13.583    Scan finished successfully
00:08:00.336    Disk 0 MBR has been saved successfully to "G:\MBR.dat"
00:08:00.336    The log file has been saved successfully to "G:\aswMBR log file 09022012.txt"



******************************************************************
ADWCLEANER LOG FILE


# AdwCleaner v2.000 - Logfile created 09/01/2012 at 14:53:39
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Family - WORK
# Boot Mode : Normal
# Running from : D:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Family\AppData\Local\APN

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-3004351535-993559344-1784565233-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\f63mzf9o.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1897 octets] - [01/09/2012 14:53:39]

########## EOF - C:\AdwCleaner[R1].txt - [1957 octets] ##########




Thanks so much,

Justin

[freakish]

Hi.  I am just writing to check to see if there is anything else that I should do before trying to use my pc again?  The background is still black (picture is missing) and the wireless internet connection is not working.  Before trying to fix both issues, I just want to be sure the malware is gone.

Thanks so much,

Justin

[SuperDave]

The PC is still offline, wirelessly (this happened during the attack). 

Did you try resetting the modem? Disconnect the power supply for 30 secs. and reconnect it.

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************************

The files on my usb backup drive are all back, but I am not sure if I should open any, or if we need to do cleansing of that drive.  During the attack, I pulled my important folder from the infected pc onto the drive.  Then at the reboot all the icons were missing.  They are back now.   Since I don't know how these attacks work, I am not sure if the culprit was in the file that I dragged off the infected PC, or if the entire problem is that the hijacker just makes all connected drives look empty.  Of course, when I hooked the usb backup drive to my non-infected PC, the files were still missing.

It would be best to scan that drive before putting anything back on the computer.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post.
*****************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[freakish]

Thanks so much for your help.  Here are the logs:

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 17:10:29
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Family - WORK
# Boot Mode : Normal
# Running from : C:\Users\Family\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com.tmp

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\f63mzf9o.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2020 octets] - [01/09/2012 14:53:39]
AdwCleaner[R2].txt - [2080 octets] - [01/09/2012 14:54:32]
AdwCleaner[R3].txt - [2140 octets] - [01/09/2012 14:55:20]
AdwCleaner[S1].txt - [2702 octets] - [01/09/2012 22:05:02]
AdwCleaner[S2].txt - [1202 octets] - [01/09/2012 22:55:00]
AdwCleaner[R4].txt - [1283 octets] - [03/09/2012 00:08:40]
AdwCleaner[R4] logfile 09022012.txt - [1283 octets] - [03/09/2012 00:09:05]
AdwCleaner[R5].txt - [1420 octets] - [03/09/2012 00:13:11]
AdwCleaner[S3].txt - [1442 octets] - [09/09/2012 17:10:29]

########## EOF - C:\AdwCleaner[S3].txt - [1502 octets] ##########




MiniToolBox by Farbar  Version: 23-07-2012
Ran by Family (administrator) on 09-09-2012 at 17:18:26
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Work
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
   Physical Address. . . . . . . . . : 78-E4-00-FC-0F-BE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a035:b84a:7d84:fa14%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.9(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, September 09, 2012 5:12:26 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 16, 2148 11:46:50 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 259580928
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-9B-36-19-88-AE-1D-01-EA-CA
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : 88-AE-1D-01-EA-CA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c25:3799:9cf5:522c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c25:3799:9cf5:522c%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4008:800::1005
     74.125.229.162
     74.125.229.163
     74.125.229.164
     74.125.229.165
     74.125.229.166
     74.125.229.167
     74.125.229.168
     74.125.229.169
     74.125.229.174
     74.125.229.160
     74.125.229.161


Pinging google.com [74.125.229.164] with 32 bytes of data:
Reply from 74.125.229.164: bytes=32 time=40ms TTL=49
Reply from 74.125.229.164: bytes=32 time=39ms TTL=49

Ping statistics for 74.125.229.164:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 40ms, Average = 39ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
     72.30.38.140
     98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=515ms TTL=41
Reply from 72.30.38.140: bytes=32 time=313ms TTL=41

Ping statistics for 72.30.38.140:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 313ms, Maximum = 515ms, Average = 414ms
Server:  UnKnown
Address:  192.168.2.1

Name:    bleepingcomputer.com
Address:  208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...78 e4 00 fc 0f be ......Atheros AR5B93 Wireless Network Adapter
 10...88 ae 1d 01 ea ca ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.9     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.9    281
      192.168.2.9  255.255.255.255         On-link       192.168.2.9    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.9    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.9    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.9    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:6ab8:2c25:3799:9cf5:522c/128
                                    On-link
 12    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::2c25:3799:9cf5:522c/128
                                    On-link
 12    281 fe80::a035:b84a:7d84:fa14/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/09/2012 04:37:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version: 11.3.300.257, time stamp: 0x4fc82063
Faulting module name: NPSWF32_11_3_300_257.dll, version: 11.3.300.257, time stamp: 0x4fc821fc
Exception code: 0xc0000005
Fault offset: 0x0016b4bd
Faulting process id: 0xf64
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_257.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_257.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_257.exe2
Report Id: FlashPlayerPlugin_11_3_300_257.exe3

Error: (09/08/2012 04:00:06 PM) (Source: Application Hang) (User: )
Description: The program CorelDrw.exe version 16.0.0.707 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14a8

Start Time: 01cd8df96b206e9b

Termination Time: 8020

Application Path: c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDrw.exe

Report Id: 904749d8-f9ef-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 03:59:50 PM) (Source: Application Hang) (User: )
Description: The program CorelDRW.exe version 16.0.0.707 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1770

Start Time: 01cd8df99e209947

Termination Time: 8014

Application Path: C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDRW.exe

Report Id: 86b2734d-f9ef-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 03:59:34 PM) (Source: Application Hang) (User: )
Description: The program CorelDrw.exe version 16.0.0.707 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 197c

Start Time: 01cd8df97d33024a

Termination Time: 12034

Application Path: c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDrw.exe

Report Id: 7d2e17c1-f9ef-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 03:57:09 PM) (Source: Application Hang) (User: )
Description: The program CorelDRW.exe version 16.0.0.707 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18a8

Start Time: 01cd8df99e209947

Termination Time: 4

Application Path: C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDRW.exe

Report Id: dfe0267b-f9ee-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 02:46:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2012 09:48:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/04/2012 00:47:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2012 08:55:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (09/02/2012 08:55:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (09/09/2012 05:14:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/09/2012 05:14:17 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/09/2012 05:14:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/09/2012 05:13:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (09/09/2012 05:12:42 PM) (Source: Service Control Manager) (User: )
Description: The Firebird Server - DefaultInstance service failed to start due to the following error:
%%2

Error: (09/09/2012 05:12:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (09/08/2012 04:36:54 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/08/2012 04:36:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/08/2012 04:36:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/08/2012 04:36:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (09/09/2012 04:37:36 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_3_300_257.exe11.3. 300.2574fc82063NPSWF32_11_3_300_257.dll 11.3.300.2574fc821fcc00000050016b4bdf64 01cd8e11027c42adC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll303b1930-fabe-11e1-a878-88ae1d01eaca

Error: (09/08/2012 04:00:06 PM) (Source: Application Hang)(User: )
Description: CorelDrw.exe16.0.0.70714a801cd8df96b206 e9b8020c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDrw.exe904749d8-f9ef-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 03:59:50 PM) (Source: Application Hang)(User: )
Description: CorelDRW.exe16.0.0.707177001cd8df99e209 9478014C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDRW.exe86b2734d-f9ef-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 03:59:34 PM) (Source: Application Hang)(User: )
Description: CorelDrw.exe16.0.0.707197c01cd8df97d330 24a12034c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDrw.exe7d2e17c1-f9ef-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 03:57:09 PM) (Source: Application Hang)(User: )
Description: CorelDRW.exe16.0.0.70718a801cd8df99e209 9474C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDRW.exedfe0267b-f9ee-11e1-a1c9-88ae1d01eaca

Error: (09/08/2012 02:46:58 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/07/2012 09:48:08 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/04/2012 00:47:41 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/02/2012 08:55:58 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (09/02/2012 08:55:58 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3766.71 MB
Available physical RAM: 2035.62 MB
Total Pagefile: 7531.61 MB
Available Pagefile: 5570.02 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.66 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:24.58 GB) NTFS
3 Drive e: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
4 Drive g: (My Book) (Fixed) (Total:465.11 GB) (Free:337.35 GB) NTFS

========================= Users: ========================================

User accounts for \\WORK

Administrator            ASPNET                   Family                   
Guest                   


**** End of log ****




Farbar Service Scanner Version: 06-08-2012
Ran by Family (administrator) on 09-09-2012 at 17:20:43
Running from "C:\Users\Family\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[SuperDave]

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*****************************************************
The last two scanners shows that there doesn't appear to be anything wrong with the internet access. Did you try hardwiring the computer to the modem? If this is a laptop are you certain the switch is not turned off? Did you try another browser?