Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure I'm infected.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Mgoyal

Mgoyal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 09 April 2013 - 06:02 AM

Hey,

 

I recently found a pendrive of mine to be infected with the Trojan TR/Crypt.FKM.Gen when checking in a cyber cafe computer.

Normally I take a lot of precautions to make sure I don't get infected, including running untrusted softwares in a Virtual Machine, disabling autoplay, and not visiting any slightly untrusted site etc.

This pendrive was used by a friend recently so that could have been the source of the infection.

 

I, overestimating myself, ran Combofix. I did create a made a system restore point and a complete system image backup on a portable HDD before doing so(and that saved me.

Combofix said that my kernel32.dll was infected and that it had been fixed. However, I forgot to disable Comodo Firewall(I had disabled Antivir) and that interrupted Combofix, which resulted in the system restarting, after which no applications would run and it gave an error related to ntdll.

 

I quickly restored from the system image, after which the system has been working normally, and came here.

I also scanned kernel32.dll with Antivir and it didn't detect anything.

 

DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.15.2
Run by Mayank at 16:30:35 on 2013-04-09
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6076.3475 [GMT 5.5:30]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Mayank\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Mayank\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=216.213.46.40:57119
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [F.lux] "C:\Users\Mayank\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Mayank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mayank\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Mayank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Mayank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:32
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\IE8Clipper\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\Mayank\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Mayank\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\IE8Clipper\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C3323EB8-8E21-46B6-8ED6-D89A7048F622} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C3323EB8-8E21-46B6-8ED6-D89A7048F622} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\
FF - prefs.js: browser.search.selectedEngine - Google (Not Personalized)
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\plugins\npLightshot.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-24 02:57; support@lastpass.com; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-02-25 14:08; firebug@software.joehewitt.com; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-02-25 14:16; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-02-25 19:24; {c45c406e-ab73-11d8-be73-000a95be3b12}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2013-02-25 19:24; {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi
FF - ExtSQL: 2013-02-25 19:24; {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
FF - ExtSQL: 2013-02-25 19:24; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-02-25 20:07; {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
FF - ExtSQL: 2013-03-01 12:08; isreaditlater@ideashower.com; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\isreaditlater@ideashower.com.xpi
FF - ExtSQL: 2013-03-16 23:17; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
FF - ExtSQL: 2013-03-16 23:17; cryptocat@crypto.cat; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\cryptocat@crypto.cat.xpi
FF - ExtSQL: 2013-03-18 02:15; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-03-18 02:15; resizeit@sonej; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\resizeit@sonej.xpi
FF - ExtSQL: 2013-03-28 02:22; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 cumon;cumon;C:\Windows\System32\drivers\cumon.sys [2013-2-24 205512]
R0 Evdd;Evdd;C:\Windows\System32\drivers\evdd.sys [2013-2-24 19568]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-2-24 21616]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-2-24 98208]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-24 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-24 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]
R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-24 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-24 682344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-23 2533400]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2013-2-24 27760]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2013-2-24 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-2-24 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-2-25 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2013-2-23 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-24 24176]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2013-2-24 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]
S3 Generalusbserialser20679;Legacy Serial Communication 20679;C:\Windows\System32\drivers\CT_U_USBSER.sys [2013-2-23 124160]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-2-23 160880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S4 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-1-24 2074256]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S4 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S4 UDisk Monitor;UDisk Monitor;C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [2013-2-23 405504]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-09 10:35:42    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-04-09 10:14:14    98816    ----a-w-    C:\Windows\sed.exe
2013-04-09 10:14:14    256000    ----a-w-    C:\Windows\PEV.exe
2013-04-09 10:14:14    208896    ----a-w-    C:\Windows\MBR.exe
2013-04-09 10:14:02    --------    d-s---w-    C:\ComboFix
2013-04-07 04:50:08    --------    d-----w-    C:\Users\Mayank\AppData\Local\ElevatedDiagnostics
2013-03-28 00:12:02    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-27 21:29:34    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-03-27 21:29:34    100712    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-03-27 20:54:44    --------    d-----w-    C:\Users\Mayank\dwhelper
2013-03-18 14:18:22    --------    d-----w-    C:\Python27
.
==================== Find3M  ====================
.
2013-02-25 02:33:45    75    --sh--r-    C:\Windows\CT4CET.bin
2013-02-24 23:48:49    982912    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-02-24 23:12:00    56072    ----a-w-    C:\Windows\System32\certsentry.dll
2013-02-24 23:12:00    47368    ----a-w-    C:\Windows\SysWow64\certsentry.dll
2013-02-24 16:06:46    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 16:06:46    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-24 16:06:46    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-24 12:57:59    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 12:57:59    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-23 21:47:38    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-23 21:47:37    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-02-23 21:47:37    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-02-23 21:27:22    14823424    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-23 18:02:23    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-02-23 18:02:23    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2013-02-23 18:02:23    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2013-01-24 17:13:04    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-01-24 17:13:02    461384    ----a-w-    C:\Windows\System32\guard64.dll
2013-01-24 17:13:02    354752    ----a-w-    C:\Windows\SysWow64\guard32.dll
2013-01-24 17:12:54    45776    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2013-01-24 17:12:54    326352    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2013-01-24 17:12:50    40656    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2013-01-24 17:12:50    263888    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2013-01-16 19:58:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-16 14:21:46    699880    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-01-16 14:21:46    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2013-01-16 14:21:44    23176    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
.
============= FINISH: 16:31:15.51 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 09 April 2013 - 01:11 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

====
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Mgoyal

Mgoyal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 11 April 2013 - 05:21 AM

Thank you for the response nasdaq!

I'll separate the logs using ===, I hope that's fine.

Also, I downloaded SecurityCheck.exe from BleepingComputer.com as the original link you posted was down.

RogueKiller File:

=============================================================================================

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Mayank [Admin rights]
Mode : Scan -- Date : 04/11/2013 15:10:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=216.213.46.40:57119) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 link-assistant.com
127.0.0.1 www.link-assistant.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSYN ATA Device +++++
--- User ---
[MBR] 46f881064d7cb95740d1cdb29e5c6f25
[BSP] fe4ea1a649abb29e35374b18d534a767 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 184319 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 377692160 | Size: 202406 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 792219648 | Size: 90113 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] 74fbbd4182f5fb482081b20bad2aea25
[BSP] f4d0d78e58b7e506c4b00e1642e73458 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 953839 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04112013_02d1510.txt >>
RKreport[1]_S_04112013_02d1510.txt



=============================================================================================

Security Check File:

 Results of screen317's Security Check version 0.99.62  
 Windows 7  x64 (UAC is enabled)  
 [/b]
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 7 Update 15  
 Java version out of Date!
 Adobe Flash Player 11.6.602.168  
 Adobe Reader XI  
 Mozilla Firefox (19.0)
 Mozilla Thunderbird (17.0.4)
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Comodo Firewall cmdagent.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

=============================================================================================


AdwCleaner


# AdwCleaner v2.200 - Logfile created 04/11/2013 at 15:41:54
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Mayank - BITEME
# Boot Mode : Normal
# Running from : C:\Users\Mayank\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\jetpack

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Mayank\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\Mayank\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1014 octets] - [11/04/2013 15:41:54]

########## EOF - C:\AdwCleaner[R1].txt - [1074 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 11 April 2013 - 07:52 AM

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=216.213.46.40:57119) -> FOUND

The IP address is from:
OrgName Thorn Communications, Inc
OrgId TCII
Address 11 Broadway, Suite 802
City NEW YORK
StateProv NY
PostalCode 10004

Can you relate to it?
If this is your Internet Provider check if you need this proxy.

If not then remove it from Internet Explorer.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 216.213.46.40:57119 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

Keep me posted.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 7 Update 15


Java 7 update 10 introduced important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

#5 Mgoyal

Mgoyal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 11 April 2013 - 08:09 AM

Hey nasdaq,

 

I can relate to that IP address and I'm 100% sure that it is safe. It's a proxy service I pay for.

 

I have uninstalled Java(both 32 and 64 bit versions) and installed the latest 64 bit version.

 

My main concern was mentioned in the opening post. When I ran Combofix by myself, it indicated that my kernel32.dll file inside C:\Windows\SysWOW64 was infected.

What went wrong with that was that I forgot to disable Comodo Firewall/Defense+, and it blocked one or more of Combofix's applications, giving me a option to unblock them. The net wasn't working on my computer due to Combofix, and by the time I looked up the files Comodo was blocking so that I could know if they were safe to unblock, the option had disappeared.

 

That caused severe system problems, and I had to do a system restore.


Edited by Mgoyal, 11 April 2013 - 08:10 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 11 April 2013 - 10:14 AM

I will keep this topic open for a few days.

Let me know if you have any problems with the restore.

#7 Mgoyal

Mgoyal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 11 April 2013 - 11:09 AM

I'm sorry if I phrased that wrongly.

 

Before opening this thread, I did a system restore to fix the problems caused by Combofix. The events in chronological order are:

1) I ran combofix. It detected kernel32.dll was infected and fixed it. But it messed up the system

2) I did a system restore to fix the syste,

3) I opened this thread



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 11 April 2013 - 01:35 PM

Run ComboFix again and post a fresh log.

#9 Mgoyal

Mgoyal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 17 April 2013 - 08:20 AM

Hi, sorry about the delay in responding.

 

Do I need to take any other precautions than disable Comodo and Antivir before running Combofix?

Should I run it in Safemode?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 17 April 2013 - 10:39 AM

Just disable them for 15 minutes.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 23 April 2013 - 08:04 AM

Are you still with me?

#12 Mgoyal

Mgoyal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 24 April 2013 - 11:57 AM

Hey,

I'm sorry, My universitys annual fest is taking place and I'm having to spend 8AM-9PM in college preparing for it.

I ran Combofix, it messed up my computer's WAVES MAXXAudio3 drivers.

Here's the combofix log. I kept an eye on it but it didn't give the "Kernel File infected" notice this time, perhaps that file wasn't replaced in the system restore.

 

ComboFix 13-04-17.01 - Mayank 18/04/2013  21:17:02.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6076.3980 [GMT 5.5:30]
Running from: c:\users\Mayank\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
---- Previous Run -------
.
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-18 to 2013-04-18  )))))))))))))))))))))))))))))))
.
.
2013-04-18 15:57 . 2013-04-18 15:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-11 14:03 . 2013-04-11 14:03    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-04-11 14:03 . 2013-04-11 14:03    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-11 14:03 . 2013-04-11 14:03    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-04-11 14:03 . 2013-04-11 14:03    188320    ----a-w-    c:\windows\system32\java.exe
2013-04-11 14:02 . 2013-04-11 14:03    --------    d-----w-    c:\program files\Java
2013-03-28 00:12 . 2013-03-28 00:12    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-03-27 21:29 . 2013-03-27 21:29    28600    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2013-03-27 21:29 . 2013-03-27 21:29    130016    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2013-03-27 21:29 . 2013-03-27 21:29    100712    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-03-27 20:54 . 2013-03-27 20:54    --------    d-----w-    c:\users\Mayank\dwhelper
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 14:03 . 2013-02-23 21:47    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-11 14:03 . 2013-02-23 21:47    1085344    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-04-04 09:20 . 2013-02-23 21:14    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-24 23:54 . 2013-02-24 23:54    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-02-24 23:54 . 2013-02-24 23:54    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-24 23:54 . 2013-02-24 23:54    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-24 23:54 . 2013-02-24 23:54    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-02-24 23:54 . 2013-02-24 23:54    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-02-24 23:54 . 2013-02-24 23:54    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-02-24 23:54 . 2013-02-24 23:54    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-02-24 23:54 . 2013-02-24 23:54    367104    ----a-w-    c:\windows\SysWow64\html.iec
2013-02-24 23:54 . 2013-02-24 23:54    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-02-24 23:54 . 2013-02-24 23:54    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-02-24 23:54 . 2013-02-24 23:54    23552    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-02-24 23:54 . 2013-02-24 23:54    1800704    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-02-24 23:54 . 2013-02-24 23:54    161792    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-02-24 23:54 . 2013-02-24 23:54    152064    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-02-24 23:54 . 2013-02-24 23:54    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-02-24 23:54 . 2013-02-24 23:54    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-02-24 23:54 . 2013-02-24 23:54    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-02-24 23:54 . 2013-02-24 23:54    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-02-24 23:54 . 2013-02-24 23:54    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-02-24 23:54 . 2013-02-24 23:54    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-02-24 23:54 . 2013-02-24 23:54    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2013-02-24 23:54 . 2013-02-24 23:54    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2013-02-24 23:54 . 2013-02-24 23:54    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-02-24 23:54 . 2013-02-24 23:54    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-02-24 23:54 . 2013-02-24 23:54    89088    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-02-24 23:54 . 2013-02-24 23:54    85504    ----a-w-    c:\windows\system32\jsproxy.dll
2013-02-24 23:54 . 2013-02-24 23:54    85504    ----a-w-    c:\windows\system32\iesetup.dll
2013-02-24 23:54 . 2013-02-24 23:54    82432    ----a-w-    c:\windows\system32\icardie.dll
2013-02-24 23:54 . 2013-02-24 23:54    816640    ----a-w-    c:\windows\system32\jscript.dll
2013-02-24 23:54 . 2013-02-24 23:54    76800    ----a-w-    c:\windows\system32\tdc.ocx
2013-02-24 23:54 . 2013-02-24 23:54    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2013-02-24 23:54 . 2013-02-24 23:54    65024    ----a-w-    c:\windows\system32\pngfilt.dll
2013-02-24 23:54 . 2013-02-24 23:54    599040    ----a-w-    c:\windows\system32\vbscript.dll
2013-02-24 23:54 . 2013-02-24 23:54    55296    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-02-24 23:54 . 2013-02-24 23:54    534528    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-02-24 23:54 . 2013-02-24 23:54    49664    ----a-w-    c:\windows\system32\imgutil.dll
2013-02-24 23:54 . 2013-02-24 23:54    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-02-24 23:54 . 2013-02-24 23:54    452608    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-02-24 23:54 . 2013-02-24 23:54    448512    ----a-w-    c:\windows\system32\html.iec
2013-02-24 23:54 . 2013-02-24 23:54    403248    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-02-24 23:54 . 2013-02-24 23:54    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-02-24 23:54 . 2013-02-24 23:54    3695416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-02-24 23:54 . 2013-02-24 23:54    30720    ----a-w-    c:\windows\system32\licmgr10.dll
2013-02-24 23:54 . 2013-02-24 23:54    282112    ----a-w-    c:\windows\system32\dxtrans.dll
2013-02-24 23:54 . 2013-02-24 23:54    267776    ----a-w-    c:\windows\system32\ieaksie.dll
2013-02-24 23:54 . 2013-02-24 23:54    249344    ----a-w-    c:\windows\system32\webcheck.dll
2013-02-24 23:54 . 2013-02-24 23:54    248320    ----a-w-    c:\windows\system32\ieui.dll
2013-02-24 23:54 . 2013-02-24 23:54    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-02-24 23:54 . 2013-02-24 23:54    237056    ----a-w-    c:\windows\system32\url.dll
2013-02-24 23:54 . 2013-02-24 23:54    2312704    ----a-w-    c:\windows\system32\jscript9.dll
2013-02-24 23:54 . 2013-02-24 23:54    222208    ----a-w-    c:\windows\system32\msls31.dll
2013-02-24 23:54 . 2013-02-24 23:54    2147840    ----a-w-    c:\windows\system32\iertutil.dll
2013-02-24 23:54 . 2013-02-24 23:54    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-02-24 23:54 . 2013-02-24 23:54    17812992    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-24 23:54 . 2013-02-24 23:54    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-02-24 23:54 . 2013-02-24 23:54    165888    ----a-w-    c:\windows\system32\iexpress.exe
2013-02-24 23:54 . 2013-02-24 23:54    163840    ----a-w-    c:\windows\system32\ieakui.dll
2013-02-24 23:54 . 2013-02-24 23:54    160256    ----a-w-    c:\windows\system32\wextract.exe
2013-02-24 23:54 . 2013-02-24 23:54    160256    ----a-w-    c:\windows\system32\ieakeng.dll
2013-02-24 23:54 . 2013-02-24 23:54    149504    ----a-w-    c:\windows\system32\occache.dll
2013-02-24 23:54 . 2013-02-24 23:54    1494528    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-24 23:54 . 2013-02-24 23:54    145920    ----a-w-    c:\windows\system32\iepeers.dll
2013-02-24 23:54 . 2013-02-24 23:54    1392128    ----a-w-    c:\windows\system32\wininet.dll
2013-02-24 23:54 . 2013-02-24 23:54    135168    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-02-24 23:54 . 2013-02-24 23:54    1346048    ----a-w-    c:\windows\system32\urlmon.dll
2013-02-24 23:54 . 2013-02-24 23:54    12288    ----a-w-    c:\windows\system32\mshta.exe
2013-02-24 23:54 . 2013-02-24 23:54    114176    ----a-w-    c:\windows\system32\admparse.dll
2013-02-24 23:54 . 2013-02-24 23:54    111616    ----a-w-    c:\windows\system32\iesysprep.dll
2013-02-24 23:54 . 2013-02-24 23:54    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-24 23:54 . 2013-02-24 23:54    10752    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-02-24 23:54 . 2013-02-24 23:54    103936    ----a-w-    c:\windows\system32\inseng.dll
2013-02-24 23:48 . 2013-02-24 23:48    982912    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-02-24 23:48 . 2013-02-24 23:48    662528    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-02-24 23:48 . 2013-02-24 23:48    470016    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-02-24 23:48 . 2013-02-24 23:48    442880    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-02-24 23:48 . 2013-02-24 23:48    283648    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-02-24 23:48 . 2013-02-24 23:48    265088    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-02-24 23:48 . 2013-02-24 23:48    229888    ----a-w-    c:\windows\system32\XpsRasterService.dll
2013-02-24 23:48 . 2013-02-24 23:48    1888256    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-02-24 23:48 . 2013-02-24 23:48    1863680    ----a-w-    c:\windows\system32\ExplorerFrame.dll
2013-02-24 23:48 . 2013-02-24 23:48    1619456    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-02-24 23:48 . 2013-02-24 23:48    1495040    ----a-w-    c:\windows\SysWow64\ExplorerFrame.dll
2013-02-24 23:48 . 2013-02-24 23:48    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-02-24 23:48 . 2013-02-24 23:48    135168    ----a-w-    c:\windows\SysWow64\XpsRasterService.dll
2013-02-24 23:48 . 2013-02-24 23:48    1133568    ----a-w-    c:\windows\system32\FntCache.dll
2013-02-24 23:48 . 2013-02-24 23:48    4068864    ----a-w-    c:\windows\system32\mf.dll
2013-02-24 23:48 . 2013-02-24 23:48    3181568    ----a-w-    c:\windows\SysWow64\mf.dll
2013-02-24 23:48 . 2013-02-24 23:48    257024    ----a-w-    c:\windows\system32\mfreadwrite.dll
2013-02-24 23:48 . 2013-02-24 23:48    206848    ----a-w-    c:\windows\system32\mfps.dll
2013-02-24 23:48 . 2013-02-24 23:48    196608    ----a-w-    c:\windows\SysWow64\mfreadwrite.dll
2013-02-24 23:12 . 2013-02-24 16:02    56072    ----a-w-    c:\windows\system32\certsentry.dll
2013-02-24 23:12 . 2013-02-24 16:02    47368    ----a-w-    c:\windows\SysWow64\certsentry.dll
2013-02-24 16:06 . 2013-02-24 16:07    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-02-24 16:06 . 2013-02-24 16:07    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-24 12:57 . 2013-02-24 12:57    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 12:57 . 2013-02-24 12:57    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-23 21:27 . 2013-02-23 21:27    14823424    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_423c286802951189\kbdclass.sys
.
[7] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[7] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2009-07-14 . 356698A13C4630D5B31C37378D469196 . 1659984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[7] 2009-07-14 . 356698A13C4630D5B31C37378D469196 . 1659984 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2013-01-04 . B8C1AAC0523E1C33AEB0EF7572144BA2 . 1901416 . . [6.1.7601.22209] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[7] 2013-01-04 . 5CFB7AB8F9524D1A1E14369DE63B83CC . 1893224 . . [6.1.7600.17206] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[7] 2013-01-03 . B62A953F2BF3922C8764A29C34A22899 . 1913192 . . [6.1.7601.18042] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[7] 2013-01-03 . 692969AB90BDA19F56E27BF89A9260E2 . 1876824 . . [6.1.7600.21415] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[7] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[7] 2013-01-04 . 5CFB7AB8F9524D1A1E14369DE63B83CC . 1893224 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-07-04 . 00A7A2067E9822E4626DE846574ADA80 . 136704 . . [6.1.7600.21256] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_d5890aa5d0b400b5\browser.dll
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7601.17887] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
[7] 2012-07-04 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7601.22044] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
[7] 2012-07-04 . 6B054C67AAA87843504E8E3C09102009 . 136704 . . [6.1.7600.17056] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_d4ff6bf4b79663c4\browser.dll
[7] 2009-07-14 . 94FBC06F294D58D02361918418F996E3 . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll
[7] 2012-07-04 . 6B054C67AAA87843504E8E3C09102009 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[7] 2012-06-02 . BF63CE11A25F3509129888710D5111FC . 31232 . . [6.1.7600.21225] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
[7] 2011-11-17 . D21BD47E528CD62E79311FB5DF0150E6 . 31232 . . [6.1.7600.21092] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[7] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2009-07-14 . 7F0C323FE3DA28AA4AA1BDA3F575707F . 848384 . . [7.5.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
[7] 2009-07-14 . 7F0C323FE3DA28AA4AA1BDA3F575707F . 848384 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
[7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe
[7] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe
[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe
.
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll
[7] 2010-08-24 . 882C1C473BE598DF08730DA11C5B2B27 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
[7] 2010-08-21 . 113921FC4A80A3DDF646852998B836D0 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll
[7] 2009-07-14 . C093E7835C1372D6D70A6675EDAA97B5 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2012-06-04 . 7E7D2DACF65D750D466F36BD3D09AE20 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[7] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[7] 2012-06-02 . 456107D69D4EE850A559434F19EFEE65 . 183808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_d2beeccacd6d6c07\cryptsvc.dll
[7] 2012-06-02 . BAF19B633933A9FB4883D27D66C39E9A . 182272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_d22a7e2db457eb07\cryptsvc.dll
[7] 2009-07-14 . 8C57411B66282C01533CB776F98AD384 . 175104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[7] 2012-06-02 . BAF19B633933A9FB4883D27D66C39E9A . 182272 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll
[7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\system32\usp10.dll
.
[7] 2013-01-04 . 9DD828EFBD17246275E8A74D58E836AC . 1162752 . . [6.1.7600.21416] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_f0890ca988e09e80\kernel32.dll
[7] 2013-01-04 . B844114B247D8EF1E5E4E93A282D2E6F . 1162240 . . [6.1.7601.22209] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_f27d3a7985fc3a80\kernel32.dll
[7] 2013-01-04 . 43DB3433F141F01E53D1C5AA0F434098 . 1161216 . . [6.1.7600.17206] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_f00a3de46fbae59e\kernel32.dll
[7] 2012-10-04 . 1DC3504CA4C57900F1557E9A3F01D272 . 1161216 . . [6.1.7601.17965] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll
[7] 2012-10-04 . F3C594D0DA3ACFA6C7B781A490AB4282 . 1162240 . . [6.1.7601.22125] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_f263979386100fdf\kernel32.dll
[7] 2012-10-04 . 1DDCACAB8DA5399E5521051923016B18 . 1161216 . . [6.1.7600.17135] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_efe8cbf06fd422f3\kernel32.dll
[7] 2012-10-04 . 6EED0D77C20137948979EA47360A890B . 1162752 . . [6.1.7600.21335] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_f0726aa188f1bfe4\kernel32.dll
[7] 2009-07-14 . 5B4B379AD10DEDA4EDA01B8C6961B193 . 1162240 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[7] 2013-01-04 . 43DB3433F141F01E53D1C5AA0F434098 . 1161216 . . [6.1.7600.17135] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2012-12-16 . 838BF2634A38B344B27AC080D76B28C2 . 41472 . . [6.1.7600.21402] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_06a50ea48d16f1d1\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_05bc1f55744085e0\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2013-02-24 . 14DEB733ACB08A71CC0783ED02FF1F8D . 17812992 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_87b9120bf4eaf990\mshtml.dll
[7] 2013-01-08 . 98C377E8F22A61E0759BD371D4EE3709 . 9374720 . . [8.00.7600.21419] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21419_none_8acb8219cbbdd570\mshtml.dll
[7] 2013-01-08 . C22E44747DAC8CAACCE00F0722D708E2 . 9376768 . . [8.00.7600.17209] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17209_none_8a4cb354b2981c8e\mshtml.dll
[7] 2012-12-20 . 4197D46E0D23E746EF414E87C6F79E82 . 9060864 . . [8.00.7601.22199] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22199_none_8c5b5dd9c92523bd\mshtml.dll
[7] 2012-12-20 . C0206725ADC0E788921FB462D6EDEA98 . 9058304 . . [8.00.7601.18035] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18035_none_8c0e9f6eafda76f1\mshtml.dll
[7] 2009-07-14 . 12C3F25EA578DAA752024E1918D59313 . 9271296 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_89f24b7ab2dc7a40\mshtml.dll
[7] 2013-02-24 . 14DEB733ACB08A71CC0783ED02FF1F8D . 17812992 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[7] 2011-12-16 . 579F6AFC6A6561951FA2202EFC3FE485 . 634368 . . [7.0.7600.16930] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_2d7b4155b87308d6\msvcrt.dll
[7] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[7] 2011-12-16 . 7D8B505E35AB89D3C3E9AE54A2C95DD2 . 634880 . . [7.0.7600.21108] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_2e2d2856d17152c7\msvcrt.dll
[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[7] 2011-12-16 . 579F6AFC6A6561951FA2202EFC3FE485 . 634368 . . [7.0.7600.16930] .. c:\windows\system32\msvcrt.dll
.
[7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
[7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll
[7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2013-02-24 . 435E9C764E1EF70058580996452BE6A2 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_765ef2ed7494905a\wininet.dll
[7] 2012-12-20 . 7B0C153254450192EAD602B992009F72 . 1198080 . . [8.00.7600.17197] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17197_none_788f4270328c7efc\wininet.dll
[7] 2012-12-20 . D37C305E7EBBD9A4529791168421816A . 1198080 . . [8.00.7600.21406] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21406_none_797932094b620444\wininet.dll
[7] 2012-12-20 . 2369627A789B29866825BD9504F7B237 . 1189888 . . [8.00.7601.22199] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22199_none_7b013ebb48ceba87\wininet.dll
[7] 2012-12-20 . 81101547092783DC117D800D3573EBD4 . 1188864 . . [8.00.7601.18035] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18035_none_7ab480502f840dbb\wininet.dll
[7] 2009-07-14 . B1037F0131C9A010D611F6914E03CD92 . 1193472 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll
[7] 2013-02-24 . 435E9C764E1EF70058580996452BE6A2 . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll
[7] 2010-06-29 . 49401892E8305914A9E7F64C7000D6A6 . 2085376 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_08c67ae62500754f\ole32.dll
[7] 2009-07-14 . 4B25DDE615AC2CABAB73169CA7DA96E6 . 2084352 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_081299030c02672b\ole32.dll
[7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll
[7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-02 . 5269A787C24D968D291B22F7ED4955B1 . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_8bb0c2c5c9ad095d\schedsvc.dll
[7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_8aef4726b0b7f821\schedsvc.dll
[7] 2009-07-14 . EC56B171F85C7E855E7B0588AC503EEA . 1104384 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll
[7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\system32\termsrv.dll
.
[7] 2013-01-05 . 5DEF532B4661D612CD4E894CD3688E4C . 5500776 . . [6.1.7600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_c87dba8dcd9188af\ntoskrnl.exe
[7] 2013-01-05 . 24607D189375475224138CE863A1A9D5 . 5467992 . . [6.1.7600.21417] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_c8fc8952e6b74191\ntoskrnl.exe
[7] 2013-01-05 . 6B0D9CF92C08D42533C12FC1A0B5403F . 5553512 . . [6.1.7601.18044] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe
[7] 2013-01-05 . A0F9F36C3F670053F9A2E9B9577CD1AB . 5554536 . . [6.1.7601.22210] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe
[7] 2012-04-02 . 9579F84C40B3BE205C9FD4CCDD99B6B7 . 5504880 . . [6.1.7600.16988] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_c8285f89cdd153fe\ntoskrnl.exe
[7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[7] 2012-03-31 . 5E6017E5814B3BC366A5A7A88538D0FC . 5473136 . . [6.1.7600.21179] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_c8bda4ace6e62470\ntoskrnl.exe
[7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[7] 2013-01-05 . 5DEF532B4661D612CD4E894CD3688E4C . 5500776 . . [6.1.7600.17207] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll
[7] 2010-08-21 . 70EF5DFEF7069164EACF7140C2CC6344 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
[7] 2010-08-21 . 4B8DD8541C0E26602005DD0137333615 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
[7] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
.
[7] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[7] 2012-06-02 . F2FDE6C8DBAAD44CC58D1E07E4AF4EED . 139264 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2012-06-02 . F2FDE6C8DBAAD44CC58D1E07E4AF4EED . 139264 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[7] 2012-06-02 . EA8C26ECF1656D9647EF044F115EC6DA . 141312 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[7] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[7] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[7] 2009-07-14 . 0DE3069D6E09BA262856EF31C941BEFE . 119808 . . [6.1.7600.16385] .. c:\windows\SysWOW64\imm32.dll
[7] 2009-07-14 . 0DE3069D6E09BA262856EF31C941BEFE . 119808 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll
.
[7] 2013-01-04 . 7E55988F5CB3BA67E2732370E8D71BBB . 1114112 . . [6.1.7601.22209] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b\kernel32.dll
[7] 2013-01-04 . 385BE92E3106491BBB542F8F1C06C606 . 1114112 . . [6.1.7600.17135] .. c:\windows\SysWOW64\kernel32.dll
[7] 2013-01-04 . 385BE92E3106491BBB542F8F1C06C606 . 1114112 . . [6.1.7600.17135] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_fa5ee836a41ba799\kernel32.dll
[7] 2013-01-04 . F9F6CD9EF1F6C896A56B5259B81027D9 . 1114112 . . [6.1.7600.21416] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_faddb6fbbd41607b\kernel32.dll
[7] 2012-10-04 . DE7A37CB1F48526A78A2D42786411578 . 1114112 . . [6.1.7600.21335] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_fac714f3bd5281df\kernel32.dll
[7] 2012-10-04 . A6778FC49011313995A4D718F624CC74 . 1114112 . . [6.1.7600.17135] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_fa3d7642a434e4ee\kernel32.dll
[7] 2012-10-04 . D4F3176082566CEFA633B4945802D4C4 . 1114112 . . [6.1.7601.17965] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll
[7] 2012-10-04 . 5FA395364EE727E4BEE6B1406C207F98 . 1114112 . . [6.1.7601.22125] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da\kernel32.dll
[7] 2009-07-14 . 606ECB76A424CC535407E7A24E2A34BC . 836608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[7] 2012-12-16 . BF6CDA72E4112DAC01E2ED8911C3FD74 . 25600 . . [6.1.7600.21402] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_10f9b8f6c177b3cc\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_1010c9a7a8a147db\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
.
[7] 2013-02-24 . C97434C851C4821BD92D2831FDF1ECBE . 12321280 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[7] 2013-02-24 . C97434C851C4821BD92D2831FDF1ECBE . 12321280 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_920dbc5e294bbb8b\mshtml.dll
[7] 2013-01-08 . 49928B5D30C5924BB3A385204030C7B9 . 6031872 . . [8.00.7600.17209] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17209_none_94a15da6e6f8de89\mshtml.dll
[7] 2013-01-08 . 3F9AE52FA4C469FBDE42CF0A386CDCC9 . 6032384 . . [8.00.7600.21419] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21419_none_95202c6c001e976b\mshtml.dll
[7] 2012-12-20 . E58E0407AEC39A3F236964AAA978B9F7 . 6030848 . . [8.00.7601.22199] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22199_none_96b0082bfd85e5b8\mshtml.dll
[7] 2012-12-20 . BB2AFAA76FCB29CF9293E27D2C6F6176 . 6030336 . . [8.00.7601.18035] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18035_none_966349c0e43b38ec\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll
.
[7] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[7] 2011-12-16 . F8A61B2E713309B4616D107919BDAB6E . 690688 . . [7.0.7600.16930] .. c:\windows\SysWOW64\msvcrt.dll
[7] 2011-12-16 . F8A61B2E713309B4616D107919BDAB6E . 690688 . . [7.0.7600.16930] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2011-12-16 . 10142C1975202A767C0EDB3BC066FD88 . 690688 . . [7.0.7600.21108] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
[7] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll
.
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[7] 2013-02-24 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[7] 2013-02-24 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll
[7] 2012-12-20 . 6F5EF9687B17FACD529C8EEC61791A01 . 982528 . . [8.00.7600.21406] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21406_none_1d5a96859304930e\wininet.dll
[7] 2012-12-20 . ED5F1E888F7D75EE5C8590A155423720 . 982016 . . [8.00.7601.22199] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22199_none_1ee2a33790714951\wininet.dll
[7] 2012-12-20 . 6EE6F7BFF92590051ACFA519AEE8ACE5 . 981504 . . [8.00.7600.17197] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17197_none_1c70a6ec7a2f0dc6\wininet.dll
[7] 2012-12-20 . 6554DA6A01F14B3F017161879C8DB9BC . 981504 . . [8.00.7601.18035] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18035_none_1e95e4cc77269c85\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
[7] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[7] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll
[7] 2010-06-29 . 40E6BF57F6A923038B94C07387118089 . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll
[7] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
.
[7] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] .. c:\windows\SysWOW64\usp10.dll
[7] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_3379f9236aff5f84\shsvcs.dll
.
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
.
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2013-01-05 . 4FC77400373F727993B96CD2AD5C94CC . 3957608 . . [6.1.7600.17207] .. c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-01-05 . 4FC77400373F727993B96CD2AD5C94CC . 3957608 . . [6.1.7600.17207] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntkrnlpa.exe
[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 . 291E9950A38F49A5C0BBC097C6D1A07D . 3970920 . . [6.1.7600.21417] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntkrnlpa.exe
[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-04-02 . 9D19079820928D72A5708A668B5B62AE . 3958128 . . [6.1.7600.16988] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe
[7] 2012-03-31 . C6D1D128DE4148E35B6C04B6892EB71A . 3970928 . . [6.1.7600.21179] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] .. c:\windows\SysWOW64\d3d9.dll
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2013-02-24 . 698EB1E5F8C66344D97C00B5699E871D . 757280 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[7] 2012-12-20 . 45C1FCF818565D44531007526CDEF7EF . 672832 . . [8.00.7600.21406] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21406_none_1a9b45378bb57c2d\iexplore.exe
[7] 2012-12-20 . D1F65F76FA03619706C43CBEF9C1EEC3 . 672832 . . [8.00.7600.17197] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17197_none_19b1559e72dff6e5\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
.
.
[7] 2013-01-05 . B089270BACB16B8A1F0FDE1529DBFE65 . 3902312 . . [6.1.7600.17207] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2013-01-05 . B089270BACB16B8A1F0FDE1529DBFE65 . 3902312 . . [6.1.7600.17207] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntoskrnl.exe
[7] 2013-01-05 . 82FF919E9236B0137B5C7455B0E1418A . 3913064 . . [6.1.7601.18044] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe
[7] 2013-01-05 . D93B06F0419392A2BEA3DDCFFB78FF37 . 3915112 . . [6.1.7600.21417] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntoskrnl.exe
[7] 2013-01-05 . 2E083C7D9CA98B63FA8F8062874E9327 . 3916648 . . [6.1.7601.22210] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe
[7] 2012-04-02 . 678AD0F9DB55F9127851CD631456F483 . 3902320 . . [6.1.7600.16988] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntoskrnl.exe
[7] 2012-03-31 . D909EAFA618BC9DB2615303DA3D9C830 . 3915632 . . [6.1.7600.21179] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntoskrnl.exe
[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2010-10-27 . 776201760B5692F10DDA3BE85B54F213 . 3901824 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[7] 2010-10-27 . C6169F5FDC8399E0C6C0729AB6EF2EF8 . 3911552 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[7] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Mayank\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
.
c:\users\Mayank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mayank\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2013-1-29 395616]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928]
R3 Generalusbserialser20679;Legacy Serial Communication 20679;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [2012-09-07 124160]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-26 160880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-01-24 2074256]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R4 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [2012-09-25 405504]
S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [2011-09-05 205512]
S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys [2011-09-05 19568]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
S2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [2011-09-05 116032]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-20 27760]
S3 ALSysIO;ALSysIO;c:\users\Mayank\AppData\Local\Temp\ALSysIO64.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 18:17    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 18:31]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 18:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Mayank\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=216.213.46.40:57119
IE: Add to Evernote 4 - c:\program files (x86)\Evernote\Evernote\IE8Clipper\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Mayank\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Mayank\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C3323EB8-8E21-46B6-8ED6-D89A7048F622}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\
FF - prefs.js: browser.search.selectedEngine - Google (Not Personalized)
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-24 02:57; support@lastpass.com; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-02-25 14:08; firebug@software.joehewitt.com; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-02-25 14:16; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-02-25 19:24; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2013-02-25 19:24; {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi
FF - ExtSQL: 2013-02-25 19:24; {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
FF - ExtSQL: 2013-02-25 19:24; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-02-25 20:07; {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
FF - ExtSQL: 2013-03-01 12:08; isreaditlater@ideashower.com; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\isreaditlater@ideashower.com.xpi
FF - ExtSQL: 2013-03-16 23:17; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
FF - ExtSQL: 2013-03-16 23:17; cryptocat@crypto.cat; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\cryptocat@crypto.cat.xpi
FF - ExtSQL: 2013-03-18 02:15; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-03-18 02:15; resizeit@sonej; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\resizeit@sonej.xpi
FF - ExtSQL: 2013-03-28 02:22; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Mayank\AppData\Roaming\Mozilla\Firefox\Profiles\7iiyvg8r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-18  22:48:30
ComboFix-quarantined-files.txt  2013-04-18 17:18
.
Pre-Run: 131,429,470,208 bytes free
Post-Run: 131,418,726,400 bytes free
.
- - End Of File - - AF1F64258443C223AD8FCF04464A3BBD
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 24 April 2013 - 12:07 PM

The log is clean.

The file was replaced on the first ComboFix run.

Any issues left with this computer?

#14 Mgoyal

Mgoyal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 24 April 2013 - 01:26 PM

Awesome, thanks! :)

Could I donate to you for the help provided?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,913 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:40 AM

Posted 25 April 2013 - 07:13 AM

My services are free. Thank you for the offer.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users