Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Threat on hidclass.sys driver


  • This topic is locked This topic is locked
16 replies to this topic

#1 nicus_pacus

nicus_pacus

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 24 September 2013 - 04:52 AM

Hello,

 

Could you please help me to solve a problem with my computer?

 

I had a scan on my computer with the AVG Antivirus and I found some malware on this file:

 

C:/windows/system32/drivers/ hidclass.sys

 

The results of my scan are very similar to these:

 

http://www.bleepingcomputer.com/forums/t/490536/possibly-infected-by-rootkits-please-help/

 

 

So, I followed the instructions of this forum and made a scanning with Combofix. I have the notepad file with the scan results. Do I have to send it to you?

 

Please help!

Thank you.

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 24 September 2013 - 04:55 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 24 September 2013 - 07:56 AM

Hello, thank you very much for your reply.

My first language isn't english either, I am from Greece. So don't worry!

I did as you told me and here are the content of the .txt files:

 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.25.2
Run by nikos_pakos at 15:30:38 on 2013-09-24
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1253.30.1033.18.3066.2189 [GMT 3:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=119529&babsrc=HP_ss_din2g&mntrId=DC0A00215D2FF57C
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D13EC607-E656-4177-B8B6-A8010A4427BC} : DHCPNameServer = 192.168.10.254
TCP: Interfaces\{F7BD224D-7D09-4432-9D00-E88D91612E0C} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nikos_pakos\appdata\roaming\mozilla\firefox\profiles\0e769fxn.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\nikos_pakos\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=dc0ad6c600000000000000215d2ff57c&q=
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=5f97ddbe&tbp=tab&u=dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=dc0ad6c600000000000000215d2ff57c&q=
FF - user.js: extensions.spamfreesearch.id - dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15747
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.91:33:11
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 5f97ddbe
FF - user.js: extensions.spamfreesearch.dfltLng -
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15874
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.517:48:27
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119529
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2012-7-20 13312]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2012-7-20 242048]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
.
=============== Created Last 30 ================
.
2013-09-24 09:21:24    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-09-24 09:21:20    --------    d-----w-    c:\users\nikos_pakos\appdata\local\temp
2013-09-24 09:08:40    98816    ----a-w-    c:\windows\sed.exe
2013-09-24 09:08:40    256000    ----a-w-    c:\windows\PEV.exe
2013-09-24 09:08:40    208896    ----a-w-    c:\windows\MBR.exe
2013-09-24 09:08:37    --------    d-----w-    C:\ComboFix
2013-09-23 14:53:20    --------    d-----w-    c:\users\nikos_pakos\Darkthrone - A Blaze In The Northern Sky (1992) (2012 Reissue)
2013-09-22 16:25:08    --------    d-----w-    c:\users\nikos_pakos\appdata\roaming\Unity
2013-09-21 10:58:03    --------    d-----w-    c:\users\nikos_pakos\Deafheaven - Sunbather (2013) (320)
2013-09-21 07:39:55    --------    d-----w-    c:\users\nikos_pakos\Michael Hedges - 1985 - Aerial Boundaries - newage
2013-09-19 14:19:49    --------    d-----w-    c:\users\nikos_pakos\New Order - Technique (Remastered) [2008] - Electronic [www.torrentazos.com]
2013-09-19 13:00:48    --------    d-----w-    c:\programdata\Magenta
2013-09-17 18:46:12    --------    d-----w-    c:\users\nikos_pakos\Suicide - 1st album [1977]
2013-09-16 19:20:17    --------    d-----w-    c:\users\nikos_pakos\Home (Deluxe Edition)
2013-09-10 11:11:53    --------    d-----w-    c:\users\nikos_pakos\Tr?d, Gr?s & Stenar - Trees, Grass & Stones
2013-09-09 22:34:48    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 12:23:44    --------    d-----w-    c:\users\nikos_pakos\Stars Of The Lid
2013-09-09 12:15:06    --------    d-----w-    c:\users\nikos_pakos\Cocteau Twins - The Complete Discography and More
2013-09-08 09:46:26    --------    d-----w-    c:\users\nikos_pakos\Les.Revenants.S01
2013-09-05 10:05:28    --------    d-----w-    c:\users\nikos_pakos\Stalker (1979) Andrei Tarkovsky
2013-09-04 22:43:42    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 20:10:03    --------    d-----w-    c:\users\nikos_pakos\appdata\local\Apple Computer
2013-09-03 18:47:18    --------    d-----w-    c:\users\nikos_pakos\breaking bad
2013-09-03 13:53:52    187248    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-16 08:04:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 08:04:06    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-19 22:51:00    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-19 22:50:56    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-19 22:50:56    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 22:50:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-06-29 18:18:36    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 18:18:32    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-06-29 18:18:32    789416    ----a-w-    c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:31:19,92 ===============
 

 

 

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/7/2012 10:37:25 πμ
System Uptime: 24/9/2013 3:09:38 μμ (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | R510/P510                  
Processor: Intel® Core™2 Duo CPU     P8400  @ 2.26GHz | U2E1 | 2266/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 98,34 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 270 GiB total, 66,984 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_2118144D&REV_1002\4&3B63EDCD&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_2118144D&REV_1002\4&3B63EDCD&0&0101
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Λογισμικό Intel® PROSet/Wireless WiFi
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.8)
Apple Application Support
Apple Software Update
Audacity 2.0.2
AVG 2013
CCleaner
Cool Edit Pro 2.1
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink Power2Go
Dropbox
Easy Battery Manager
Easy Display Manager
Easy Network Manager 3.0
Easy SpeedUp Manager
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
imagine digital freedom - Samsung
Intel PROSet Wireless
Intel® Matrix Storage Manager
Java 7 Update 25
Java Auto Updater
LabelPrint
LAME v3.99.3 (for Windows)
LightScribe System Software  1.12.37.1
Malwarebytes Anti-Malware έκδοση 1.70.0.1100
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Silverlight
Microsoft SOAP Toolkit 2.0 SP2
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
NVIDIA Drivers
PlayCamera
PowerDirector
PowerDVD
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Update Plus
SHOUTcast Source DSP Plug-in v2
Skype Click to Call
Skype™ 6.6
Synaptics Pointing Device Driver
Text-To-Speech-Runtime
The KMPlayer (remove only)
Unity Web Player
Vimicro UVC Camera
Virtual DJ Pro Full - Atomix Productions
VirtualDJ PRO Full
WIDCOMM Bluetooth Software 6.0.1.6300
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
.
==== End Of File ===========================
 

ark.txt

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-24 15:46:58
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: yyufeby9.exe; Driver: C:\Users\NIKOS_~1\AppData\Local\Temp\awloypow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwNotifyChangeKey [0x8FF6A5D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwNotifyChangeMultipleKeys [0x8FF6A700]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwOpenProcess [0x8FF6A010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwSuspendProcess [0x8FF6A300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwSuspendThread [0x8FF6A3E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwTerminateProcess [0x8FF6A120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwTerminateThread [0x8FF6A210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                     ZwWriteVirtualMemory [0x8FF6A4D0]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          avgtdix.sys

Device          \Driver\BTHUSB \Device\00000071                                                                  bthport.sys

AttachedDevice  \Driver\tdx \Device\Udp                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        avgtdix.sys

Device          \Driver\BTHUSB \Device\0000006f                                                                  bthport.sys

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                                                                               [4] 83E4AC10                             

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269db55a4                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269db55a4@58c38b1b6f12         0xD6 0x8C 0x1F 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269db55a4 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269db55a4@58c38b1b6f12             0xD6 0x8C 0x1F 0xE2 ...

---- EOF - GMER 2.1 ----
 

 

I'am waiting for your reply and instructions.

Nikos



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 24 September 2013 - 08:07 AM

I see you already ran combofix - please post the content of C:\combofix.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 24 September 2013 - 08:22 AM

The content of the "ComboFix.txt":

 

 

ComboFix 13-09-24.01 - nikos_pakos 24/09/2013  12:10:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1253.30.1033.18.3066.1839 [GMT 3:00]
Running from: c:\users\nikos_pakos\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-24 to 2013-09-24  )))))))))))))))))))))))))))))))
.
.
2013-09-24 09:15 . 2013-09-24 09:15    --------    d-----w-    c:\users\nikos_pakos\AppData\Local\temp
2013-09-24 09:15 . 2013-09-24 09:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-23 14:53 . 2013-09-23 15:11    --------    d-----w-    c:\users\nikos_pakos\Darkthrone - A Blaze In The Northern Sky (1992) (2012 Reissue)
2013-09-22 16:25 . 2013-09-22 16:25    --------    d-----w-    c:\users\nikos_pakos\AppData\Roaming\Unity
2013-09-21 10:58 . 2013-09-21 10:58    --------    d-----w-    c:\users\nikos_pakos\Deafheaven - Sunbather (2013) (320)
2013-09-21 07:39 . 2013-09-21 07:45    --------    d-----w-    c:\users\nikos_pakos\Michael Hedges - 1985 - Aerial Boundaries - newage
2013-09-19 14:19 . 2013-09-19 14:21    --------    d-----w-    c:\users\nikos_pakos\New Order - Technique (Remastered) [2008] - Electronic [www.torrentazos.com]
2013-09-19 13:00 . 2013-09-19 13:01    --------    d-----w-    c:\programdata\Magenta
2013-09-17 18:46 . 2013-09-17 18:50    --------    d-----w-    c:\users\nikos_pakos\Suicide - 1st album [1977]
2013-09-16 19:20 . 2013-09-16 19:20    --------    d-----w-    c:\users\nikos_pakos\Home (Deluxe Edition)
2013-09-10 11:11 . 2013-09-10 11:12    --------    d-----w- & Stenar - Trees, Grass & Stones    c:\users\NIKOS_~1\TRD_GR~1
2013-09-09 22:34 . 2013-09-09 22:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 12:23 . 2013-09-09 12:26    --------    d-----w-    c:\users\nikos_pakos\Stars Of The Lid
2013-09-09 12:15 . 2013-09-10 14:03    --------    d-----w-    c:\users\nikos_pakos\Cocteau Twins - The Complete Discography and More
2013-09-08 09:46 . 2013-09-22 08:48    --------    d-----w-    c:\users\nikos_pakos\Les.Revenants.S01
2013-09-05 10:05 . 2013-09-05 10:07    --------    d-----w-    c:\users\nikos_pakos\Stalker (1979) Andrei Tarkovsky
2013-09-04 22:43 . 2013-09-04 22:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 20:10 . 2013-09-03 20:10    --------    d-----w-    c:\users\nikos_pakos\AppData\Local\Apple Computer
2013-09-03 18:47 . 2013-09-19 18:35    --------    d-----w-    c:\users\nikos_pakos\breaking bad
2013-09-03 13:53 . 2013-09-03 13:53    187248    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 08:04 . 2012-07-20 14:00    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 08:04 . 2012-07-20 14:00    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-19 22:51 . 2013-07-19 22:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-19 22:50 . 2013-07-19 22:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-19 22:50 . 2013-07-19 22:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 22:50 . 2013-07-19 22:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-06-30 22:45 . 2013-06-30 22:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-06-29 18:18 . 2013-06-29 18:18    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 18:18 . 2012-12-19 11:44    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-29 18:18 . 2012-12-19 11:44    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys
[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys
.
[-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys
[-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
.
[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys
[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys
.
[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll
.
[-] 2009-09-10 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[-] 2009-09-10 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[-] 2009-09-09 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[-] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[-] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[-] 2009-06-15 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[-] 2009-06-15 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[-] 2009-06-15 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[-] 2009-02-13 . F4C62B07E5BF96F1FDCA9DB393ECED22 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[-] 2009-02-13 . 59DE082968FDD257FFF0D209B9A5B460 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[-] 2009-02-13 . AFF8A58280863629CA4FFA9E0B259F1E . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[-] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[-] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
.
[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll
.
[-] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll
[-] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll
.
[-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll
[-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
.
[-] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[-] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[-] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[-] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[-] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[-] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
.
[-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
.
[-] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[-] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[-] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[-] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[-] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
[-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
.
[-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe
[-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
.
[-] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\System32\wuauclt.exe
[-] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
[-] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
.
[-] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\System32\drivers\tdx.sys
[-] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
[-] 2010-09-02 . 542A806C74798410ADA0623B9E745C38 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.22480_none_3bb5b9b7ee7c46da\comctl32.dll
[-] 2010-09-02 . 2429BBFFCE9EDB193232DE902F88C688 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.22480_none_45f1fca2222ab96c\comctl32.dll
[-] 2010-09-02 . 63A65EA959BD32B01F02E847CB16C63D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.22480_none_8ada5c8366e90385\comctl32.dll
[-] 2010-09-01 . FFBE05ED8338B17940DEA55FA6BC6F03 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.22755_none_39f4b905f1391c96\comctl32.dll
[-] 2010-09-01 . 168B034C75B85AFD667AC8D0C9003312 . 1685504 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.22755_none_4612924c21dcda90\comctl32.dll
[-] 2010-09-01 . 640C4514157B3C6FE1E05B135FCB95B4 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.22755_none_8a5499024dc7b801\comctl32.dll
[-] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.18305_none_3b879dbed519463b\comctl32.dll
[-] 2010-08-31 . BE3C082837866C4C291ADAF163C10EA6 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
[-] 2010-08-31 . 35ACD5EA63D75E97DD0E9A1629E582B2 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
[-] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll
[-] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18523_none_39898984d804f924\comctl32.dll
[-] 2010-08-31 . D702B4E30B31BFCAB7BD4E5965C1A5DC . 1684480 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
[-] 2010-08-31 . E402A6E79D1E4DBFEBA8B364C67A3158 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\comctl32.dll
[-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll
[-] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll
[-] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
[-] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
[-] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
.
[-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
.
[-] 2008-04-19 . 131B7E46A7ACD49CB56BB03917A76DE3 . 268800 . . [2001.12.6930.20818] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[-] 2008-04-19 . 7B4971C3D43525175A4EA0D143E0412E . 268800 . . [2001.12.6930.16677] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[-] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\System32\es.dll
[-] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[-] 2008-04-18 . 776D75AF432C598068CC933C7421171B . 269312 . . [2001.12.6931.22162] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[-] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
.
[-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\System32\imm32.dll
[-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
.
[-] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6002.18449] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[-] 2011-04-12 . 7062DEB220FA1CCB1B65FC40D6E7D807 . 893440 . . [6.0.6002.22625] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[-] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll
[-] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[-] 2011-04-12 . 497A2DA8181560B3E2F8FFE0092FD1E6 . 892928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[-] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[-] 2009-02-13 . 1987D817D08F5EAF0B7F334026FDDB79 . 890880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[-] 2009-02-13 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16820] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[-] 2009-02-13 . BB792054BD990EC05D9E260D50FEAD39 . 875520 . . [6.0.6000.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[-] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
.
[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll
.
[-] 2011-02-16 . 08F5BC2DC64C4D97931A28058F238D80 . 23552 . . [6.0.6002.22589] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22589_none_abf5b7af710301e2\lpk.dll
[-] 2011-02-16 . 0F1AF051D2B58411341B70360852AA36 . 23552 . . [6.0.6001.22854] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22854_none_aa2ab41973c8da38\lpk.dll
[-] 2009-10-19 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[-] 2009-10-19 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[-] 2009-10-19 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[-] 2009-10-19 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\System32\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18599_none_a97ad5445ac72e97\lpk.dll
.
[-] 2011-04-21 . C062788870AF39AFBC3B5645E1381559 . 3610112 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18457_none_14fa84381f71f967\mshtml.dll
[-] 2011-04-21 . 78484C24A46297C628115F6D0E4D0A17 . 3611136 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22629_none_15a6934138757533\mshtml.dll
[-] 2011-04-21 . D6C2CEACB1EE184EA0C1D6BD594B398F . 3593728 . . [7.00.6000.16386] . . c:\windows\System32\mshtml.dll
[-] 2011-04-21 . D6C2CEACB1EE184EA0C1D6BD594B398F . 3593728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18639_none_132bb0d62239a1e8\mshtml.dll
[-] 2011-04-21 . 8E33539FB60AA8C146CFC9BB0565880D . 3595264 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22905_none_13d1c0093b4282d1\mshtml.dll
[-] 2008-02-22 . 9C4091CD321D6D8BCF9842F109EE574B . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
[-] 2008-02-22 . ED2588D1864319C54E79443130A8004B . 3593728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
[-] 2008-02-22 . 977C356E655F357665310C0C95D0DBD4 . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
[-] 2008-02-21 . 3AE6072A86AD8049DD133DB40F73F0C8 . 3591680 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
[-] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll
.
[-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\System32\msvcrt.dll
[-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
.
[-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
[-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
.
[-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
[-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
.
[-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll
[-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
.
[-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
.
[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
.
[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
.
[-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll
[-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll
.
[-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll
[-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
.
[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
[-] 2011-04-21 . 17413EF7D95632D892B4C914CD7E66F9 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18457_none_03a065199f1b9031\wininet.dll
[-] 2011-04-21 . 3790936B00FBA6EC2053C3E81B42AFCE . 842240 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22629_none_044c7422b81f0bfd\wininet.dll
[-] 2011-04-21 . DA5A72211661C7F162B332FEA4F09A69 . 833024 . . [7.00.6000.16386] . . c:\windows\System32\wininet.dll
[-] 2011-04-21 . DA5A72211661C7F162B332FEA4F09A69 . 833024 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18639_none_01d191b7a1e338b2\wininet.dll
[-] 2011-04-21 . D53D34CA16BE45211F7A13532D181A1A . 841728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22905_none_0277a0eabaec199b\wininet.dll
[-] 2008-02-22 . 482BCCBF1FCBB3378100FF97081438C1 . 826880 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
[-] 2008-02-22 . 4E962B645608E6EDB7D31B75921D07FA . 826880 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
[-] 2008-02-22 . F7FF1E0D443788D6AE4CBCA593530099 . 827392 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
[-] 2008-02-21 . DAEED2799D4D19F955C3E90B22A1E91E . 826368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
[-] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
.
[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
.
[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll
[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll
.
[-] 2008-10-30 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[-] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[-] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[-] 2008-10-29 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[-] 2008-10-28 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[-] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
.
[-] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe
[-] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
.
[-] 2010-06-28 . 7C6F74A11FCF5745B36CB8085B7DE3FB . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_ae70528d08aae434\ole32.dll
[-] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63\ole32.dll
[-] 2010-06-28 . 64A319477AF21806B8A17E8A3A3FF8BC . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_ac91afb30b7f271a\ole32.dll
[-] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll
[-] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_abc461f7f2931b51\ole32.dll
[-] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
.
[-] 2010-04-16 . E609A492AD596187CEA24E8418FF082F . 502784 . . [1.0626.6002.22384] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
[-] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
[-] 2010-04-16 . 8CB1162DD3586683D71BCB303C1FF54F . 502272 . . [1.0626.6001.22672] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
[-] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\System32\usp10.dll
[-] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
[-] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
.
[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll
[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
.
[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
.
[-] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
[-] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
[-] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
[-] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
[-] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
[-] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
[-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\msimg32.dll
[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.0.6000.16386_none_7535161f1f2100ed\msimg32.dll
.
[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
.
[-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
[-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll
.
[-] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
[-] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll
[-] 2010-11-05 . 4B71C228530440F853F9C30E308F00E9 . 604672 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll
[-] 2010-11-05 . 38AE0400578FD396628F21A571473A3B . 602112 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll
[-] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll
[-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll
[-] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[-] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
.
[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll
.
[-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll
[-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
.
[-] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll
[-] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll
.
[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll
.
[-] 2010-08-31 16:49 . 5E9F187AC6BADB58C21C4E3A18DD1F62 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.22478_none_f53f7ef86c05abb0\mfc40u.dll
[-] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.18305_none_f4fe90c352b1fc4a\mfc40u.dll
[-] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[-] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.18523_none_f3007c89559daf33\mfc40u.dll
[-] 2010-08-31 15:17 . 1C1486BB262DF6DFD298110BC495906E . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.22754_none_f36aabc06ed2b94e\mfc40u.dll
[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
.
[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll
.
[-] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
[-] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\dsound.dll
.
[-] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\System32\d3d9.dll
[-] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll
.
[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
.
[-] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\System32\olepro32.dll
[-] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
.
[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll
[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
.
[-] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\System32\version.dll
[-] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version.dll
.
[-] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\System32\w32time.dll
[-] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\w32time.dll
.
[-] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[-] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
.
[-] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll
[-] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\midimap.dll
.
[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll
[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
.
[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\System32\WSHTCPIP.DLL
[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\nikos_pakos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\nikos_pakos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\nikos_pakos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^nikos_pakos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\nikos_pakos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 17:55    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 18:01    71216    ------w-    c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 06:58    19875432    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40    74752    ----a-w-    c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 14:56    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=119529&babsrc=HP_ss_din2g&mntrId=DC0A00215D2FF57C
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=dc0ad6c600000000000000215d2ff57c&q=
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=5f97ddbe&tbp=tab&u=dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=dc0ad6c600000000000000215d2ff57c&q=
FF - user.js: extensions.spamfreesearch.id - dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15747
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.91:33
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 5f97ddbe
FF - user.js: extensions.spamfreesearch.dfltLng -
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15874
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.517:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119529
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-24 12:15
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-09-24  12:21:18
ComboFix-quarantined-files.txt  2013-09-24 09:21
.
Pre-Run: 105.414.889.472 bytes free
Post-Run: 105.392.795.648 bytes free
.
- - End Of File - - F1DBD3127AF791C1F5F955C319933AC3
5C616939100B85E558DA92B899A0FC36



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 24 September 2013 - 08:24 AM

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Edited by TB-Psychotic, 24 September 2013 - 08:24 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 24 September 2013 - 08:58 AM

aswMBR.txt

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-24 16:36:55
-----------------------------
16:36:55.368    OS Version: Windows 6.0.6001 Service Pack 1
16:36:55.368    Number of processors: 2 586 0x1706
16:36:55.369    ComputerName: RAKENDITON  UserName:
16:36:57.185    Initialize success
16:39:07.283    AVAST engine defs: 13092400
16:42:39.057    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:42:39.057    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:42:39.307    Disk 0 MBR read successfully
16:42:39.307    Disk 0 MBR scan
16:42:39.323    Disk 0 Windows VISTA default MBR code
16:42:39.338    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       199996 MB offset 63
16:42:39.354    Disk 0 Partition - 00     0F Extended LBA            276932 MB offset 409593240
16:42:39.385    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       276932 MB offset 409593303
16:42:39.401    Disk 0 scanning sectors +976752000
16:42:39.588    Disk 0 scanning C:\Windows\system32\drivers
16:42:57.419    Service scanning
16:43:19.617    Modules scanning
16:43:31.115    Disk 0 trace - called modules:
16:43:31.661    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:43:31.676    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e26ac8]
16:43:31.676    3 CLASSPNP.SYS[8a59d745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84c0c028]
16:43:33.096    AVAST engine scan C:\Windows
16:43:48.821    AVAST engine scan C:\Windows\system32
16:49:41.661    AVAST engine scan C:\Windows\system32\drivers
16:50:20.599    AVAST engine scan C:\Users\nikos_pakos
16:52:46.194    Disk 0 MBR has been saved successfully to "C:\Users\nikos_pakos\Desktop\MBR.dat"
16:52:46.209    The log file has been saved successfully to "C:\Users\nikos_pakos\Desktop\aswMBR.txt"

 

tdssKiller

 

16:53:38.0997 5836  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:53:39.0461 5836  ============================================================
16:53:39.0461 5836  Current date / time: 2013/09/24 16:53:39.0461
16:53:39.0461 5836  SystemInfo:
16:53:39.0461 5836  
16:53:39.0461 5836  OS Version: 6.0.6001 ServicePack: 1.0
16:53:39.0461 5836  Product type: Workstation
16:53:39.0462 5836  ComputerName: RAKENDITON
16:53:39.0462 5836  UserName: nikos_pakos
16:53:39.0462 5836  Windows directory: C:\Windows
16:53:39.0462 5836  System windows directory: C:\Windows
16:53:39.0462 5836  Processor architecture: Intel x86
16:53:39.0462 5836  Number of processors: 2
16:53:39.0462 5836  Page size: 0x1000
16:53:39.0462 5836  Boot type: Normal boot
16:53:39.0462 5836  ============================================================
16:53:39.0914 5836  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:53:39.0916 5836  ============================================================
16:53:39.0916 5836  \Device\Harddisk0\DR0:
16:53:39.0917 5836  MBR partitions:
16:53:39.0917 5836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
16:53:39.0936 5836  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x21CE27A9
16:53:39.0936 5836  ============================================================
16:53:39.0969 5836  C: <-> \Device\Harddisk0\DR0\Partition1
16:53:40.0025 5836  E: <-> \Device\Harddisk0\DR0\Partition2
16:53:40.0025 5836  ============================================================
16:53:40.0025 5836  Initialize success
16:53:40.0025 5836  ============================================================
16:53:52.0680 1988  ============================================================
16:53:52.0680 1988  Scan started
16:53:52.0680 1988  Mode: Manual;
16:53:52.0680 1988  ============================================================
16:53:53.0052 1988  ================ Scan system memory ========================
16:53:53.0052 1988  System memory - ok
16:53:53.0052 1988  ================ Scan services =============================
16:53:53.0304 1988  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:53:53.0306 1988  ACPI - ok
16:53:53.0395 1988  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:53.0396 1988  AdobeARMservice - ok
16:53:53.0438 1988  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:53:53.0443 1988  adp94xx - ok
16:53:53.0460 1988  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:53:53.0464 1988  adpahci - ok
16:53:53.0484 1988  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:53:53.0485 1988  adpu160m - ok
16:53:53.0505 1988  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:53:53.0507 1988  adpu320 - ok
16:53:53.0542 1988  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:53:53.0543 1988  AeLookupSvc - ok
16:53:53.0584 1988  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
16:53:53.0587 1988  AFD - ok
16:53:53.0595 1988  AgereSoftModem - ok
16:53:53.0628 1988  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:53:53.0630 1988  agp440 - ok
16:53:53.0667 1988  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:53:53.0668 1988  aic78xx - ok
16:53:53.0690 1988  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:53:53.0691 1988  ALG - ok
16:53:53.0702 1988  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:53:53.0704 1988  aliide - ok
16:53:53.0716 1988  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:53:53.0717 1988  amdagp - ok
16:53:53.0727 1988  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:53:53.0729 1988  amdide - ok
16:53:53.0750 1988  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:53:53.0752 1988  AmdK7 - ok
16:53:53.0778 1988  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:53:53.0779 1988  AmdK8 - ok
16:53:53.0820 1988  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:53:53.0822 1988  Appinfo - ok
16:53:53.0857 1988  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
16:53:53.0859 1988  arc - ok
16:53:53.0892 1988  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:53:53.0893 1988  arcsas - ok
16:53:53.0937 1988  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:53.0938 1988  AsyncMac - ok
16:53:53.0948 1988  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:53:53.0949 1988  atapi - ok
16:53:53.0971 1988  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:53:53.0974 1988  AudioEndpointBuilder - ok
16:53:53.0982 1988  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:53:53.0985 1988  Audiosrv - ok
16:53:54.0166 1988  [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
16:53:54.0288 1988  AVGIDSAgent - ok
16:53:54.0343 1988  [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
16:53:54.0345 1988  AVGIDSDriver - ok
16:53:54.0399 1988  [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
16:53:54.0401 1988  AVGIDSHX - ok
16:53:54.0439 1988  [ 2717EBC35166B8793DBFFB4390B8F2E7 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
16:53:54.0440 1988  AVGIDSShim - ok
16:53:54.0487 1988  [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
16:53:54.0490 1988  Avgldx86 - ok
16:53:54.0529 1988  [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
16:53:54.0531 1988  Avglogx - ok
16:53:54.0552 1988  [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
16:53:54.0554 1988  Avgmfx86 - ok
16:53:54.0575 1988  [ CBCE8ED318DB8EA431F9D25AC9B7FF41 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
16:53:54.0577 1988  Avgrkx86 - ok
16:53:54.0605 1988  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
16:53:54.0608 1988  Avgtdix - ok
16:53:54.0633 1988  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
16:53:54.0636 1988  avgwd - ok
16:53:54.0685 1988  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:53:54.0686 1988  Beep - ok
16:53:54.0726 1988  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
16:53:54.0732 1988  BFE - ok
16:53:54.0801 1988  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\system32\qmgr.dll
16:53:54.0809 1988  BITS - ok
16:53:54.0820 1988  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:53:54.0822 1988  blbdrive - ok
16:53:54.0842 1988  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:53:54.0844 1988  bowser - ok
16:53:54.0856 1988  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:53:54.0857 1988  BrFiltLo - ok
16:53:54.0876 1988  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:53:54.0877 1988  BrFiltUp - ok
16:53:54.0898 1988  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:53:54.0900 1988  Browser - ok
16:53:54.0925 1988  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:53:54.0927 1988  Brserid - ok
16:53:54.0947 1988  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:53:54.0949 1988  BrSerWdm - ok
16:53:54.0972 1988  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:53:54.0973 1988  BrUsbMdm - ok
16:53:54.0983 1988  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:53:54.0985 1988  BrUsbSer - ok
16:53:55.0017 1988  [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:53:55.0018 1988  BthEnum - ok
16:53:55.0069 1988  [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:55.0070 1988  BTHMODEM - ok
16:53:55.0110 1988  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:53:55.0111 1988  BthPan - ok
16:53:55.0143 1988  [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:53:55.0146 1988  BTHPORT - ok
16:53:55.0177 1988  [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ         C:\Windows\System32\bthserv.dll
16:53:55.0179 1988  BthServ - ok
16:53:55.0194 1988  [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:53:55.0195 1988  BTHUSB - ok
16:53:55.0408 1988  catchme - ok
16:53:55.0445 1988  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:53:55.0447 1988  cdfs - ok
16:53:55.0476 1988  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:53:55.0477 1988  cdrom - ok
16:53:55.0511 1988  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
16:53:55.0513 1988  CertPropSvc - ok
16:53:55.0523 1988  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
16:53:55.0524 1988  circlass - ok
16:53:55.0543 1988  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
16:53:55.0547 1988  CLFS - ok
16:53:55.0611 1988  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:55.0614 1988  clr_optimization_v2.0.50727_32 - ok
16:53:55.0680 1988  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:55.0681 1988  CmBatt - ok
16:53:55.0707 1988  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:53:55.0708 1988  cmdide - ok
16:53:55.0727 1988  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:53:55.0728 1988  Compbatt - ok
16:53:55.0734 1988  COMSysApp - ok
16:53:55.0740 1988  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:53:55.0742 1988  crcdisk - ok
16:53:55.0793 1988  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:53:55.0794 1988  Crusoe - ok
16:53:55.0839 1988  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:53:55.0841 1988  CryptSvc - ok
16:53:55.0894 1988  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:53:55.0900 1988  DcomLaunch - ok
16:53:55.0917 1988  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:53:55.0919 1988  DfsC - ok
16:53:55.0996 1988  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
16:53:56.0038 1988  DFSR - ok
16:53:56.0101 1988  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:53:56.0104 1988  Dhcp - ok
16:53:56.0148 1988  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
16:53:56.0149 1988  disk - ok
16:53:56.0181 1988  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:53:56.0184 1988  Dnscache - ok
16:53:56.0195 1988  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:53:56.0198 1988  dot3svc - ok
16:53:56.0210 1988  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:53:56.0212 1988  DPS - ok
16:53:56.0242 1988  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:53:56.0244 1988  drmkaud - ok
16:53:56.0291 1988  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:53:56.0300 1988  DXGKrnl - ok
16:53:56.0339 1988  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:53:56.0341 1988  E1G60 - ok
16:53:56.0386 1988  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:53:56.0388 1988  EapHost - ok
16:53:56.0430 1988  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:53:56.0432 1988  Ecache - ok
16:53:56.0488 1988  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:53:56.0491 1988  ehRecvr - ok
16:53:56.0500 1988  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:53:56.0502 1988  ehSched - ok
16:53:56.0511 1988  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:53:56.0512 1988  ehstart - ok
16:53:56.0534 1988  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:53:56.0540 1988  elxstor - ok
16:53:56.0574 1988  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:53:56.0580 1988  EMDMgmt - ok
16:53:56.0598 1988  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:53:56.0599 1988  ErrDev - ok
16:53:56.0641 1988  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
16:53:56.0644 1988  EventSystem - ok
16:53:56.0719 1988  [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:53:56.0726 1988  EvtEng - ok
16:53:56.0758 1988  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
16:53:56.0760 1988  exfat - ok
16:53:56.0780 1988  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:53:56.0783 1988  fastfat - ok
16:53:56.0816 1988  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:53:56.0817 1988  fdc - ok
16:53:56.0856 1988  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:53:56.0859 1988  fdPHost - ok
16:53:56.0881 1988  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:53:56.0883 1988  FDResPub - ok
16:53:56.0903 1988  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:53:56.0905 1988  FileInfo - ok
16:53:56.0915 1988  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:53:56.0917 1988  Filetrace - ok
16:53:56.0934 1988  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:56.0936 1988  flpydisk - ok
16:53:56.0964 1988  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:53:56.0966 1988  FltMgr - ok
16:53:57.0034 1988  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:57.0037 1988  FontCache3.0.0.0 - ok
16:53:57.0055 1988  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:53:57.0056 1988  Fs_Rec - ok
16:53:57.0080 1988  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:53:57.0082 1988  gagp30kx - ok
16:53:57.0126 1988  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
16:53:57.0132 1988  gpsvc - ok
16:53:57.0169 1988  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:53:57.0171 1988  HdAudAddService - ok
16:53:57.0177 1988  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:53:57.0178 1988  HDAudBus - ok
16:53:57.0203 1988  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:53:57.0204 1988  HidBth - ok
16:53:57.0225 1988  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:53:57.0226 1988  HidIr - ok
16:53:57.0246 1988  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
16:53:57.0248 1988  hidserv - ok
16:53:57.0275 1988  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:53:57.0276 1988  HidUsb - ok
16:53:57.0306 1988  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:53:57.0309 1988  hkmsvc - ok
16:53:57.0333 1988  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:53:57.0335 1988  HpCISSs - ok
16:53:57.0380 1988  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:53:57.0384 1988  HTTP - ok
16:53:57.0397 1988  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:53:57.0399 1988  i2omp - ok
16:53:57.0441 1988  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:53:57.0442 1988  i8042prt - ok
16:53:57.0474 1988  [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:53:57.0477 1988  iaStor - ok
16:53:57.0502 1988  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:53:57.0505 1988  iaStorV - ok
16:53:57.0562 1988  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:57.0583 1988  idsvc - ok
16:53:57.0633 1988  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:53:57.0634 1988  iirsp - ok
16:53:57.0669 1988  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
16:53:57.0676 1988  IKEEXT - ok
16:53:57.0773 1988  [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:53:57.0850 1988  IntcAzAudAddService - ok
16:53:57.0914 1988  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:53:57.0916 1988  intelide - ok
16:53:57.0946 1988  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:53:57.0947 1988  intelppm - ok
16:53:57.0973 1988  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:53:57.0975 1988  IPBusEnum - ok
16:53:58.0004 1988  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:58.0005 1988  IpFilterDriver - ok
16:53:58.0037 1988  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:53:58.0040 1988  iphlpsvc - ok
16:53:58.0045 1988  IpInIp - ok
16:53:58.0068 1988  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:53:58.0070 1988  IPMIDRV - ok
16:53:58.0088 1988  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:53:58.0090 1988  IPNAT - ok
16:53:58.0115 1988  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:53:58.0117 1988  IRENUM - ok
16:53:58.0140 1988  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:53:58.0141 1988  isapnp - ok
16:53:58.0168 1988  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:53:58.0171 1988  iScsiPrt - ok
16:53:58.0189 1988  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:53:58.0190 1988  iteatapi - ok
16:53:58.0219 1988  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:53:58.0221 1988  iteraid - ok
16:53:58.0238 1988  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:58.0240 1988  kbdclass - ok
16:53:58.0258 1988  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:53:58.0259 1988  kbdhid - ok
16:53:58.0296 1988  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
16:53:58.0298 1988  KeyIso - ok
16:53:58.0322 1988  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
16:53:58.0323 1988  KMDFMEMIO - ok
16:53:58.0349 1988  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:53:58.0352 1988  KSecDD - ok
16:53:58.0396 1988  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:53:58.0402 1988  KtmRm - ok
16:53:58.0437 1988  [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:53:58.0440 1988  LanmanServer - ok
16:53:58.0482 1988  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:53:58.0486 1988  LanmanWorkstation - ok
16:53:58.0554 1988  [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:53:58.0555 1988  LightScribeService - ok
16:53:58.0575 1988  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:53:58.0576 1988  lltdio - ok
16:53:58.0600 1988  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:53:58.0605 1988  lltdsvc - ok
16:53:58.0623 1988  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:53:58.0630 1988  lmhosts - ok
16:53:58.0682 1988  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:53:58.0684 1988  LSI_FC - ok
16:53:58.0700 1988  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:53:58.0704 1988  LSI_SAS - ok
16:53:58.0723 1988  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:53:58.0725 1988  LSI_SCSI - ok
16:53:58.0741 1988  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:53:58.0743 1988  luafv - ok
16:53:58.0764 1988  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:53:58.0767 1988  Mcx2Svc - ok
16:53:58.0788 1988  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:53:58.0789 1988  megasas - ok
16:53:58.0816 1988  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:53:58.0826 1988  MegaSR - ok
16:53:58.0927 1988  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:53:58.0929 1988  Microsoft Office Groove Audit Service - ok
16:53:58.0955 1988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:53:58.0957 1988  MMCSS - ok
16:53:58.0972 1988  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:53:58.0974 1988  Modem - ok
16:53:59.0009 1988  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:53:59.0010 1988  monitor - ok
16:53:59.0018 1988  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:53:59.0019 1988  mouclass - ok
16:53:59.0029 1988  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:53:59.0030 1988  mouhid - ok
16:53:59.0042 1988  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:53:59.0043 1988  MountMgr - ok
16:53:59.0086 1988  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:53:59.0088 1988  MozillaMaintenance - ok
16:53:59.0119 1988  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:53:59.0120 1988  mpio - ok
16:53:59.0144 1988  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:53:59.0146 1988  mpsdrv - ok
16:53:59.0170 1988  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:53:59.0177 1988  MpsSvc - ok
16:53:59.0199 1988  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:53:59.0201 1988  Mraid35x - ok
16:53:59.0207 1988  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:53:59.0208 1988  MRxDAV - ok
16:53:59.0250 1988  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:59.0251 1988  mrxsmb - ok
16:53:59.0258 1988  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:59.0262 1988  mrxsmb10 - ok
16:53:59.0267 1988  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:59.0275 1988  mrxsmb20 - ok
16:53:59.0279 1988  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:53:59.0281 1988  msahci - ok
16:53:59.0329 1988  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:53:59.0330 1988  msdsm - ok
16:53:59.0351 1988  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:53:59.0354 1988  MSDTC - ok
16:53:59.0379 1988  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:53:59.0380 1988  Msfs - ok
16:53:59.0394 1988  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:53:59.0395 1988  msisadrv - ok
16:53:59.0431 1988  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:53:59.0434 1988  MSiSCSI - ok
16:53:59.0437 1988  msiserver - ok
16:53:59.0454 1988  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:53:59.0455 1988  MSKSSRV - ok
16:53:59.0490 1988  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:59.0492 1988  MSPCLOCK - ok
16:53:59.0511 1988  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:53:59.0513 1988  MSPQM - ok
16:53:59.0530 1988  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:53:59.0532 1988  MsRPC - ok
16:53:59.0547 1988  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:53:59.0548 1988  mssmbios - ok
16:53:59.0572 1988  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:53:59.0573 1988  MSTEE - ok
16:53:59.0592 1988  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:53:59.0593 1988  Mup - ok
16:53:59.0624 1988  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
16:53:59.0631 1988  napagent - ok
16:53:59.0672 1988  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:53:59.0674 1988  NativeWifiP - ok
16:53:59.0699 1988  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:53:59.0704 1988  NDIS - ok
16:53:59.0766 1988  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:59.0768 1988  NdisTapi - ok
16:53:59.0779 1988  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:59.0780 1988  Ndisuio - ok
16:53:59.0806 1988  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:59.0808 1988  NdisWan - ok
16:53:59.0825 1988  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:53:59.0826 1988  NDProxy - ok
16:53:59.0845 1988  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:53:59.0847 1988  NetBIOS - ok
16:53:59.0866 1988  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:53:59.0868 1988  netbt - ok
16:53:59.0885 1988  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
16:53:59.0887 1988  Netlogon - ok
16:53:59.0918 1988  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:53:59.0922 1988  Netman - ok
16:53:59.0943 1988  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:53:59.0950 1988  netprofm - ok
16:53:59.0974 1988  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:53:59.0976 1988  NetTcpPortSharing - ok
16:54:00.0075 1988  [ 9CA26DCCF0B84A6FF2B54FBB2A94520B ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
16:54:00.0101 1988  NETw5v32 - ok
16:54:00.0149 1988  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:54:00.0151 1988  nfrd960 - ok
16:54:00.0167 1988  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:54:00.0170 1988  NlaSvc - ok
16:54:00.0179 1988  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:54:00.0180 1988  Npfs - ok
16:54:00.0190 1988  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:54:00.0192 1988  nsi - ok
16:54:00.0202 1988  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:54:00.0203 1988  nsiproxy - ok
16:54:00.0241 1988  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:54:00.0255 1988  Ntfs - ok
16:54:00.0278 1988  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:54:00.0279 1988  ntrigdigi - ok
16:54:00.0305 1988  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:54:00.0306 1988  Null - ok
16:54:00.0352 1988  [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
16:54:00.0353 1988  NVHDA - ok
16:54:00.0558 1988  [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:54:00.0722 1988  nvlddmkm - ok
16:54:00.0764 1988  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:54:00.0765 1988  nvraid - ok
16:54:00.0781 1988  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:54:00.0782 1988  nvstor - ok
16:54:00.0804 1988  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:54:00.0806 1988  nv_agp - ok
16:54:00.0810 1988  NwlnkFlt - ok
16:54:00.0814 1988  NwlnkFwd - ok
16:54:00.0921 1988  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:54:00.0929 1988  odserv - ok
16:54:00.0967 1988  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:54:00.0968 1988  ohci1394 - ok
16:54:01.0040 1988  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:54:01.0042 1988  ose - ok
16:54:01.0089 1988  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:54:01.0103 1988  p2pimsvc - ok
16:54:01.0119 1988  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:54:01.0125 1988  p2psvc - ok
16:54:01.0179 1988  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
16:54:01.0183 1988  Parport - ok
16:54:01.0196 1988  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:54:01.0199 1988  partmgr - ok
16:54:01.0257 1988  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:54:01.0259 1988  Parvdm - ok
16:54:01.0286 1988  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:54:01.0292 1988  PcaSvc - ok
16:54:01.0303 1988  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
16:54:01.0307 1988  pci - ok
16:54:01.0365 1988  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
16:54:01.0366 1988  pciide - ok
16:54:01.0397 1988  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:54:01.0400 1988  pcmcia - ok
16:54:01.0439 1988  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:54:01.0461 1988  PEAUTH - ok
16:54:01.0543 1988  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:54:01.0562 1988  pla - ok
16:54:01.0593 1988  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:54:01.0598 1988  PlugPlay - ok
16:54:01.0622 1988  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:54:01.0629 1988  PNRPAutoReg - ok
16:54:01.0657 1988  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:54:01.0664 1988  PNRPsvc - ok
16:54:01.0705 1988  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:54:01.0712 1988  PolicyAgent - ok
16:54:01.0736 1988  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:54:01.0738 1988  PptpMiniport - ok
16:54:01.0760 1988  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
16:54:01.0762 1988  Processor - ok
16:54:01.0783 1988  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:54:01.0786 1988  ProfSvc - ok
16:54:01.0796 1988  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:54:01.0798 1988  ProtectedStorage - ok
16:54:01.0829 1988  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:54:01.0831 1988  PSched - ok
16:54:01.0873 1988  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:54:01.0907 1988  ql2300 - ok
16:54:01.0926 1988  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:54:01.0929 1988  ql40xx - ok
16:54:01.0946 1988  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:54:01.0951 1988  QWAVE - ok
16:54:01.0969 1988  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:54:01.0970 1988  QWAVEdrv - ok
16:54:01.0983 1988  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:54:01.0985 1988  RasAcd - ok
16:54:01.0998 1988  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:54:02.0001 1988  RasAuto - ok
16:54:02.0010 1988  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:02.0012 1988  Rasl2tp - ok
16:54:02.0027 1988  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
16:54:02.0031 1988  RasMan - ok
16:54:02.0046 1988  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:02.0048 1988  RasPppoe - ok
16:54:02.0058 1988  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:54:02.0060 1988  RasSstp - ok
16:54:02.0080 1988  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:54:02.0083 1988  rdbss - ok
16:54:02.0103 1988  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:02.0104 1988  RDPCDD - ok
16:54:02.0130 1988  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:54:02.0133 1988  rdpdr - ok
16:54:02.0138 1988  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:54:02.0140 1988  RDPENCDD - ok
16:54:02.0162 1988  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:54:02.0164 1988  RDPWD - ok
16:54:02.0238 1988  [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:54:02.0242 1988  RegSrvc - ok
16:54:02.0282 1988  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:54:02.0285 1988  RemoteAccess - ok
16:54:02.0315 1988  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:54:02.0319 1988  RemoteRegistry - ok
16:54:02.0336 1988  [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:54:02.0338 1988  RFCOMM - ok
16:54:02.0397 1988  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:54:02.0401 1988  RichVideo - ok
16:54:02.0423 1988  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:54:02.0425 1988  RpcLocator - ok
16:54:02.0449 1988  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
16:54:02.0456 1988  RpcSs - ok
16:54:02.0499 1988  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:54:02.0501 1988  rspndr - ok
16:54:02.0518 1988  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
16:54:02.0520 1988  SamSs - ok
16:54:02.0569 1988  [ A9D840FA78F65857EB554229914F855C ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
16:54:02.0570 1988  Samsung Update Plus - ok
16:54:02.0596 1988  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:54:02.0598 1988  sbp2port - ok
16:54:02.0632 1988  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:54:02.0636 1988  SCardSvr - ok
16:54:02.0678 1988  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
16:54:02.0685 1988  Schedule - ok
16:54:02.0700 1988  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:54:02.0701 1988  SCPolicySvc - ok
16:54:02.0719 1988  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:54:02.0724 1988  SDRSVC - ok
16:54:02.0737 1988  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:54:02.0738 1988  secdrv - ok
16:54:02.0753 1988  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:54:02.0756 1988  seclogon - ok
16:54:02.0772 1988  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
16:54:02.0776 1988  SENS - ok
16:54:02.0795 1988  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:54:02.0796 1988  Serenum - ok
16:54:02.0819 1988  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
16:54:02.0820 1988  Serial - ok
16:54:02.0840 1988  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:54:02.0841 1988  sermouse - ok
16:54:02.0862 1988  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:54:02.0865 1988  SessionEnv - ok
16:54:02.0882 1988  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:54:02.0883 1988  sffdisk - ok
16:54:02.0903 1988  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:54:02.0904 1988  sffp_mmc - ok
16:54:02.0925 1988  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:54:02.0927 1988  sffp_sd - ok
16:54:02.0942 1988  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:54:02.0944 1988  sfloppy - ok
16:54:02.0981 1988  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:54:02.0988 1988  SharedAccess - ok
16:54:03.0033 1988  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:54:03.0040 1988  ShellHWDetection - ok
16:54:03.0054 1988  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:54:03.0056 1988  sisagp - ok
16:54:03.0074 1988  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:54:03.0076 1988  SiSRaid2 - ok
16:54:03.0097 1988  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:54:03.0098 1988  SiSRaid4 - ok
16:54:03.0281 1988  [ D0776778A9FC5E37F2E9EB21FC8A9709 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:54:03.0392 1988  Skype C2C Service - ok
16:54:03.0506 1988  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:54:03.0508 1988  SkypeUpdate - ok
16:54:03.0596 1988  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
16:54:03.0673 1988  slsvc - ok
16:54:03.0703 1988  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:54:03.0711 1988  SLUINotify - ok
16:54:03.0728 1988  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:54:03.0732 1988  Smb - ok
16:54:03.0748 1988  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:54:03.0751 1988  SNMPTRAP - ok
16:54:03.0784 1988  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:54:03.0786 1988  spldr - ok
16:54:03.0809 1988  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
16:54:03.0814 1988  Spooler - ok
16:54:03.0846 1988  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:54:03.0851 1988  srv - ok
16:54:03.0869 1988  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:54:03.0872 1988  srv2 - ok
16:54:03.0878 1988  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:54:03.0880 1988  srvnet - ok
16:54:03.0899 1988  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:54:03.0903 1988  SSDPSRV - ok
16:54:03.0928 1988  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:54:03.0932 1988  SstpSvc - ok
16:54:03.0962 1988  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
16:54:03.0968 1988  stisvc - ok
16:54:03.0980 1988  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:54:03.0982 1988  swenum - ok
16:54:03.0991 1988  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
16:54:03.0996 1988  swprv - ok
16:54:04.0008 1988  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:54:04.0009 1988  Symc8xx - ok
16:54:04.0031 1988  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:54:04.0033 1988  Sym_hi - ok
16:54:04.0047 1988  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:54:04.0049 1988  Sym_u3 - ok
16:54:04.0081 1988  [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:54:04.0084 1988  SynTP - ok
16:54:04.0111 1988  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
16:54:04.0118 1988  SysMain - ok
16:54:04.0133 1988  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:54:04.0137 1988  TabletInputService - ok
16:54:04.0157 1988  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:54:04.0162 1988  TapiSrv - ok
16:54:04.0181 1988  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:54:04.0184 1988  TBS - ok
16:54:04.0233 1988  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:54:04.0264 1988  Tcpip - ok
16:54:04.0328 1988  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:54:04.0336 1988  Tcpip6 - ok
16:54:04.0359 1988  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:54:04.0361 1988  tcpipreg - ok
16:54:04.0384 1988  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:54:04.0385 1988  TDPIPE - ok
16:54:04.0400 1988  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:54:04.0402 1988  TDTCP - ok
16:54:04.0420 1988  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:54:04.0422 1988  tdx - ok
16:54:04.0434 1988  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:54:04.0435 1988  TermDD - ok
16:54:04.0459 1988  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
16:54:04.0466 1988  TermService - ok
16:54:04.0487 1988  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
16:54:04.0491 1988  Themes - ok
16:54:04.0510 1988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:54:04.0513 1988  THREADORDER - ok
16:54:04.0524 1988  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:54:04.0527 1988  TrkWks - ok
16:54:04.0571 1988  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:54:04.0572 1988  TrustedInstaller - ok
16:54:04.0595 1988  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:54:04.0597 1988  tssecsrv - ok
16:54:04.0632 1988  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:54:04.0633 1988  tunmp - ok
16:54:04.0638 1988  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:54:04.0641 1988  tunnel - ok
16:54:04.0661 1988  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:54:04.0663 1988  uagp35 - ok
16:54:04.0688 1988  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:54:04.0691 1988  udfs - ok
16:54:04.0712 1988  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:54:04.0716 1988  UI0Detect - ok
16:54:04.0734 1988  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:54:04.0735 1988  uliagpkx - ok
16:54:04.0751 1988  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:54:04.0755 1988  uliahci - ok
16:54:04.0772 1988  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:54:04.0774 1988  UlSata - ok
16:54:04.0795 1988  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:54:04.0797 1988  ulsata2 - ok
16:54:04.0821 1988  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:54:04.0822 1988  umbus - ok
16:54:04.0838 1988  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:54:04.0843 1988  upnphost - ok
16:54:04.0883 1988  [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:54:04.0885 1988  usbaudio - ok
16:54:04.0917 1988  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:54:04.0919 1988  usbccgp - ok
16:54:04.0938 1988  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:54:04.0940 1988  usbcir - ok
16:54:04.0966 1988  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:54:04.0968 1988  usbehci - ok
16:54:04.0986 1988  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:54:04.0989 1988  usbhub - ok
16:54:05.0008 1988  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:54:05.0009 1988  usbohci - ok
16:54:05.0049 1988  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:54:05.0050 1988  usbprint - ok
16:54:05.0079 1988  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:54:05.0081 1988  usbscan - ok
16:54:05.0099 1988  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:54:05.0101 1988  USBSTOR - ok
16:54:05.0114 1988  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:54:05.0116 1988  usbuhci - ok
16:54:05.0133 1988  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:54:05.0135 1988  usbvideo - ok
16:54:05.0157 1988  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
16:54:05.0160 1988  UxSms - ok
16:54:05.0185 1988  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
16:54:05.0191 1988  vds - ok
16:54:05.0213 1988  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:54:05.0214 1988  vga - ok
16:54:05.0233 1988  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:54:05.0235 1988  VgaSave - ok
16:54:05.0251 1988  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:54:05.0252 1988  viaagp - ok
16:54:05.0268 1988  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:54:05.0269 1988  ViaC7 - ok
16:54:05.0282 1988  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
16:54:05.0284 1988  viaide - ok
16:54:05.0324 1988  [ C30A79CFEE47F1A9633F403C5ACE872F ] VMC302          C:\Windows\system32\Drivers\VMC302.sys
16:54:05.0327 1988  VMC302 - ok
16:54:05.0337 1988  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:54:05.0339 1988  volmgr - ok
16:54:05.0348 1988  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:54:05.0350 1988  volmgrx - ok
16:54:05.0358 1988  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:54:05.0361 1988  volsnap - ok
16:54:05.0401 1988  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:54:05.0403 1988  vsmraid - ok
16:54:05.0455 1988  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
16:54:05.0465 1988  VSS - ok
16:54:05.0479 1988  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
16:54:05.0485 1988  W32Time - ok
16:54:05.0511 1988  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:54:05.0512 1988  WacomPen - ok
16:54:05.0526 1988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:54:05.0528 1988  Wanarp - ok
16:54:05.0532 1988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:54:05.0533 1988  Wanarpv6 - ok
16:54:05.0551 1988  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:54:05.0557 1988  wcncsvc - ok
16:54:05.0575 1988  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:54:05.0578 1988  WcsPlugInService - ok
16:54:05.0593 1988  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
16:54:05.0595 1988  Wd - ok
16:54:05.0619 1988  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:54:05.0627 1988  Wdf01000 - ok
16:54:05.0648 1988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:54:05.0652 1988  WdiServiceHost - ok
16:54:05.0656 1988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:54:05.0660 1988  WdiSystemHost - ok
16:54:05.0674 1988  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
16:54:05.0678 1988  WebClient - ok
16:54:05.0702 1988  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:54:05.0707 1988  Wecsvc - ok
16:54:05.0721 1988  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:54:05.0725 1988  wercplsupport - ok
16:54:05.0745 1988  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:54:05.0749 1988  WerSvc - ok
16:54:05.0802 1988  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:54:05.0808 1988  WinDefend - ok
16:54:05.0813 1988  WinHttpAutoProxySvc - ok
16:54:05.0865 1988  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:54:05.0867 1988  Winmgmt - ok
16:54:05.0921 1988  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:54:05.0955 1988  WinRM - ok
16:54:05.0999 1988  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:54:06.0006 1988  Wlansvc - ok
16:54:06.0027 1988  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:54:06.0028 1988  WmiAcpi - ok
16:54:06.0047 1988  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:54:06.0049 1988  wmiApSrv - ok
16:54:06.0104 1988  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:54:06.0109 1988  WMPNetworkSvc - ok
16:54:06.0135 1988  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:54:06.0139 1988  WPCSvc - ok
16:54:06.0161 1988  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:54:06.0164 1988  WPDBusEnum - ok
16:54:06.0207 1988  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:54:06.0209 1988  WpdUsb - ok
16:54:06.0239 1988  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:54:06.0240 1988  ws2ifsl - ok
16:54:06.0254 1988  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\system32\wscsvc.dll
16:54:06.0257 1988  wscsvc - ok
16:54:06.0261 1988  WSearch - ok
16:54:06.0308 1988  [ D79538B67FA641E986855DEF651E78FE ] wuauserv        C:\Windows\system32\wuaueng.dll
16:54:06.0353 1988  wuauserv - ok
16:54:06.0413 1988  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:06.0414 1988  WUDFRd - ok
16:54:06.0427 1988  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:54:06.0430 1988  wudfsvc - ok
16:54:06.0484 1988  [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
16:54:06.0488 1988  yukonwlh - ok
16:54:06.0508 1988  ================ Scan global ===============================
16:54:06.0532 1988  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:54:06.0562 1988  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:54:06.0592 1988  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:54:06.0643 1988  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
16:54:06.0647 1988  [Global] - ok
16:54:06.0648 1988  ================ Scan MBR ==================================
16:54:06.0657 1988  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:54:07.0092 1988  \Device\Harddisk0\DR0 - ok
16:54:07.0092 1988  ================ Scan VBR ==================================
16:54:07.0094 1988  [ 734CA4EF032D9AC18DC5115A4BB22FF4 ] \Device\Harddisk0\DR0\Partition1
16:54:07.0096 1988  \Device\Harddisk0\DR0\Partition1 - ok
16:54:07.0112 1988  [ 6E75D3C3A05051C6F7F1A3CD9BC2AF08 ] \Device\Harddisk0\DR0\Partition2
16:54:07.0114 1988  \Device\Harddisk0\DR0\Partition2 - ok
16:54:07.0114 1988  ============================================================
16:54:07.0114 1988  Scan finished
16:54:07.0114 1988  ============================================================
16:54:07.0124 4308  Detected object count: 0
16:54:07.0124 4308  Actual detected object count: 0
 

 

 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 24 September 2013 - 10:52 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 25 September 2013 - 05:59 AM

Hello and sorry for the delay to answer...

I have the Malwarebytes Antimalware program in my computer, but I had chosen "Greek" as its language, so the log was in greek. I translated with the google translator and I think that we are OK. Here is the log:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version : v2013.09.25.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
nikos_pakos :: RAKENDITON [ administrator ]

09/25/2013 12:39:57 PM
mbam-log-2013-09-25 (12-39-57). txt

Scan type : Full Scan (C: \ | E: \ |)
Scan options enabled : Memory | Startup | Registry | File System | Heuristic method / Extra | Heuristic method / Shuriken | PUP | PUM
Scan options disabled : P2P
Objects scanned: 339808
Time elapsed: 1 hour ( s) , 3 minute (s ), 31 second (s )

Identified processes in memory: 0
( No malicious items detected )

Evidence was found in memory : 0
( No malicious items detected )

Identified key in the registry: 1
HKCR \ AppID \ {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> isolated and deleted successfully .

Identified values ​​in the registry: 1
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ AboutURLs | bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data : http://www.delta-search.com/?affID=119529&babsrc=NT_ss&mntrId=DC0A00215D2FF57C -> isolated and expelled successfully .

Identified Registry Data Items : 0
( No malicious items detected )

Identified envelopes: 1
C: \ Users \ nikos_pakos \ AppData \ Roaming \ Babylon (PUP.Optional.Babylon.A) -> isolated and deleted successfully .

Identified files: 1
C: \ Users \ nikos_pakos \ AppData \ Roaming \ Babylon \ log_file.txt (PUP.Optional.Babylon.A) -> isolated and deleted successfully .

(end )



#10 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 25 September 2013 - 06:54 AM

And here are the Eset scan results:

 

C:\ProgramData\Ask\APN-Stub\PTV\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\Ask\APN-Stub\PTV\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\nikos_pakos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\62d2986f-132b7bb4    Java/Exploit.Agent.NMW trojan
C:\Users\nikos_pakos\Desktop\KMPlayer_3-6-0-87.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\nikos_pakos\Fruity_Loops_Studio_9_&_Crack\flstudio_9.0_final.exe    Win32/OpenCandy application

 

 

What's the next step?



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 25 September 2013 - 10:13 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 26 September 2013 - 03:12 AM

After I dragged the attached file into the Combofix, there was an option to update the program but I didn't update it. I don't know if this was the right thing to do...

 

Here are the contents of the ComboFix.txt:

 

ComboFix 13-09-24.01 - nikos_pakos 26/09/2013  10:53:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1253.30.1033.18.3066.2245 [GMT 3:00]
Running from: c:\users\nikos_pakos\Desktop\diorthosi\ComboFix.exe
Command switches used :: c:\users\nikos_pakos\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\nikos_pakos\Desktop\KMPlayer_3-6-0-87.exe"
"c:\users\nikos_pakos\Fruity_Loops_Studio_9_&_Crack\flstudio_9.0_final.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Ask
c:\programdata\Ask\APN-Stub\PTV\APNIC.dll
c:\users\All Users\Ask\APN-Stub\PTV\APNIC.dll
c:\users\nikos_pakos\Desktop\KMPlayer_3-6-0-87.exe
c:\users\nikos_pakos\Fruity_Loops_Studio_9_&_Crack\flstudio_9.0_final.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-26 to 2013-09-26  )))))))))))))))))))))))))))))))
.
.
2013-09-26 07:58 . 2013-09-26 07:58    --------    d-----w-    c:\users\nikos_pakos\AppData\Local\temp
2013-09-26 07:58 . 2013-09-26 07:58    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-26 07:58 . 2013-09-26 07:58    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-09-25 11:02 . 2013-09-25 11:02    --------    d-----w-    c:\program files\ESET
2013-09-23 14:53 . 2013-09-23 15:11    --------    d-----w-    c:\users\nikos_pakos\Darkthrone - A Blaze In The Northern Sky (1992) (2012 Reissue)
2013-09-22 16:25 . 2013-09-22 16:25    --------    d-----w-    c:\users\nikos_pakos\AppData\Roaming\Unity
2013-09-21 10:58 . 2013-09-21 10:58    --------    d-----w-    c:\users\nikos_pakos\Deafheaven - Sunbather (2013) (320)
2013-09-21 07:39 . 2013-09-21 07:45    --------    d-----w-    c:\users\nikos_pakos\Michael Hedges - 1985 - Aerial Boundaries - newage
2013-09-19 14:19 . 2013-09-19 14:21    --------    d-----w-    c:\users\nikos_pakos\New Order - Technique (Remastered) [2008] - Electronic [www.torrentazos.com]
2013-09-19 13:00 . 2013-09-19 13:01    --------    d-----w-    c:\programdata\Magenta
2013-09-17 18:46 . 2013-09-17 18:50    --------    d-----w-    c:\users\nikos_pakos\Suicide - 1st album [1977]
2013-09-16 19:20 . 2013-09-16 19:20    --------    d-----w-    c:\users\nikos_pakos\Home (Deluxe Edition)
2013-09-10 11:11 . 2013-09-10 11:12    --------    d-----w- & Stenar - Trees, Grass & Stones    c:\users\NIKOS_~1\TRD_GR~1
2013-09-09 22:34 . 2013-09-09 22:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 12:23 . 2013-09-09 12:26    --------    d-----w-    c:\users\nikos_pakos\Stars Of The Lid
2013-09-09 12:15 . 2013-09-10 14:03    --------    d-----w-    c:\users\nikos_pakos\Cocteau Twins - The Complete Discography and More
2013-09-08 09:46 . 2013-09-22 08:48    --------    d-----w-    c:\users\nikos_pakos\Les.Revenants.S01
2013-09-05 10:05 . 2013-09-05 10:07    --------    d-----w-    c:\users\nikos_pakos\Stalker (1979) Andrei Tarkovsky
2013-09-04 22:43 . 2013-09-04 22:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 20:10 . 2013-09-03 20:10    --------    d-----w-    c:\users\nikos_pakos\AppData\Local\Apple Computer
2013-09-03 18:47 . 2013-09-19 18:35    --------    d-----w-    c:\users\nikos_pakos\breaking bad
2013-09-03 13:53 . 2013-09-03 13:53    187248    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 08:04 . 2012-07-20 14:00    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 08:04 . 2012-07-20 14:00    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-19 22:51 . 2013-07-19 22:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-19 22:50 . 2013-07-19 22:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-19 22:50 . 2013-07-19 22:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 22:50 . 2013-07-19 22:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-06-30 22:45 . 2013-06-30 22:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-06-29 18:18 . 2013-06-29 18:18    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 18:18 . 2012-12-19 11:44    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-29 18:18 . 2012-12-19 11:44    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys
[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys
.
[-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys
[-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
.
[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys
[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys
.
[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll
.
[-] 2009-09-10 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[-] 2009-09-10 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[-] 2009-09-09 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[-] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[-] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[-] 2009-06-15 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[-] 2009-06-15 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[-] 2009-06-15 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[-] 2009-02-13 . F4C62B07E5BF96F1FDCA9DB393ECED22 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[-] 2009-02-13 . 59DE082968FDD257FFF0D209B9A5B460 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[-] 2009-02-13 . AFF8A58280863629CA4FFA9E0B259F1E . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[-] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[-] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
.
[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll
.
[-] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll
[-] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll
.
[-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll
[-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
.
[-] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[-] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[-] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[-] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[-] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[-] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
.
[-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
.
[-] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[-] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[-] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[-] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[-] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
[-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
.
[-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe
[-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
.
[-] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\System32\wuauclt.exe
[-] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
[-] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
.
[-] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\System32\drivers\tdx.sys
[-] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
[-] 2010-09-02 . 542A806C74798410ADA0623B9E745C38 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.22480_none_3bb5b9b7ee7c46da\comctl32.dll
[-] 2010-09-02 . 2429BBFFCE9EDB193232DE902F88C688 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.22480_none_45f1fca2222ab96c\comctl32.dll
[-] 2010-09-02 . 63A65EA959BD32B01F02E847CB16C63D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.22480_none_8ada5c8366e90385\comctl32.dll
[-] 2010-09-01 . FFBE05ED8338B17940DEA55FA6BC6F03 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.22755_none_39f4b905f1391c96\comctl32.dll
[-] 2010-09-01 . 168B034C75B85AFD667AC8D0C9003312 . 1685504 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.22755_none_4612924c21dcda90\comctl32.dll
[-] 2010-09-01 . 640C4514157B3C6FE1E05B135FCB95B4 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.22755_none_8a5499024dc7b801\comctl32.dll
[-] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.18305_none_3b879dbed519463b\comctl32.dll
[-] 2010-08-31 . BE3C082837866C4C291ADAF163C10EA6 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
[-] 2010-08-31 . 35ACD5EA63D75E97DD0E9A1629E582B2 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
[-] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll
[-] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18523_none_39898984d804f924\comctl32.dll
[-] 2010-08-31 . D702B4E30B31BFCAB7BD4E5965C1A5DC . 1684480 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
[-] 2010-08-31 . E402A6E79D1E4DBFEBA8B364C67A3158 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\comctl32.dll
[-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll
[-] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll
[-] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
[-] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
[-] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
.
[-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
.
[-] 2008-04-19 . 131B7E46A7ACD49CB56BB03917A76DE3 . 268800 . . [2001.12.6930.20818] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[-] 2008-04-19 . 7B4971C3D43525175A4EA0D143E0412E . 268800 . . [2001.12.6930.16677] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[-] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\System32\es.dll
[-] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[-] 2008-04-18 . 776D75AF432C598068CC933C7421171B . 269312 . . [2001.12.6931.22162] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[-] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
.
[-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\System32\imm32.dll
[-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
.
[-] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6002.18449] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[-] 2011-04-12 . 7062DEB220FA1CCB1B65FC40D6E7D807 . 893440 . . [6.0.6002.22625] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[-] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll
[-] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[-] 2011-04-12 . 497A2DA8181560B3E2F8FFE0092FD1E6 . 892928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[-] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[-] 2009-02-13 . 1987D817D08F5EAF0B7F334026FDDB79 . 890880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[-] 2009-02-13 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16820] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[-] 2009-02-13 . BB792054BD990EC05D9E260D50FEAD39 . 875520 . . [6.0.6000.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[-] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
.
[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll
.
[-] 2011-02-16 . 08F5BC2DC64C4D97931A28058F238D80 . 23552 . . [6.0.6002.22589] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22589_none_abf5b7af710301e2\lpk.dll
[-] 2011-02-16 . 0F1AF051D2B58411341B70360852AA36 . 23552 . . [6.0.6001.22854] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22854_none_aa2ab41973c8da38\lpk.dll
[-] 2009-10-19 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[-] 2009-10-19 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[-] 2009-10-19 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[-] 2009-10-19 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\System32\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18599_none_a97ad5445ac72e97\lpk.dll
.
[-] 2011-04-21 . C062788870AF39AFBC3B5645E1381559 . 3610112 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18457_none_14fa84381f71f967\mshtml.dll
[-] 2011-04-21 . 78484C24A46297C628115F6D0E4D0A17 . 3611136 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22629_none_15a6934138757533\mshtml.dll
[-] 2011-04-21 . D6C2CEACB1EE184EA0C1D6BD594B398F . 3593728 . . [7.00.6000.16386] . . c:\windows\System32\mshtml.dll
[-] 2011-04-21 . D6C2CEACB1EE184EA0C1D6BD594B398F . 3593728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18639_none_132bb0d62239a1e8\mshtml.dll
[-] 2011-04-21 . 8E33539FB60AA8C146CFC9BB0565880D . 3595264 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22905_none_13d1c0093b4282d1\mshtml.dll
[-] 2008-02-22 . 9C4091CD321D6D8BCF9842F109EE574B . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
[-] 2008-02-22 . ED2588D1864319C54E79443130A8004B . 3593728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
[-] 2008-02-22 . 977C356E655F357665310C0C95D0DBD4 . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
[-] 2008-02-21 . 3AE6072A86AD8049DD133DB40F73F0C8 . 3591680 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
[-] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll
.
[-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\System32\msvcrt.dll
[-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
.
[-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
[-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
.
[-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
[-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
.
[-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll
[-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
.
[-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
.
[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
.
[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
.
[-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll
[-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll
.
[-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll
[-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
.
[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
[-] 2011-04-21 . 17413EF7D95632D892B4C914CD7E66F9 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18457_none_03a065199f1b9031\wininet.dll
[-] 2011-04-21 . 3790936B00FBA6EC2053C3E81B42AFCE . 842240 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22629_none_044c7422b81f0bfd\wininet.dll
[-] 2011-04-21 . DA5A72211661C7F162B332FEA4F09A69 . 833024 . . [7.00.6000.16386] . . c:\windows\System32\wininet.dll
[-] 2011-04-21 . DA5A72211661C7F162B332FEA4F09A69 . 833024 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18639_none_01d191b7a1e338b2\wininet.dll
[-] 2011-04-21 . D53D34CA16BE45211F7A13532D181A1A . 841728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22905_none_0277a0eabaec199b\wininet.dll
[-] 2008-02-22 . 482BCCBF1FCBB3378100FF97081438C1 . 826880 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
[-] 2008-02-22 . 4E962B645608E6EDB7D31B75921D07FA . 826880 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
[-] 2008-02-22 . F7FF1E0D443788D6AE4CBCA593530099 . 827392 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
[-] 2008-02-21 . DAEED2799D4D19F955C3E90B22A1E91E . 826368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
[-] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
.
[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
.
[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll
[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll
.
[-] 2008-10-30 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[-] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[-] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[-] 2008-10-29 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[-] 2008-10-28 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[-] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
.
[-] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe
[-] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
.
[-] 2010-06-28 . 7C6F74A11FCF5745B36CB8085B7DE3FB . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_ae70528d08aae434\ole32.dll
[-] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63\ole32.dll
[-] 2010-06-28 . 64A319477AF21806B8A17E8A3A3FF8BC . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_ac91afb30b7f271a\ole32.dll
[-] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll
[-] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_abc461f7f2931b51\ole32.dll
[-] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
.
[-] 2010-04-16 . E609A492AD596187CEA24E8418FF082F . 502784 . . [1.0626.6002.22384] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
[-] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
[-] 2010-04-16 . 8CB1162DD3586683D71BCB303C1FF54F . 502272 . . [1.0626.6001.22672] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
[-] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\System32\usp10.dll
[-] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
[-] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
.
[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll
[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
.
[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
.
[-] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
[-] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
[-] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
[-] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
[-] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
[-] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
[-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\msimg32.dll
[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.0.6000.16386_none_7535161f1f2100ed\msimg32.dll
.
[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
.
[-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
[-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll
.
[-] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
[-] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll
[-] 2010-11-05 . 4B71C228530440F853F9C30E308F00E9 . 604672 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll
[-] 2010-11-05 . 38AE0400578FD396628F21A571473A3B . 602112 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll
[-] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll
[-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll
[-] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[-] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
.
[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll
.
[-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll
[-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
.
[-] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll
[-] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll
.
[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll
.
[-] 2010-08-31 16:49 . 5E9F187AC6BADB58C21C4E3A18DD1F62 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.22478_none_f53f7ef86c05abb0\mfc40u.dll
[-] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.18305_none_f4fe90c352b1fc4a\mfc40u.dll
[-] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[-] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.18523_none_f3007c89559daf33\mfc40u.dll
[-] 2010-08-31 15:17 . 1C1486BB262DF6DFD298110BC495906E . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.22754_none_f36aabc06ed2b94e\mfc40u.dll
[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
.
[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll
.
[-] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
[-] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\dsound.dll
.
[-] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\System32\d3d9.dll
[-] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll
.
[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
.
[-] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\System32\olepro32.dll
[-] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
.
[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll
[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
.
[-] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\System32\version.dll
[-] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version.dll
.
[-] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\System32\w32time.dll
[-] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\w32time.dll
.
[-] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[-] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
.
[-] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll
[-] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\midimap.dll
.
[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll
[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
.
[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\System32\WSHTCPIP.DLL
[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\nikos_pakos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\nikos_pakos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\nikos_pakos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^nikos_pakos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\nikos_pakos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 17:55    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 18:01    71216    ------w-    c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 06:58    19875432    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40    74752    ----a-w-    c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 14:56    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=119529&babsrc=HP_ss_din2g&mntrId=DC0A00215D2FF57C
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=dc0ad6c600000000000000215d2ff57c&q=
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=5f97ddbe&tbp=tab&u=dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=dc0ad6c600000000000000215d2ff57c&q=
FF - user.js: extensions.spamfreesearch.id - dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15747
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.91:33
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 5f97ddbe
FF - user.js: extensions.spamfreesearch.dfltLng -
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - dc0ad6c600000000000000215d2ff57c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15874
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.517:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119529
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-26 10:58
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-09-26  11:03:50
ComboFix-quarantined-files.txt  2013-09-26 08:03
ComboFix2.txt  2013-09-24 09:21
.
Pre-Run: 107.461.451.776 bytes free
Post-Run: 107.433.426.944 bytes free
.
- - End Of File - - 25484E77B62DD5B7A4A38FD4A2A5C493
5C616939100B85E558DA92B899A0FC36
 



#13 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 26 September 2013 - 03:19 AM

I'm doing the cleanup yet, because I would like to assure me that I made the right choice by not updating ComboFix.

 

Also, for cleanup, I use CCleaner. Is that OK or I should download the program you suggest?



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 AM

Posted 26 September 2013 - 06:36 AM

Please run the programs I suggested because we need the logs for the next steps.

Ccleaner is ok for deleting junk files but don´t use its registry cleaning function - as well as you should´nt use any reg cleaner application.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 nicus_pacus

nicus_pacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 27 September 2013 - 02:32 AM

Hello! I hope you are doing fine.

 

After I run the AdwCleaner, a text file appeared with the name: AdfCleaner[S0] and not AdfCleaner[S1]. Maybe this is just a detail, but I had to inform you. So, here are the contents of the txt file:

 

# AdwCleaner v3.005 - Report created 27/09/2013 at 10:16:51
# Updated 22/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : nikos_pakos - RAKENDITON
# Running from : C:\Users\nikos_pakos\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Users\nikos_pakos\AppData\LocalLow\delta
File Deleted : C:\Users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\\invalidprefs.js
File Deleted : C:\Users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\searchplugins\Babylon.xml
File Deleted : C:\Users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\searchplugins\delta.xml
File Deleted : C:\Users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\searchplugins\spamfreesearch.xml
File Deleted : C:\Users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\nikos_pakos\AppData\Roaming\Mozilla\Firefox\Profiles\0e769fxn.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "dc0ad6c600000000000000215d2ff57c");
Line Deleted : user_pref("extensions.delta.instlDay", "15874");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.517:48:27");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119529");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");


Line Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Line Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");


*************************

AdwCleaner[R0].txt - [5461 octets] - [27/09/2013 10:15:25]
AdwCleaner[S0].txt - [5422 octets] - [27/09/2013 10:16:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5482 octets] ##########

 

 

And here are the results of the Security Check:

 

 Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users