offline
- Pridružio: 01 Okt 2013
- Poruke: 190
|
ComboFix 14-06-19.01 - Zeljko 06/20/2014 12:25:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.634 [GMT 1:00]
Running from: c:\documents and settings\Zeljko\desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-19 23:26 . 2014-06-20 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-06-19 23:26 . 2014-06-20 11:08 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-19 23:25 . 2014-06-20 11:07 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-19 23:05 . 2014-06-19 23:06 -------- d-----w- C:\FRST
2014-06-19 15:05 . 2014-06-19 15:06 -------- d-----w- C:\AdwCleaner
2014-06-19 01:06 . 2014-06-19 01:06 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-06-19 01:06 . 2014-06-19 01:06 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2014-06-19 01:06 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-06-19 01:06 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-06-19 01:06 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-06-19 01:06 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-06-19 01:06 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-06-18 23:41 . 2014-06-18 23:41 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\Kiloo Games
2014-06-16 23:45 . 2014-06-16 23:48 -------- d-----w- c:\documents and settings\Zeljko\Application Data\TeraCopy
2014-06-16 23:45 . 2014-06-16 23:45 -------- d-----w- c:\program files\TeraCopy
2014-06-16 15:19 . 2010-12-21 06:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2014-06-16 15:19 . 2010-12-21 06:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2014-06-16 15:19 . 2010-12-21 06:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2014-06-16 15:19 . 2010-12-21 06:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2014-06-16 15:19 . 2010-12-21 06:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2014-06-16 15:19 . 2010-12-21 06:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2014-06-16 15:19 . 2010-12-21 06:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2014-06-15 13:14 . 2014-06-15 13:14 -------- d-----w- c:\program files\Common Files\Java
2014-06-15 01:11 . 2014-06-15 01:11 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\KSafe
2014-06-15 01:10 . 2014-06-15 01:10 -------- d-----w- c:\documents and settings\Zeljko\Application Data\kingsoft
2014-06-15 01:10 . 2014-06-15 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kingsoft
2014-06-15 01:03 . 2014-06-15 01:03 -------- d-----w- c:\documents and settings\Zeljko\Application Data\GlarySoft
2014-06-15 00:49 . 2014-06-15 00:49 -------- d-----w- c:\program files\Temp File Cleaner
2014-06-14 22:39 . 2014-06-14 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2014-06-14 22:39 . 2014-06-15 00:52 -------- d-----w- c:\program files\NCH Software
2014-06-14 22:39 . 2014-06-14 22:39 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\TechSmith
2014-06-14 22:36 . 2014-06-14 22:36 -------- d-----w- c:\documents and settings\Zeljko\Application Data\TechSmith
2014-06-14 22:33 . 2014-06-14 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1995-08.com.techsmith
2014-06-14 22:32 . 2014-06-14 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2014-06-14 22:32 . 2014-06-14 22:32 -------- d-----w- c:\program files\TechSmith
2014-06-14 22:18 . 2014-06-14 22:21 -------- d-----w- c:\documents and settings\Zeljko\Application Data\Audacity
2014-06-11 23:40 . 2014-06-11 23:40 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\O&O
2014-06-11 23:40 . 2014-06-11 23:58 -------- d-----w- c:\windows\system32\oodag
2014-06-11 23:40 . 2014-06-11 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\OO Software
2014-06-11 23:19 . 2014-06-11 23:19 -------- d-----w- c:\documents and settings\Zeljko\Application Data\addpcs
2014-06-10 21:11 . 2014-06-10 21:11 -------- d-----w- c:\documents and settings\Zeljko\Application Data\Publish Providers
2014-06-10 21:07 . 2014-06-10 22:23 -------- d-----w- c:\documents and settings\Zeljko\Application Data\Sony
2014-06-10 21:07 . 2014-06-10 21:07 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\Sony
2014-06-10 21:07 . 2014-06-10 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2014-06-09 22:48 . 2014-06-09 22:48 -------- d-----w- c:\documents and settings\Administrator.ADMINISTRATOR\Application Data\Auslogics
2014-06-09 13:11 . 2014-06-09 13:11 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-06-09 13:11 . 2014-06-09 13:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-06-08 18:06 . 2012-07-20 09:53 22896 ----a-w- c:\windows\system32\JetCleanRegDefrag.exe
2014-06-08 18:05 . 2014-06-08 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueSprig
2014-06-08 18:05 . 2014-06-08 18:05 -------- d-----w- c:\program files\BlueSprig
2014-06-08 17:51 . 2014-06-08 17:51 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\SlimWare Utilities Inc
2014-06-08 17:43 . 2014-06-08 18:11 -------- d-----w- c:\program files\SlimCleaner
2014-06-08 17:42 . 2014-06-08 17:42 20 --sha-w- c:\documents and settings\Zeljko\Application Data\App4870.ConfCollection.bin
2014-06-08 17:42 . 2002-01-05 10:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2014-06-08 17:42 . 2002-01-05 05:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2014-06-08 17:42 . 2002-01-05 04:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2014-06-08 17:42 . 2000-05-22 15:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2014-06-08 17:41 . 2014-06-08 17:41 -------- d-----w- c:\documents and settings\Zeljko\Application Data\BlueSprig
2014-06-08 14:44 . 2006-11-08 21:19 4544 ----a-w- c:\windows\system32\drivers\hidusbf.sys
2014-06-08 14:37 . 2014-06-08 14:37 -------- d-----w- c:\documents and settings\Administrator.ADMINISTRATOR\Local Settings\Application Data\COMODO
2014-06-08 14:31 . 2014-06-08 14:31 -------- d-sh--w- c:\documents and settings\Administrator.ADMINISTRATOR\IETldCache
2014-06-06 10:47 . 2014-06-06 10:47 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-06-05 23:49 . 2014-06-05 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2014-06-05 23:48 . 2013-08-25 10:30 13120 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2014-06-05 23:48 . 2014-06-05 23:48 -------- d-----w- c:\program files\CDBurnerXP
2014-06-05 22:17 . 2014-06-05 22:17 -------- d-----w- c:\documents and settings\Zeljko\Application Data\dlg
2014-06-05 14:07 . 2014-06-05 14:07 -------- d-----w- C:\SUPERDelete
2014-06-04 14:26 . 2014-06-04 14:26 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-04 14:06 . 2014-06-04 14:22 -------- d-----w- c:\documents and settings\Zeljko\Application Data\BSplayer
2014-06-02 18:41 . 2014-06-02 18:41 -------- d-----w- c:\program files\Security Task Manager
2014-06-02 15:18 . 2014-06-02 15:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2014-06-02 15:17 . 2014-06-02 15:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2014-06-02 15:12 . 2014-06-02 15:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2014-06-02 15:09 . 2014-06-02 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2014-06-01 22:28 . 2014-06-01 22:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2014-06-01 22:27 . 2014-06-01 22:27 -------- d-----w- c:\documents and settings\Zeljko\SecurityScans
2014-06-01 22:19 . 2014-06-01 22:20 -------- d-----w- c:\documents and settings\Zeljko\Local Settings\Application Data\Adobe
2014-06-01 22:04 . 2014-06-01 22:28 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-06-01 22:04 . 2014-06-02 18:35 -------- d-----w- c:\program files\Comodo
2014-06-01 22:03 . 2014-06-01 22:03 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-06-01 22:03 . 2014-06-01 22:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-06-01 20:00 . 2014-06-15 13:13 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-01 19:59 . 2014-06-15 13:13 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-01 19:43 . 2014-06-11 23:19 -------- d-----w- c:\documents and settings\Zeljko\Application Data\CrystalIdea Software
2014-06-01 19:13 . 2014-06-02 18:55 -------- d-----w- c:\windows\system32\Macromed
2014-06-01 16:20 . 2014-03-06 17:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-06-01 16:20 . 2014-03-06 17:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-06-01 16:20 . 2014-03-06 17:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-06-01 16:20 . 2014-03-06 17:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-06-01 16:20 . 2014-03-06 17:59 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-06-01 16:20 . 2014-03-06 17:59 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2014-06-01 16:20 . 2014-03-06 17:59 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-06-01 16:20 . 2014-03-06 17:59 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-06-01 16:18 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-06-01 16:18 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-06-01 15:48 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-06-01 15:48 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2014-06-01 15:48 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2014-06-01 15:47 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-06-01 15:47 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2014-06-01 15:47 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-06-01 15:47 . 2014-06-08 14:39 142976 -c--a-w- c:\windows\system32\dllcache\usbport.sys
2014-06-01 15:47 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2014-06-01 15:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2014-06-01 14:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2014-06-01 14:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-06-01 14:19 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2014-06-01 14:05 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2014-06-01 14:01 . 2014-06-01 16:21 -------- d-----w- c:\windows\ie8updates
2014-06-01 13:49 . 2014-06-01 13:49 -------- d-----w- c:\windows\system32\winrm
2014-06-01 13:49 . 2014-06-11 23:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2014-06-01 13:33 . 2013-07-04 03:03 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2014-06-01 13:33 . 2013-07-04 02:59 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2014-06-01 13:33 . 2013-07-04 02:08 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2014-06-01 13:32 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2014-06-01 12:48 . 2014-06-01 12:48 -------- d-----w- c:\documents and settings\Zeljko\Application Data\RoboForm
2014-06-01 12:47 . 2014-06-01 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2014-06-01 09:17 . 2014-06-01 09:17 -------- d-----w- c:\documents and settings\Zeljko\Application Data\Eusing
2014-05-29 23:20 . 2014-05-29 23:20 -------- d-----w- c:\windows\system32\Lang
2014-05-29 23:15 . 2014-05-29 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2014-05-29 23:07 . 2014-05-29 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\RegInOut
2014-05-28 16:55 . 2010-08-30 07:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-28 13:10 . 2014-05-28 13:10 49152 ----a-w- c:\windows\UNINS.EXE
2014-05-28 13:10 . 2014-05-28 13:10 28672 ----a-w- c:\windows\system32\shelllnk.dll
2014-05-28 13:10 . 2014-05-28 13:10 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-08 14:39 . 2008-04-13 23:15 142976 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-30 20:49 . 2014-04-30 20:49 21376 ----a-w- c:\windows\system32\drivers\droidcam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\erdnt\cache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\erdnt\cache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\erdnt\cache\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\erdnt\cache\comres.dll
[-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\erdnt\cache\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\erdnt\cache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
.
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\erdnt\cache\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\erdnt\cache\es.dll
[-] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\erdnt\cache\kernel32.dll
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\system32\kernel32.dll
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2014-03-06 . 0964EFC80BD54FDF37397A09FDAE8395 . 6021632 . . [8.00.6001.23580] . . c:\windows\ie8updates\KB2964358-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\erdnt\cache\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2936068-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\erdnt\cache\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\erdnt\cache\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2014-03-06 . 8AF91E4B4C1F5338EBE1548117304296 . 920064 . . [8.00.6001.23580] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\erdnt\cache\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2936068-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\erdnt\cache\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\erdnt\cache\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\erdnt\cache\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\erdnt\cache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\erdnt\cache\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\MSCTFIME.IME
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\MSCTFIME.IME
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\erdnt\cache\acpiec.sys
[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\erdnt\cache\aec.sys
[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\erdnt\cache\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-04-14 04:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\erdnt\cache\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\erdnt\cache\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
.
[-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\erdnt\cache\ntmssvc.dll
[-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\erdnt\cache\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\erdnt\cache\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\erdnt\cache\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\olepro32.dll
[-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\erdnt\cache\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^O&O Defrag Tray.lnk]
backup=c:\windows\pss\O&O Defrag Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Zeljko^Start Menu^Programs^Startup^Rainmeter.lnk]
backup=c:\windows\pss\Rainmeter.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Zeljko^Start Menu^Programs^Startup^TeamViewer 9.lnk]
backup=c:\windows\pss\TeamViewer 9.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-05-20 13:29 4529944 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-01-31 09:02 108832 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 13:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2014-06-17 22:33 1267536 ----a-w- c:\documents and settings\Zeljko\Application Data\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Documents and Settings\\Zeljko\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Dead Bits\\Dead Bits.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8317:TCP"= 8317:TCP:TechSmith Camtasia Studio
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/9/2014 2:11 PM 243128]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/20/2014 12:25 AM 54232]
R2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver;c:\program files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys [2/15/2014 4:50 PM 33632]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [3/6/2014 7:32 PM 27632]
R3 usbcamcl;Driver for usbcamcl Device;c:\windows\system32\drivers\usbcamcl.sys [11/10/2013 7:36 PM 31104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/22/2014 10:14 PM 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5/13/2011 3:21 AM 30312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [11/15/2013 2:01 PM 84248]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [4/30/2014 9:49 PM 21376]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/24/2014 2:49 PM 23456]
S3 E100E;E100E;c:\windows\system32\drivers\E100ENT.sys [2/1/2013 1:39 AM 25360]
S3 ESEADriver2;ESEADriver2; [x]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11/7/2013 6:53 PM 12400]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [6/8/2014 3:44 PM 4544]
S3 huawei_cdcacm;huawei_cdcacm; [x]
S3 huawei_cdcecm;huawei_cdcecm; [x]
S3 huawei_enumerator;huawei_enumerator; [x]
S3 huawei_ext_ctrl;huawei_ext_ctrl; [x]
S3 HWDeviceService.exe;HWDeviceService.exe; [x]
S3 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [4/5/2013 3:53 AM 121600]
S3 LiveUpdateSvc;LiveUpdate; [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [12/6/2013 2:37 PM 29728]
S3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE; [x]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [3/23/2014 1:29 PM 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [3/23/2014 1:29 PM 10320]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 3:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 3:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 3:21 AM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5/13/2011 3:21 AM 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [11/15/2013 2:01 PM 182680]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [11/15/2013 2:01 PM 182680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 tapse01;SurfEasy TAP-Windows Adapter V9;c:\windows\system32\drivers\tapse01.sys [10/16/2013 9:51 PM 33720]
S3 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [5/10/2014 3:09 PM 5024576]
S3 WiseHDInfo;WiseHDInfo;\??\d:\program files\Wise\Wise Care 365\WiseHDInfo32.dll --> d:\program files\Wise\Wise Care 365\WiseHDInfo32.dll [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-04 18:19 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-03 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-44D8-4356-A006-762764B291CC} for Zeljko.job
- c:\program files\Auslogics\Disk Defrag Professional\DiskDefragPro.exe [2014-05-03 18:05]
.
2014-05-03 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-D7AC-47CB-8091-395296FBE6C6} for Zeljko.job
- c:\program files\Auslogics\Disk Defrag Professional\DiskDefragPro.exe [2014-05-03 18:05]
.
2014-05-24 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-D8A3-4DA1-8E7F-9A9755418F49} for Zeljko.job
- c:\program files\Auslogics\Disk Defrag Professional\DiskDefragPro.exe [2014-05-03 18:05]
.
2014-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-03 19:03]
.
2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-06-01 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4A38C904-265F-4E99-ABB0-7E03680B28AA}: NameServer = 192.168.1.1,81.93.64.1
TCP: Interfaces\{E8D5FB94-1C7E-4466-9B2C-35C2C59C01F9}: NameServer = 192.168.1.1,81.93.64.9
TCP: Interfaces\{F85AFED7-7362-46A5-8449-145789134850}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Zeljko\Application Data\Mozilla\Firefox\Profiles\cbmngrb9.default\
FF - ExtSQL: 2014-06-02 16:11; PrivDog@AdTrustMedia.com; c:\documents and settings\Zeljko\Application Data\Mozilla\Firefox\Profiles\cbmngrb9.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-06-20 12:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1659004503-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F42ED0A-A645-F5FF-B774-3FFFE25EA6D9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jafhciigfadnijnpjglh"=hex:62,61,68,62,00,00
"jafhciigfadnijnpjghh"=hex:62,61,68,62,00,00
"iafageabocnbfjlhpk"=hex:6b,61,61,62,68,6c,6b,70,6d,64,6a,65,68,63,63,67,6f,69,
6a,66,66,67,00,00
"happefdljeahocip"=hex:6b,61,61,62,68,6c,6b,70,6d,64,6a,65,68,63,63,67,6f,69,
6a,66,66,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG17.00.00.01PROFESSIONAL"="7DB828EDB2E91B16FC80D93F9696EA0851861ACBA1947E5A1AC48A17153FF4186BE20B77096F41EE3A6C1EEC6C9FC9346158D84A7FCEAAAFAB596AAF74468141718727CC111EBFCA4BCDB382E59F1B79CAB5B1C3946E89CDCF7380D0A7084682E2D597C0778B70B8207060D7A15B35FB40A4B0331005860D1C75C3BB0E03EA0BD1ADD876ED43D4DC714FC916C2890EF2B860C565269632DAE7778E040B28B89C1AA1CFE7A9C30E6C361EFB3A6F5743ABEE5846808D1CC2384F431C11895E1D0ED6FC406164816335AE41E596D2639387E2AD6A7883828F3BB1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808272A9CA892C453A3473BA3C68FFAA37F68710EC0B21604742D7B11562DC7243A231E1C5FECD188557E70C717CE051FE3B59784EF13C99BFD631E2E7AB1BC29A37AD3D95E73D56D3CCB3F07DB5CA45720D7A513676C1CBB3FF616034CA9EBCDC94C909DE6FBE8D96E0A39D0675D8B57AD8495EBABCF77C7B21CE52AA0B217EAC5E88286C05546BA49C750E7926B0DC1C72A4419C445683514BA730FD1DF26E8F6D53605B53DCF8FEA47DEE23913A3CBEEE5F27441C5210E65710973BCB92248FDCD22619569866CB500A0ADB9D46ABD688CC8AEB0BEF8F06C8FD56B443ABC1D42BC9BB2328093FAD11DB405F72624F63AA4CCCAA7936791311A6C604CCFC68DEC455E68629F44F5A97AA17D5DF0B466326A6D223F198CB300C7C18DBFDE37D56DBC09C3015606AD6DACCEFCD21225925FCDFBDE9499A832EB0731850D3C2A4475AB21DAEBA8EE870F79883FCAD8A29417712F82C6D3A37D4AF8792DA336DD3D7AD18C17858EB5FBC65C7FD0370C7C1AEFAC1E5FFAF80515326F3C3BFA0935B7361E17B53774B5958F0348970FE3A963478CC79C5A2F7C91827501BE0CE8373DA938EF49E83970F5A74F5A48CF0EC2C6BDCE8D3812915B9B5C47319754FC8E6F1378AB3889B309D093D813ED782A05AC36E7330051AC97F0A3D31A7955600A807C6C3F3B8C28476F196AB3678CCFCF13D8006499CD82CA6602C0F06E95A01E382D560860E855172C44815E679205A80A93712DFABF0A336065664AD39D425F71B32BC40918E9887963D01C7519C8B8B893CB7FF0642DB2597E5221597CBC091B6315996C198B4F5A0BBF5B6B2D8BCDD650D2B01AFBC9CEDFC143530443F97C3A52EF8C12EFCFC3E691686978E232D6B37FFE796C4B32B116E9AEA32C075939E359CE0BD92144E04C12987D9FD2966AAD1E7AF7AD992CAAB272BCB800E12DE84418F7E173B9E948C9EA54ADB69705BF3B6C262D7AB571A8FE1DCA1C7EF0BC541AEE62C6674633BB35C0D0786AD13EB567EE947EC26FAF43D9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-06-20 12:33:33
ComboFix-quarantined-files.txt 2014-06-20 11:33
ComboFix2.txt 2014-06-05 18:09
.
Pre-Run: 17,422,966,784 bytes free
Post-Run: 17,408,434,176 bytes free
.
- - End Of File - - 9078A4091D4A94103DC94B7FBBED81D7
A36C5E4F47E84449FF07ED3517B43A31
mycity.rs/must-login.png
mycity.rs/must-login.png
|