Monitoring virus

[saeid]

Hello,

I have a some kind of virus that don't let me to install a new program and it also block my internet explorer
what can I do ?

Regard

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please boot your computer in Safe Mode with NetWorking, download, install and run MBAM. If it runs, please try to run it in Normal Mode.

Here's how to get into Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[saeid]

Here is the log:


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.04.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Saied :: SAIED-PC [administrator]

Protection: Enabled

2013-05-04 4:43:52 PM
mbam-log-2013-05-04 (16-43-52).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 540144
Time elapsed: 2 hour(s), 1 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ASKL Startup (PUP.KeyLogger) -> Data: C:\Program Files\KAward\kl.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\KAward\kl.exe (PUP.KeyLogger) -> Delete on reboot.
C:\Windows\System32\KAward\wak.exe (PUP.KeyLogger) -> Delete on reboot.
D:\Call of Duty 4 - Modern Warfare\rank55\EasyAccount.exe (RiskWare.Tool.CK) -> Delete on reboot.
E:\Award Keylogger 2.6 (x86x64).rar (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

(end)

[SuperDave]

Can you boot in Normal Mode now?

[saeid]

yees I can, but it doesnt works smoothly and I still have problem with install or uninstall a program .

[SuperDave]

Ok. Let's keep working at it.

Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[saeid]

# AdwCleaner v2.300 - Logfile created 05/07/2013 at 19:34:27
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Saied - SAIED-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Saied\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

# AdwCleaner v2.300 - Logfile created 05/07/2013 at 19:35:00
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Saied - SAIED-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Saied\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Saied\AppData\Local\Ilivid
Folder Deleted : C:\Users\Saied\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Saied\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Saied\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\YourFileDownloader

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Saied\AppData\Roaming\Mozilla\Firefox\Profiles\59aem6ub.default\prefs.js

C:\Users\Saied\AppData\Roaming\Mozilla\Firefox\Profiles\59aem6ub.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [333 octets] - [07/05/2013 19:34:27]
AdwCleaner[S2].txt - [2806 octets] - [07/05/2013 19:35:00]

########## EOF - C:\AdwCleaner[S2].txt - [2866 octets] ##########

[saeid]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by Saied on 2013-05-07 at 19:42:13.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Saied\AppData\Roaming\mozilla\firefox\profiles\59aem6ub.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-05-07 at 19:43:08.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[saeid]

 Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java(TM) 6 Update 21 
 Java version out of Date!
 Adobe Flash Player    11.6.602.180 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

*********************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[saeid]

ComboFix 13-05-08.02 - Saied 2013-05-09  11:05:52.1.4 - x86 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.981.1033.18.3063.2351 [GMT 4.5:30]
Running from: C:\Users\Saied\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\sysapp
C:\ProgramData\sysapp\Oku - Readme.txt
C:\Windows\7Loader.TAG
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\URTTemp
C:\Windows\system32\URTTemp\regtlib.exe


(((((((((((((((((((((((((   Files Created from 2013-04-09 to 2013-05-09  )))))))))))))))))))))))))))))))


2013-05-09 06:46:21 . 2013-05-09 06:46:35   --------   d-----w-   C:\Users\Saied\AppData\Local\temp
2013-05-09 06:46:21 . 2013-05-09 06:46:21   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2013-05-07 18:13:04 . 2013-04-10 03:08:44   6906960   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03133C81-5FA7-49FF-9D54-4C5E67238351}\mpengine.dll
2013-05-07 15:43:08 . 2013-04-10 03:08:44   6906960   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-07 15:12:10 . 2013-05-07 15:12:10   --------   d-----w-   C:\Windows\ERUNT
2013-05-07 15:10:47 . 2013-05-07 15:11:14   --------   d-----w-   C:\JRT
2013-05-04 12:05:59 . 2013-05-04 12:05:59   --------   d-----w-   C:\Users\Saied\AppData\Roaming\Malwarebytes
2013-05-04 12:05:51 . 2013-05-04 12:05:51   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-05-03 14:01:39 . 2013-04-12 13:45:29   1211752   ----a-w-   C:\Windows\system32\drivers\ntfs.sys
2013-05-03 10:27:33 . 2013-05-03 13:30:07   --------   d-----w-   C:\Users\Saied\AppData\Roaming\GameRanger
2013-04-25 14:41:22 . 2013-05-07 21:20:09   139448   ----a-w-   C:\Windows\system32\drivers\PnkBstrK.sys
2013-04-25 14:41:16 . 2013-05-07 21:20:04   282472   ----a-w-   C:\Windows\system32\PnkBstrB.exe
2013-04-25 14:41:16 . 2013-05-07 21:18:20   282472   ----a-w-   C:\Windows\system32\PnkBstrB.ex0
2013-04-25 14:41:03 . 2013-05-07 21:20:04   282472   ----a-w-   C:\Windows\system32\PnkBstrB.xtr
2013-04-25 14:40:56 . 2013-04-25 14:40:56   76888   ----a-w-   C:\Windows\system32\PnkBstrA.exe
2013-04-25 14:39:38 . 2013-04-25 14:39:38   --------   d-----w-   C:\Users\Saied\AppData\Local\PunkBuster
2013-04-23 16:00:29 . 2013-04-23 16:00:06   706640   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87EAC7A8-A8D5-43E6-98B2-65BB13714C91}\gapaengine.dll
2013-04-20 01:24:02 . 2013-04-20 01:24:02   47368   ----a-w-   C:\Windows\system32\certsentry.dll
2013-04-19 21:23:59 . 2013-04-19 21:24:03   --------   d-----w-   C:\Program Files\Nimbuzz
2013-04-17 19:51:32 . 2013-04-17 19:51:32   --------   d-----w-   C:\Program Files\Common Files\Skype
2013-04-17 18:45:25 . 2013-05-07 22:57:39   --------   d-----w-   C:\Users\Saied\AppData\Roaming\Skype
2013-04-17 18:45:14 . 2013-05-03 11:58:02   --------   d-----r-   C:\Program Files\Skype
2013-04-17 18:44:58 . 2013-04-17 19:51:34   --------   d-----w-   C:\ProgramData\Skype
2013-04-12 05:49:24 . 2013-03-01 03:09:59   2347008   ----a-w-   C:\Windows\system32\win32k.sys
2013-04-12 05:49:23 . 2013-01-24 04:47:07   196328   ----a-w-   C:\Windows\system32\drivers\fvevol.sys
2013-04-12 05:49:21 . 2013-03-19 05:04:13   3968856   ----a-w-   C:\Windows\system32\ntkrnlpa.exe
2013-04-12 05:49:21 . 2013-03-19 05:04:10   3913560   ----a-w-   C:\Windows\system32\ntoskrnl.exe
2013-04-12 05:49:20 . 2013-03-19 04:48:45   38912   ----a-w-   C:\Windows\system32\csrsrv.dll
2013-04-12 05:49:20 . 2013-03-19 02:49:16   69632   ----a-w-   C:\Windows\system32\smss.exe
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-05-02 15:28:50 . 2013-01-23 06:38:13   238872   ------w-   C:\Windows\system32\MpSigStub.exe
2013-03-31 12:45:22 . 2013-01-22 04:59:46   444952   ----a-w-   C:\Windows\system32\wrap_oal.dll
2013-03-31 12:45:22 . 2013-01-22 04:59:46   109080   ----a-w-   C:\Windows\system32\OpenAL32.dll
2013-03-14 11:14:50 . 2013-01-31 12:49:54   73432   ----a-w-   C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 11:14:50 . 2013-01-31 12:49:54   693976   ----a-w-   C:\Windows\system32\FlashPlayerApp.exe
2013-02-12 04:48:31 . 2013-03-14 07:34:01   474112   ----a-w-   C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-14 07:34:02   2176512   ----a-w-   C:\Windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 . 2013-03-20 20:08:46   15872   ----a-w-   C:\Windows\system32\drivers\usb8023.sys
2013-04-12 19:31:18 . 2013-04-12 19:30:38   263064   ----a-w-   C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2009-07-14 01:26:15 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\atapi.sys
[7] 2009-07-14 01:26:15 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[7] 2009-07-14 01:26:15 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

[7] 2009-07-13 23:54:46 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\asyncmac.sys
[7] 2009-07-13 23:54:46 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys

[7] 2009-07-13 23:45:01 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\beep.sys
[7] 2009-07-13 23:45:01 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[7] 2009-07-14 01:20:36 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\drivers\kbdclass.sys
[7] 2009-07-14 01:20:36 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\kbdclass.sys
[7] 2009-07-14 01:20:36 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\kbdclass.sys

[7] 2012-08-22 17:16:46 . 8C9C922D71F1CD4DEF73F186416B7896 . 712048 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\ndis.sys
[7] 2012-08-22 17:16:46 . 8C9C922D71F1CD4DEF73F186416B7896 . 712048 . . [6.1.7601.17939 (win7sp1_gdr.120822-0331)] . . C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[7] 2012-08-22 17:05:16 . 15B74B6283CEBCCE3054C1001CA01B5E . 712048 . . [6.1.7601.22097 (win7sp1_ldr.120822-0335)] . . C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[7] 2010-11-20 21:29:12 . E7C54812A2AAF43316EB6930C1FFA108 . 712576 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[7] 2013-04-12 13:53:03 . A543D7FD38F51123CA6B8B4722E4D322 . 1213288 . . [6.1.7601.22297 (win7sp1_ldr.130412-0013)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys
[7] 2013-04-12 13:45:29 . 5E43D2B0EE64123D4880DFA6626DEFDE . 1211752 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\ntfs.sys
[7] 2013-04-12 13:45:29 . 5E43D2B0EE64123D4880DFA6626DEFDE . 1211752 . . [6.1.7601.18127 (win7sp1_gdr.130412-0013)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys
[7] 2012-08-31 17:18:09 . 0D87503986BB3DFED58E343FE39DDE13 . 1211760 . . [6.1.7601.17945 (win7sp1_gdr.120831-0331)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
[7] 2012-08-31 17:01:43 . E6C295C6F8E639957235FEE1D95077F4 . 1212272 . . [6.1.7601.22104 (win7sp1_ldr.120831-0334)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys
[7] 2011-03-11 05:39:00 . 81189C3D7763838E55C397759D49007A . 1211264 . . [6.1.7601.17577 (win7sp1_gdr.110310-1504)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[7] 2011-03-11 05:28:10 . E2EDE3F02F95B896A1C7C6F0CC0C4083 . 1211264 . . [6.1.7601.21680 (win7sp1_ldr.110310-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
[7] 2010-11-20 21:29:12 . 33C3093D09017CFE2E219F2472BFF6EB . 1211264 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys

[7] 2009-07-13 23:11:12 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\null.sys
[7] 2009-07-13 23:11:12 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys

[7] 2013-01-04 04:56:23 . 4A95845C5F33A4DDEB6AEF6367FB6520 . 1308504 . . [6.1.7601.22209 (win7sp1_ldr.130103-1434)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[7] 2013-01-03 05:05:20 . 7C0507D2391AF5933600CBCED799F277 . 1293672 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\tcpip.sys
[7] 2013-01-03 05:05:20 . 7C0507D2391AF5933600CBCED799F277 . 1293672 . . [6.1.7601.18042 (win7sp1_gdr.130102-1436)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[7] 2012-10-03 16:58:30 . E23A56F843E2AEBBB209D0ACCA73C640 . 1293680 . . [6.1.7601.17964 (win7sp1_gdr.121003-0333)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[7] 2012-10-03 16:44:01 . D490DD0A91B4EAC3B4EE08D11EE37C31 . 1308040 . . [6.1.7601.22124 (win7sp1_ldr.121003-0333)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[7] 2012-08-22 17:16:54 . A5EBB8F648000E88B7D9390B514976BF . 1292144 . . [6.1.7601.17939 (win7sp1_gdr.120822-0331)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[7] 2012-08-22 17:05:21 . 23790A44D9A6B67F8690C34D4F516446 . 1306992 . . [6.1.7601.22097 (win7sp1_ldr.120822-0335)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[7] 2012-03-30 10:23:11 . 7FA2E0F8B072BD04B77B421480B6CC22 . 1291632 . . [6.1.7601.17802 (win7sp1_gdr.120329-2050)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[7] 2012-03-30 09:04:23 . 88FCDB9923EFECA207B3CEBD24407126 . 1306480 . . [6.1.7601.21954 (win7sp1_ldr.120329-1906)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[7] 2011-04-25 06:31:09 . 6D4728CFF2724FF3A4654971D61D0F1C . 1301376 . . [6.1.7601.21712 (win7sp1_ldr.110424-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[7] 2011-04-25 04:31:30 . 24326784DF8F3D5F5BBB9F878CE33C14 . 1290624 . . [6.1.7601.17603 (win7sp1_gdr.110424-1504)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[7] 2010-11-20 21:29:20 . 37E8FA3779668837CA9E2C36D2415949 . 1290112 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys

[7] 2012-07-04 21:17:55 . 28B0CF997DE2852E9D27A36CDD6884C8 . 102912 . . [6.1.7601.22044 (win7sp1_ldr.120704-0720)] . . C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_7b599b801576accc\browser.dll
[7] 2012-07-04 21:14:34 . 3DAA727B5B0A45039B0E1C9A211B8400 . 102912 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\browser.dll
[7] 2012-07-04 21:14:34 . 3DAA727B5B0A45039B0E1C9A211B8400 . 102912 . . [6.1.7601.17887 (win7sp1_gdr.120704-0720)] . . C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_7aa7e7c0fc769589\browser.dll
[7] 2010-11-20 21:29:24 . 6E11F33D14D020F58D5E02E4D67DFA19 . 102400 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_7af090a4fc408e78\browser.dll

[7] 2012-08-24 16:53:44 . 7ABC23F3D86880AD62ACEDC7479608F8 . 22528 . . [6.1.7601.22099 (win7sp1_ldr.120824-0334)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\lsass.exe
[7] 2012-06-02 04:51:22 . FA7B950E4CA6AA260C4EABA19E03644D . 22528 . . [6.1.7601.22010 (win7sp1_ldr.120601-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[7] 2011-11-17 05:29:50 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725 (win7sp1_gdr.111116-1503)] . . C:\Windows\System32\lsass.exe
[7] 2011-11-17 05:29:50 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725 (win7sp1_gdr.111116-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[7] 2011-11-17 05:29:50 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725 (win7sp1_gdr.111116-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[7] 2011-11-17 05:29:50 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725 (win7sp1_gdr.111116-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsass.exe
[7] 2011-11-17 05:24:04 . FBCB2DFA40862DAA7B1534C9538208A5 . 22528 . . [6.1.7601.21861 (win7sp1_ldr.111116-1505)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
[7] 2009-07-14 01:14:23 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

[7] 2009-07-14 01:16:03 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\netman.dll
[7] 2009-07-14 01:16:03 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

[7] 2009-07-14 01:04:30 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\comres.dll
[7] 2009-07-14 01:04:30 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll

[7] 2010-11-20 21:29:08 . E585445D5021971FAE10393F0F1C3961 . 585728 . . [7.5.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\qmgr.dll
[7] 2010-11-20 21:29:08 . E585445D5021971FAE10393F0F1C3961 . 585728 . . [7.5.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

[7] 2010-11-20 21:29:12 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\rpcss.dll
[7] 2010-11-20 21:29:12 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll

[7] 2009-07-14 01:14:36 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\services.exe
[7] 2009-07-14 01:14:36 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[7] 2012-02-11 05:37:49 . 9AEA093B8F9C37CF45538382CABA2475 . 317440 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\spoolsv.exe
[7] 2012-02-11 05:37:49 . 9AEA093B8F9C37CF45538382CABA2475 . 317440 . . [6.1.7601.17777 (win7sp1_gdr.120210-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[7] 2012-02-11 05:21:14 . CAE10A25F936C053E41CBE0FA06FF15D . 317952 . . [6.1.7601.21921 (win7sp1_ldr.120210-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe
[7] 2010-11-20 21:29:06 . 866A43013535DC8587C258E43579C764 . 317440 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe

[7] 2010-11-20 21:29:06 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\winlogon.exe
[7] 2010-11-20 21:29:06 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[7] 2012-06-02 22:19:33 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)] . . C:\Windows\System32\wuauclt.exe
[7] 2012-06-02 22:19:33 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)] . . C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe
[7] 2010-11-20 21:29:04 . 75B06ACD9D8DC0FE3603294E1899F496 . 47104 . . [7.5.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_c315782c0def9f8f\wuauclt.exe

[7] 2010-11-20 21:29:07 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\drivers\tdx.sys
[7] 2010-11-20 21:29:07 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys

[7] 2010-11-20 21:29:12 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-20 21:29:07 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82 (win7_rtm.090713-1255)] . . C:\Windows\System32\comctl32.dll
[7] 2010-11-20 21:29:07 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-20 21:29:06 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

[7] 2012-06-02 04:52:32 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7601.22010 (win7sp1_ldr.120601-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[7] 2012-06-02 04:36:29 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\cryptsvc.dll
[7] 2012-06-02 04:36:29 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7601.17856 (win7sp1_gdr.120601-1505)] . . C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[7] 2010-11-20 21:29:24 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

[7] 2009-07-14 01:15:19 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\es.dll
[7] 2009-07-14 01:15:19 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

[7] 2010-11-20 21:29:20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\imm32.dll
[7] 2010-11-20 21:29:20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll

[7] 2013-01-04 04:46:46 . F14125F0B2ACB29963E896E3441DC30C . 868352 . . [6.1.7601.22209 (win7sp1_ldr.130103-1434)] . . C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll
[7] 2012-11-30 05:01:46 . 6D0D4B00C7CB4FA829F396A83B327894 . 868352 . . [6.1.7601.22177 (win7sp1_ldr.121129-1432)] . . C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll
[7] 2012-11-30 04:47:44 . AE09B85158C66E2C154C5C9B3C0027B3 . 868352 . . [6.1.7601.18015 (win7sp1_gdr.121129-1432)] . . C:\Windows\System32\kernel32.dll
[7] 2012-11-30 04:47:44 . AE09B85158C66E2C154C5C9B3C0027B3 . 868352 . . [6.1.7601.18015 (win7sp1_gdr.121129-1432)] . . C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll
[7] 2012-10-04 16:43:05 . 3ED262888758E350C29E02207AF9AC59 . 868352 . . [6.1.7601.17965 (win7sp1_gdr.121004-0333)] . . C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll
[7] 2012-10-04 16:32:16 . 63350392C018D28C87E6FCB638DFCFE8 . 868352 . . [6.1.7601.22125 (win7sp1_ldr.121004-0334)] . . C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll
[7] 2010-11-20 21:29:19 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll

[7] 2009-07-14 01:15:36 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\linkinfo.dll
[7] 2009-07-14 01:15:36 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll

[7] 2009-07-14 01:15:36 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\lpk.dll
[7] 2009-07-14 01:15:36 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll
[7] 2009-07-14 01:15:36 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_abc7e369b8d5fa3e\lpk.dll
[7] 2009-07-14 01:15:36 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_abc2c1b1b8daa369\lpk.dll
[7] 2009-07-14 01:15:36 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_ac507fead1f480b1\lpk.dll
[7] 2009-07-14 01:15:36 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_ac0e7fd2d22636de\lpk.dll

[7] 2013-05-03 15:19:02 . D017BF8D92938EEB9B3A1D1C53FDA152 . 14323200 . . [10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)] . . C:\Windows\System32\mshtml.dll
[7] 2013-05-03 15:19:02 . D017BF8D92938EEB9B3A1D1C53FDA152 . 14323200 . . [10.00.9200.16540 (win8_gdr.130220-2327)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_35002808da3dc0b6\mshtml.dll
[7] 2013-02-22 04:06:28 . 474D43D76E2A33FEE21C6F4BB7C4A3B7 . 12324864 . . [9.00.8112.20586 (WIN7_IE9_LDR.130221-1819)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_2c10740f55b992b4\mshtml.dll
[7] 2013-02-22 04:05:50 . 658EBC74BD38D16805648C4775F7FA82 . 12324352 . . [9.00.8112.16476 (WIN7_IE9_GDR.130221-1821)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_2b91a7303c93d6f9\mshtml.dll
[7] 2013-02-02 04:15:04 . 88C27474E61271B49677F22CEE76FB3E . 12322304 . . [9.00.8112.20580 (WIN7_IE9_LDR.130201-1816)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20580_none_2c0a725355befaaa\mshtml.dll
[7] 2013-02-02 04:09:34 . 263963D93A3CA8F685EFA5966F1E6581 . 12321792 . . [9.00.8112.16470 (WIN7_IE9_GDR.130201-1812)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16470_none_2b8ba5743c993eef\mshtml.dll
[7] 2013-01-23 06:13:25 . 07F649CD36F266BBE33B814FA678AA43 . 12320256 . . [9.00.8112.16457 (WIN7_IE9_GDR.121113-1619)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16457_none_2ba847523c82b86e\mshtml.dll
[7] 2013-01-08 22:23:25 . C97434C851C4821BD92D2831FDF1ECBE . 12321280 . . [9.00.8112.16464 (WIN7_IE9_GDR.130108-1230)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_2b9a76883c8d885a\mshtml.dll
[7] 2013-01-08 21:17:18 . B6AD225B3BCC07332FBB2C2824315534 . 12322304 . . [9.00.8112.20573 (WIN7_IE9_LDR.130108-1128)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20573_none_2c18431d55b42abe\mshtml.dll
[7] 2011-03-08 23:57:54 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537 (win7sp1_gdr.110106-1655)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll
[7] 2011-03-08 23:57:54 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636 (win7sp1_ldr.110106-1655)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll
[7] 2010-11-20 21:29:33 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll

[7] 2011-12-16 08:58:30 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878 (win7sp1_ldr.111215-1535)] . . C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[7] 2011-12-16 07:52:58 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744 (win7sp1_gdr.111215-1535)] . . C:\Windows\System32\msvcrt.dll
[7] 2011-12-16 07:52:58 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744 (win7sp1_gdr.111215-1535)] . . C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2009-07-14 01:15:50 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll

[7] 2010-11-20 21:29:12 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\mswsock.dll
[7] 2010-11-20 21:29:12 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

[7] 2010-11-20 21:29:12 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\netlogon.dll
[7] 2010-11-20 21:29:12 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[7] 2009-07-14 01:16:12 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\powrprof.dll
[7] 2009-07-14 01:16:12 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll

[7] 2010-11-20 21:29:07 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\scecli.dll
[7] 2010-11-20 21:29:07 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

[7] 2009-07-14 01:10:22 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\sfc.dll
[7] 2009-07-14 01:10:22 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll

[7] 2009-07-14 01:14:41 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\svchost.exe
[7] 2009-07-14 01:14:41 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[7] 2010-11-20 21:29:07 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\tapisrv.dll
[7] 2010-11-20 21:29:07 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll

[7] 2010-11-20 21:29:20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\user32.dll
[7] 2010-11-20 21:29:20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2010-11-20 21:29:06 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\userinit.exe
[7] 2010-11-20 21:29:06 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[7] 2013-05-03 15:19:03 . CFE0CEE587F9CEA4C29DEEC6D85FC91C . 1766912 . . [10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)] . . C:\Windows\System32\wininet.dll
[7] 2013-05-03 15:19:03 . CFE0CEE587F9CEA4C29DEEC6D85FC91C . 1766912 . . [10.00.9200.16540 (win8_gdr.130220-2327)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll
[7] 2013-02-22 03:38:00 . C5B6468422DB1C8AA36C32CBB0197E5E . 1129472 . . [9.00.8112.16476 (WIN7_IE9_GDR.130221-1821)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16476_none_1a378811bc3d6dc3\wininet.dll
[7] 2013-02-22 03:35:17 . 490E24D5E427DFA55B1C1182F0DB861C . 1129984 . . [9.00.8112.20586 (WIN7_IE9_LDR.130221-1819)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20586_none_1ab654f0d563297e\wininet.dll
[7] 2013-02-02 03:36:46 . 1284D72C04B553ED5382EA14303D66DB . 1129472 . . [9.00.8112.20580 (WIN7_IE9_LDR.130201-1816)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_1ab05334d5689174\wininet.dll
[7] 2013-02-02 03:30:21 . 03728C624D05C2F157BBD46F6B7F6EA0 . 1129472 . . [9.00.8112.16470 (WIN7_IE9_GDR.130201-1812)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_1a318655bc42d5b9\wininet.dll
[7] 2013-01-23 06:13:25 . 7FA3A810F383588D46220967DE8B64FF . 1129472 . . [9.00.8112.16457 (WIN7_IE9_GDR.121113-1619)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16457_none_1a4e2833bc2c4f38\wininet.dll
[7] 2013-01-08 22:03:20 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16464 (WIN7_IE9_GDR.130108-1230)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll
[7] 2013-01-08 20:41:13 . 16C45E6881449C6330567E51C13920FA . 1129472 . . [9.00.8112.20573 (WIN7_IE9_LDR.130108-1128)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_1abe23fed55dc188\wininet.dll
[7] 2010-11-20 21:29:12 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll

[7] 2010-11-20 21:29:06 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ws2_32.dll
[7] 2010-11-20 21:29:06 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

[7] 2009-07-14 01:11:26 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ws2help.dll
[7] 2009-07-14 01:11:26 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll

[7] 2011-02-26 05:19:21 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669 (win7sp1_ldr.110225-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 05:30:54 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\explorer.exe
[7] 2011-02-25 05:30:54 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567 (win7sp1_gdr.110224-1502)] . . C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 21:29:20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[7] 2009-07-14 01:14:30 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\regedit.exe
[7] 2009-07-14 01:14:30 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

[7] 2010-11-20 21:29:07 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ole32.dll
[7] 2010-11-20 21:29:07 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll

[7] 2012-11-22 05:36:39 . CA68408922B02E8D955A2967C7CBF8CE . 626688 . . [1.0626.7601.22171 (win7sp1_ldr.121121-1431)] . . C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22171_none_af477f18d00f9c82\usp10.dll
[7] 2012-11-22 04:45:03 . B7230010D97787AF3D25E4C82F2B06B9 . 626688 . . [1.0626.7601.18009 (win7sp1_gdr.121121-1431)] . . C:\Windows\System32\usp10.dll
[7] 2012-11-22 04:45:03 . B7230010D97787AF3D25E4C82F2B06B9 . 626688 . . [1.0626.7601.18009 (win7sp1_gdr.121121-1431)] . . C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18009_none_af119411b6b203d9\usp10.dll
[7] 2010-11-20 21:29:19 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll

[7] 2009-07-14 01:15:35 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ksuser.dll
[7] 2009-07-14 01:15:35 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll

[7] 2009-07-14 01:14:16 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ctfmon.exe
[7] 2009-07-14 01:14:16 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

[7] 2010-11-20 21:29:12 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\shsvcs.dll
[7] 2010-11-20 21:29:12 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_cf37c7157b2fafed\shsvcs.dll

[7] 2009-07-14 01:15:44 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\msimg32.dll
[7] 2009-07-14 01:15:44 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll

[7] 2009-07-14 01:15:06 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\cngaudit.dll
[7] 2009-07-14 01:15:06 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[7] 2009-07-14 01:14:45 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\wininit.exe
[7] 2009-07-14 01:14:45 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[7] 2009-07-14 01:16:13 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\regsvc.dll
[7] 2009-07-14 01:16:13 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll

[7] 2010-11-20 21:29:21 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\schedsvc.dll
[7] 2010-11-20 21:29:21 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_3108887cf54491c3\schedsvc.dll

[7] 2009-07-14 01:16:15 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ssdpsrv.dll
[7] 2009-07-14 01:16:15 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll

[7] 2010-11-20 21:29:19 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\termsrv.dll
[7] 2010-11-20 21:29:19 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll

[7] 2009-07-14 01:15:24 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\hnetcfg.dll
[7] 2009-07-14 01:15:24 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll

[7] 2009-07-14 01:14:53 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\appmgmts.dll
[7] 2009-07-14 01:14:53 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll

[7] 2009-07-14 01:26:15 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\drivers\AGP440.sys
[7] 2009-07-14 01:26:15 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[7] 2009-07-14 01:26:15 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[7] 2009-07-14 01:15:26 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ias.dll
[7] 2009-07-14 01:15:26 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll

[7] 2010-11-20 21:29:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . C:\Windows\System32\mfc40u.dll
[7] 2010-11-20 21:29:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll

[7] 2013-03-19 05:04:13 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113 (win7sp1_gdr.130318-1533)] . . C:\Windows\System32\ntkrnlpa.exe
[7] 2013-03-19 05:04:13 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113 (win7sp1_gdr.130318-1533)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-03-19 04:41:10 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280 (win7sp1_ldr.130318-1534)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-01-05 05:00:15 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044 (win7sp1_gdr.130104-1431)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 04:49:01 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210 (win7sp1_ldr.130104-1432)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-08-30 17:12:02 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944 (win7sp1_gdr.120830-0333)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 17:06:08 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103 (win7sp1_ldr.120830-0335)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-03-31 04:39:37 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803 (win7sp1_gdr.120330-1504)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 04:37:34 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955 (win7sp1_ldr.120330-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 05:59:47 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790 (win7sp1_gdr.120305-1505)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 05:41:34 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936 (win7sp1_ldr.120305-1505)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2010-11-20 21:29:06 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe

[7] 2009-07-14 01:16:17 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\upnphost.dll
[7] 2009-07-14 01:16:17 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll

[7] 2009-07-14 01:15:13 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\dsound.dll
[7] 2009-07-14 01:15:13 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll

[7] 2010-11-20 21:29:19 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\d3d9.dll
[7] 2010-11-20 21:29:19 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll

[7] 2009-07-14 01:15:10 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\ddraw.dll
[7] 2009-07-14 01:15:10 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll

[7] 2010-11-20 21:29:10 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . C:\Windows\System32\olepro32.dll
[7] 2010-11-20 21:29:10 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll

[7] 2009-07-14 01:16:12 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\perfctrs.dll
[7] 2009-07-14 01:16:12 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll

[7] 2009-07-14 01:16:17 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\version.dll
[7] 2009-07-14 01:16:17 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll

[7] 2013-05-03 15:19:03 . E4F6125ED5185F8FA37CC4F449B85526 . 770608 . . [10.00.9200.16537 (win8_gdr.130218-1602)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_ba7371c665da0d6e\iexplore.exe
[7] 2013-02-22 04:10:31 . 4145E2B5663F6FACC08EFDB17B658BB2 . 757360 . . [9.00.8112.20586 (WIN7_IE9_LDR.130221-1819)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_b183bdcce155df6c\iexplore.exe
[7] 2013-02-22 04:10:00 . 32732CEDE2A1106B736EF3D84054EE04 . 757376 . . [9.00.8112.16476 (WIN7_IE9_GDR.130221-1821)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_b104f0edc83023b1\iexplore.exe
[7] 2013-02-02 04:19:04 . DDE5A0DFAF7C6370FB36402D7A746ED3 . 757296 . . [9.00.8112.16470 (WIN7_IE9_GDR.130201-1812)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
[7] 2013-02-02 04:19:03 . A285E1965C115031DA02B777EE9D7689 . 757280 . . [9.00.8112.20580 (WIN7_IE9_LDR.130201-1816)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
[7] 2013-01-23 06:13:25 . B201AF83DF2E85323E29EB83E4046810 . 757280 . . [9.00.8112.16457 (WIN7_IE9_GDR.121113-1619)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[7] 2013-01-08 22:42:06 . 698EB1E5F8C66344D97C00B5699E871D . 757280 . . [9.00.8112.16464 (WIN7_IE9_GDR.130108-1230)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
[7] 2013-01-08 21:32:42 . F05982E56ABD835AA8DF260EEC873E5B . 757280 . . [9.00.8112.20573 (WIN7_IE9_LDR.130108-1128)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe
[7] 2010-11-20 21:29:33 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe


[7] 2013-03-19 05:04:10 . 2DFAB8C3C394E95D262E1325BDA5DFE4 . 3913560 . . [6.1.7601.18113 (win7sp1_gdr.130318-1533)] . . C:\Windows\System32\ntoskrnl.exe
[7] 2013-03-19 05:04:10 . 2DFAB8C3C394E95D262E1325BDA5DFE4 . 3913560 . . [6.1.7601.18113 (win7sp1_gdr.130318-1533)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntoskrnl.exe
[7] 2013-03-19 04:41:07 . 80A652978002318C9723D43CFA618816 . 3916632 . . [6.1.7601.22280 (win7sp1_ldr.130318-1534)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntoskrnl.exe
[7] 2013-01-05 05:00:11 . 82FF919E9236B0137B5C7455B0E1418A . 3913064 . . [6.1.7601.18044 (win7sp1_gdr.130104-1431)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe
[7] 2013-01-05 04:49:01 . 2E083C7D9CA98B63FA8F8062874E9327 . 3916648 . . [6.1.7601.22210 (win7sp1_ldr.130104-1432)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe
[7] 2012-08-30 17:12:02 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944 (win7sp1_gdr.120830-0333)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[7] 2012-08-30 17:06:07 . 5355A85D26EECFA3A68B1F55B0C59A20 . 3917168 . . [6.1.7601.22103 (win7sp1_ldr.120830-0335)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[7] 2012-03-31 04:39:37 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803 (win7sp1_gdr.120330-1504)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 04:37:33 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955 (win7sp1_ldr.120330-1503)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2012-03-06 05:59:41 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790 (win7sp1_gdr.120305-1505)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[7] 2012-03-06 05:41:34 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936 (win7sp1_ldr.120305-1505)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[7] 2010-11-20 21:29:06 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe

[7] 2009-07-14 01:16:17 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\w32time.dll
[7] 2009-07-14 01:16:17 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll

[7] 2010-11-20 21:29:41 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\wiaservc.dll
[7] 2010-11-20 21:29:41 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512\wiaservc.dll

[7] 2009-07-14 01:15:40 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\midimap.dll
[7] 2009-07-14 01:15:40 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll

[7] 2009-07-14 01:16:12 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\rasadhlp.dll
[7] 2009-07-14 01:16:12 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll

[7] 2009-07-14 01:16:20 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\WSHTCPIP.DLL
[7] 2009-07-14 01:16:20 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50:32   21864   ----a-w-   C:\Program Files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nimbuzz"="C:\Program Files\Nimbuzz\Nimbuzz.exe" [2013-04-06 10:01:12 12784640]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 17:19:58 6591800]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2013-02-28 14:20:02 18642024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 10:41:52 1594664]
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 10:43:08 5249024]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-01 18:14:48 98304]
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 07:19:26 284696]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 07:41:06 947152]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2010-07-04 19:51:26 17408]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 11:24:26 91520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"NCInstallQueue"="netman.dll" [2009-07-14 01:16:03 280576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

R1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys

R1 LUMDriver;LUMDriver;C:\Windows\system32\drivers\LUMDriver.sys

R1 wseak;wseak;C:\Windows\system32\drivers\wseak.sys

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe

R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe

R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files\Common Files\COMODO\launcher_service.exe

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files\Comodo\Dragon\dragon_updater.exe

R2 Elite Antikeylogger monitoring service;Elite Antikeylogger monitoring service;C:\Program Files\Widestep Software\Elite Antikeylogger\wseaksrv.exe

R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys

R2 PanService;PandoraService;C:\Program Files\PANDORA.TV\PanService\PandoraService.exe

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe

R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys

R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys

R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys

R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys

R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys

R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys

S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys

S1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys

S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup   REG_MULTI_SZ      GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache

[saeid]

SuperDave I still see this error when I run a program in Normal Mode "Windows cannot access specified device, path or file. You may not have appropriate permissions to access the item."

[SuperDave]

SuperDave I still see this error when I run a program in Normal Mode "Windows cannot access specified device, path or file. You may not have appropriate permissions to access the item."

Can you give me the specifics about the file?

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

***************************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

[saeid]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Saied [Admin rights]
Mode : Scan -- Date : 05/10/2013 16:17:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 9fa79c308b8774c1af4df3ed20256a07
[BSP] 996ba90c00f6b0bcd7cd4f639deccfc8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 79900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163842048 | Size: 180000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 532482048 | Size: 216938 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05102013_02d1617.txt >>
RKreport[1]_S_05102013_02d1617.txt

[saeid]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Saied\Downloads\Compressed\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9E3C6000
Module End: 9E3D1000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 83009000
Module End: 8341C000
Hidden: No

Module Name: C:\Windows\system32\halmacpi.dll
Service Name: ---
Module Base: 8341C000
Module End: 83453000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80B9D000
Module End: 80BA5000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 83617000
Module End: 8369C000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8369C000
Module End: 836AD000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 836AD000
Module End: 836B5000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 836B5000
Module End: 836F7000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 836F7000
Module End: 837A2000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8B63C000
Module End: 8B6BD000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8B6BD000
Module End: 8B6CB000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\spqf.sys
Service Name: ---
Module Base: 8B6CB000
Module End: 8B7CC000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: 8B7CC000
Module End: 8B7D5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: 8B7D5000
Module End: 8B7FB000
Hidden: No

Module Name: C:\Windows\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: 837A2000
Module End: 837EA000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 8B600000
Module End: 8B608000
Hidden: No

Module Name: C:\Windows\system32\drivers\vdrvroot.sys
Service Name: vdrvroot
Module Base: 8B608000
Module End: 8B613000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 8B80C000
Module End: 8B836000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8B836000
Module End: 8B847000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 8B847000
Module End: 8B84F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: ---
Module Base: 8B84F000
Module End: 8B85A000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 8B85A000
Module End: 8B86A000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 8B86A000
Module End: 8B8B5000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: mountmgr
Module Base: 8B8B5000
Module End: 8B8CB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\iaStor.sys
Service Name: iaStor
Module Base: 8BA0C000
Module End: 8BBC1000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 8BBC1000
Module End: 8BBCA000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8BBCA000
Module End: 8BBED000
Hidden: No

Module Name: C:\Windows\system32\drivers\msahci.sys
Service Name: msahci
Module Base: 8BBED000
Module End: 8BBF7000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 8B8CB000
Module End: 8B8D9000
Hidden: No

Module Name: C:\Windows\system32\drivers\amdxata.sys
Service Name: amdxata
Module Base: 8BBF7000
Module End: 8BC00000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8B8D9000
Module End: 8B90D000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8B90D000
Module End: 8B91E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: 8B91E000
Module End: 8B94A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: ---
Module Base: 8BC1B000
Module End: 8BD4A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\msrpc.sys
Service Name: ---
Module Base: 8BD4A000
Module End: 8BD75000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8BD75000
Module End: 8BD88000
Hidden: No

Module Name: C:\Windows\System32\Drivers\cng.sys
Service Name: CNG
Module Base: 8BD88000
Module End: 8BDE5000
Hidden: No

Module Name: C:\Windows\System32\drivers\pcw.sys
Service Name: pcw
Module Base: 8BDE5000
Module End: 8BDF3000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.sys
Service Name: ---
Module Base: 8BDF3000
Module End: 8BDFC000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8BE06000
Module End: 8BEBD000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8BEBD000
Module End: 8BEFB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecpkg.sys
Service Name: KSecPkg
Module Base: 8BEFB000
Module End: 8BF21000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8C002000
Module End: 8C14E000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8C14E000
Module End: 8C17F000
Hidden: No

Module Name: C:\Windows\system32\drivers\vmstorfl.sys
Service Name: storflt
Module Base: 8C17F000
Module End: 8C188000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8C188000
Module End: 8C1C7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: ---
Module Base: 8C1C7000
Module End: 8C1CF000
Hidden: No

Module Name: C:\Windows\System32\drivers\rdyboost.sys
Service Name: rdyboost
Module Base: 8C1CF000
Module End: 8C1FC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8BF21000
Module End: 8BF31000
Hidden: No

Module Name: C:\Windows\System32\drivers\hwpolicy.sys
Service Name: hwpolicy
Module Base: 8BF31000
Module End: 8BF39000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\fvevol.sys
Service Name: fvevol
Module Base: 8BF39000
Module End: 8BF6B000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: Disk
Module Base: 8BF6B000
Module End: 8BF7C000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8BF7C000
Module End: 8BFA1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 913E1000
Module End: 91400000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\cmdguard.sys
Service Name: cmdGuard
Module Base: 8B94A000
Module End: 8B9C5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CFRMD.sys
Service Name: CFRMD
Module Base: 91200000
Module End: 9120B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: ---
Module Base: 9120B000
Module End: 91212000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: ---
Module Base: 91212000
Module End: 91219000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8BFAE000
Module End: 8BFBA000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8BFBA000
Module End: 8BFDB000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8BFDB000
Module End: 8BFE8000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8BFE8000
Module End: 8BFF0000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8BFF0000
Module End: 8BFF8000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdprefmp.sys
Service Name: RDPREFMP
Module Base: 8BFF8000
Module End: 8C000000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: ---
Module Base: 8BC00000
Module End: 8BC0B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: ---
Module Base: 8BC0B000
Module End: 8BC19000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8B9C5000
Module End: 8B9DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8BA00000
Module End: 8BA0C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\cmdhlp.sys
Service Name: cmdHlp
Module Base: 8B9DC000
Module End: 8B9E6000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 91812000
Module End: 9186C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: 9186C000
Module End: 9189E000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 9189E000
Module End: 918A7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wfplwf.sys
Service Name: WfpLwf
Module Base: 918A7000
Module End: 918AE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: Psched
Module Base: 918AE000
Module End: 918CD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\vwififlt.sys
Service Name: vwififlt
Module Base: 918CD000
Module End: 918DE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\inspect.sys
Service Name: inspect
Module Base: 918DE000
Module End: 918F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 918F4000
Module End: 91902000
Hidden: No

Module Name: C:\Windows\system32\drivers\wseak.sys
Service Name: wseak
Module Base: 91902000
Module End: 9190C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: WANARP
Module Base: 9190C000
Module End: 9191F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 9191F000
Module End: 91930000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 91930000
Module End: 91971000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 91971000
Module End: 9197B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 9197B000
Module End: 91985000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\LUMDriver.sys
Service Name: LUMDriver
Module Base: 91985000
Module End: 91988000
Hidden: No

Module Name: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
Service Name: ISODrive
Module Base: 91988000
Module End: 9199F000
Hidden: No

Module Name: C:\Windows\System32\drivers\discache.sys
Service Name: discache
Module Base: 9199F000
Module End: 919AB000
Hidden: No

Module Name: C:\Windows\system32\drivers\csc.sys
Service Name: CSC
Module Base: 91A07000
Module End: 91A6B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 91A6B000
Module End: 91A83000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\blbdrive.sys
Service Name: blbdrive
Module Base: 91A83000
Module End: 91A91000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 91A91000
Module End: 91AB2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atikmpag.sys
Service Name: amdkmdap
Module Base: 91AB2000
Module End: 91AEA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atikmdag.sys
Service Name: amdkmdag
Module Base: 9223D000
Module End: 927E0000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 91AEA000
Module End: 91BA1000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgmms1.sys
Service Name: ---
Module Base: 92200000
Module End: 92239000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 927E0000
Module End: 927FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HECI.sys
Service Name: HECI
Module Base: 91BA1000
Module End: 91BAC000
Hidden: No

Module Name: C:\Windows\system32\drivers\usbehci.sys
Service Name: usbehci
Module Base: 91BAC000
Module End: 91BBB000
Hidden: No

Module Name: C:\Windows\system32\drivers\USBPORT.SYS
Service Name: ---
Module Base: 919AB000
Module End: 919F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XX
Module Base: 93E19000
Module End: 940B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\vwifibus.sys
Service Name: vwifibus
Module Base: 940B2000
Module End: 940BC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 940FD000
Module End: 94115000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 94115000
Module End: 9414C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 9414C000
Module End: 9414E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 9414E000
Module End: 9415B000
Hidden: No

Module Name: C:\Windows\system32\drivers\kbdclass.sys
Service Name: kbdclass
Module Base: 9415B000
Module End: 94168000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Impcd.sys
Service Name: Impcd
Module Base: 94168000
Module End: 94189000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\adrbnic8.SYS
Service Name: ---
Module Base: 94189000
Module End: 941C1000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 941C1000
Module End: 941CA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 941CA000
Module End: 941CE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 941CE000
Module End: 941E0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CompositeBus.sys
Service Name: CompositeBus
Module Base: 941E0000
Module End: 941ED000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AgileVpn.sys
Service Name: RasAgileVpn
Module Base: 941ED000
Module End: 941FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 93E00000
Module End: 93E18000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 91BBB000
Module End: 91BC6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 91BC6000
Module End: 91BE8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 91BE8000
Module End: 91C00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8B9E6000
Module End: 8B9FD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8B613000
Module End: 8B62A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmvwl32.sys
Service Name: BcmVWL
Module Base: 92239000
Module End: 9223C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdpbus.sys
Service Name: rdpbus
Module Base: 919F6000
Module End: 91A00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 91A00000
Module End: 91A02000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 9542E000
Module End: 95462000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 95462000
Module End: 95470000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 95470000
Module End: 954B4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: ---
Module Base: 954B4000
Module End: 954C5000
Hidden: No

Module Name: C:\Windows\system32\drivers\AtiHdmi.sys
Service Name: AtiHdmiService
Module Base: 954C5000
Module End: 954E3000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 954E3000
Module End: 95512000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 95512000
Module End: 9552B000
Hidden: No

Module Name: C:\Windows\system32\drivers\HdAudio.sys
Service Name: HdAudAddService
Module Base: 9552B000
Module End: 9557B000
Hidden: No

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 9557B000
Module End: 95585000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 95585000
Module End: 95590000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 95590000
Module End: 9559D000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 91219000
Module End: 913CE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 9559D000
Module End: 955AE000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 955AE000
Module End: 955C5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\usbvideo.sys
Service Name: usbvideo
Module Base: 955C5000
Module End: 955E9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 955E9000
Module End: 955F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 95400000
Module End: 95413000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 95413000
Module End: 9541A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 9541A000
Module End: 95425000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 95625000
Module End: 95640000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 95640000
Module End: 9564C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9564C000
Module End: 9565C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9565C000
Module End: 956A2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 956A2000
Module End: 956B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 956B2000
Module End: 956C5000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 956CE000
Module End: 95753000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 95753000
Module End: 9576C000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9576C000
Module End: 9577E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9577E000
Module End: 957A1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 957A1000
Module End: 957DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 957DC000
Module End: 957F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\idmwfp.sys
Service Name: IDMWFP
Module Base: 95600000
Module End: 95619000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9E21D000
Module End: 9E2B4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: ---
Module Base: 9E2B4000
Module End: 9E2BE000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9E2BE000
Module End: 9E2DF000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9E2DF000
Module End: 9E2EC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9E2EC000
Module End: 9E33C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9E33C000
Module End: 9E38E000
Hidden: No

Module Name: C:\Windows\system32\drivers\BCM42RLY.sys
Service Name: BCM42RLY
Module Base: 9E38E000
Module End: 9E396000
Hidden: No

Module Name: \??\C:\Program Files\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys
Service Name: TuneUpUtilitiesDrv
Module Base: 9E396000
Module End: 9E397000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\NisDrvWFP.sys
Service Name: NisDrv
Module Base: 9E397000
Module End: 9E3AF000
Hidden: No

Module Name: \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E4A5127-6C30-416A-81CE-D79D8A6F919C}\MpKslec32e687.sys
Service Name: ---
Module Base: 9E3C0000
Module End: 9E3C6000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\Catalog
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache\{698cf0e5-50cc-4cc2-b7b0-c99e9223192a}
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache\{b6e3ec34-8f3d-47c2-8030-1c96c99d04f7}
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache
Status: Access denied

Object: C:\Users\Saied\AppData\Roaming\Microsoft\Office\Recent\طعم تريد سنگک با دوغ.LNK
Status: Hidden

Object: C:\Users\Saied\AppData\Roaming\Microsoft\Windows\Recent\درگاه پرداخت آنلاين کمپا ني وي پي ان باران.lnk
Status: Hidden

Object: C:\Users\Saied\Downloads\درگاه پرداخت آنلاين کمپا ني وي پي ان باران.htm
Status: Hidden

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied

[saeid]

I dont know any specification

[SuperDave]

Please run RogueKiller again and delete those items.

I dont know any specification

Can you provide me with a screenshot?

How to post screenshots or images

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[saeid]

Ok SuperDave I must add when I wanted to paste Print Screen in the paint I saw an error then I used snipping tools And I saw the other error.
Other problems are I cant uninstall or install any program in the Normal Mode, I have deal with a lot of problems in normal mode, my windows photo viewer doesnt work at all and . . .
I attach these photos.

[recovering disk space, attachment deleted by admin]

[SuperDave]

Do you have any accounts on this computer?

[saeid]

No I dont .

[SuperDave]

This will probably help.