Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe virus and google redirect


  • This topic is locked This topic is locked
23 replies to this topic

#1 cursed sasuke

cursed sasuke

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 07 April 2012 - 03:04 AM

Whenever I run a full scan on malwarebytes anti-malware, it brings up two trojan viruses that have infected my computer, both are svchost.exe files. I click remove and I reboot the computer, but it just comes back. I even did the scan again, but this time, not rebooting the computer and doing the scan again to see if it was still there. Sure enough, it still was. I have included a log report of malwarebytes, so I hope this is okay. Also, I've used SUPERAntiSpyware, but it also doesn't help me. The virus keeps making me go to a blue screen, which causes me to reboot the computer. Sometimes windows can't start up due to this, so it goes to windows repair. Once it's repaired, it starts up fine. I've noticed when I make my malwarebytes enable protection, it notifies me when svchost.exe starts up and attacks, so I quarantine it, which doesn't make me go to the blue screen like it normally does, but the virus is STILL there. Also, sometimes while I browse the internet, I get redirected to a different page, and it mostly happens when I browse on Google. I have no idea what to do, so I humbly ask for help.

Thank you so much for taking the time to help me!

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Yaseen Razeq at 3:15:49 on 2012-04-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6142.4117 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
-netsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Yaseen Razeq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Yaseen Razeq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen Razeq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Yaseen Razeq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Yaseen Razeq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Yaseen Razeq\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
StartupFolder: C:\Users\YASEEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{E16D7E67-3B08-4566-8E60-9DD93EFAE16D} : DhcpNameServer = 192.168.1.1 71.250.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-1 652360]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-07 07:09:14 20480 ----a-w- C:\Windows\svchost.exe
2012-04-07 07:08:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33BE0431-FB20-4FAF-9E63-54C0247E76EB}\offreg.dll
2012-04-07 06:56:44 98816 ----a-w- C:\Windows\sed.exe
2012-04-07 06:56:44 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-07 06:56:44 256000 ----a-w- C:\Windows\PEV.exe
2012-04-07 06:56:44 208896 ----a-w- C:\Windows\MBR.exe
2012-04-07 06:56:36 -------- d-s---w- C:\ComboFix
2012-04-07 06:39:24 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-06 19:56:15 -------- d-----w- C:\ProgramData\PC Tools
2012-04-06 19:56:15 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-04-06 19:56:15 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-06 16:04:51 -------- d-----we C:\Windows\system64
2012-04-05 19:44:59 -------- d-----w- C:\Users\Yaseen Razeq\AppData\Roaming\SUPERAntiSpyware.com
2012-04-05 19:44:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-05 19:41:08 -------- d-----w- C:\Users\Yaseen Razeq\AppData\Local\Secunia PSI
2012-04-05 19:38:38 -------- d-----w- C:\Program Files (x86)\Secunia
2012-04-05 18:50:46 -------- d-----w- C:\Users\Yaseen Razeq\AppData\Roaming\PC Cleaners
2012-04-05 18:50:13 4039952 ----a-w- C:\Windows\uninst.exe
2012-04-05 18:50:13 -------- d-----w- C:\Users\Yaseen Razeq\AppData\Roaming\PCPro
2012-04-05 18:50:12 -------- d-----w- C:\ProgramData\PC1Data
2012-03-31 05:49:55 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-30 07:08:54 -------- d-----w- C:\Program Files\iPod
2012-03-30 07:08:53 -------- d-----w- C:\Program Files\iTunes
2012-03-14 22:28:23 -------- d-----w- C:\Windows\AutoKMS
2012-03-08 08:02:43 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
.
==================== Find3M ====================
.
2012-02-22 19:58:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 20:46:20 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-18 20:46:20 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-17 07:19:17 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-05 03:06:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2011-11-12 09:06:44 71733104 ----a-w- C:\Program Files\iTunes64Setup.exe
.
============= FINISH: 3:17:45.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 07 April 2012 - 03:26 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 07 April 2012 - 04:07 AM

Hello, Gringo and thanks for helping me! Here's the log from combofix. I didn't have any problems while doing this, and it looks like I might not be having anymore problems according to malwarebytes, which is a first.






ComboFix 12-04-07.02 - Yaseen Razeq 04/07/2012 4:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6142.4318 [GMT -4:00]
Running from: c:\users\Yaseen Razeq\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\setup.exe
c:\users\Yaseen Razeq\Desktop\Internet Explorer.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 08:44 . 2012-04-07 08:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-07 08:44 . 2012-04-07 08:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 19:44 . 2012-04-05 19:44 -------- d-----w- c:\users\Yaseen Razeq\AppData\Roaming\SUPERAntiSpyware.com
2012-04-05 19:44 . 2012-04-05 19:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-05 19:41 . 2012-04-05 19:41 -------- d-----w- c:\users\Yaseen Razeq\AppData\Local\Secunia PSI
2012-04-05 19:38 . 2012-04-05 19:38 -------- d-----w- c:\program files (x86)\Secunia
2012-04-05 18:50 . 2012-04-05 18:50 -------- d-----w- c:\users\Yaseen Razeq\AppData\Roaming\PC Cleaners
2012-04-05 18:50 . 2012-04-05 18:50 -------- d-----w- c:\users\Yaseen Razeq\AppData\Roaming\PCPro
2012-04-05 18:50 . 2012-04-05 18:49 4039952 ----a-w- c:\windows\uninst.exe
2012-04-05 18:50 . 2012-04-05 18:50 -------- d-----w- c:\programdata\PC1Data
2012-03-30 07:08 . 2012-03-30 07:08 -------- d-----w- c:\program files\iPod
2012-03-30 07:08 . 2012-03-30 07:09 -------- d-----w- c:\program files\iTunes
2012-03-14 22:28 . 2012-04-07 10:08 -------- d-----w- c:\windows\AutoKMS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 08:02 . 2012-03-08 08:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 08:02 . 2012-03-08 08:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 08:02 . 2012-03-08 08:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 08:02 . 2012-03-08 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 08:02 . 2012-03-08 08:02 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-08 08:02 . 2012-03-08 08:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 08:02 . 2012-03-08 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-08 08:02 . 2012-03-08 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 08:02 . 2012-03-08 08:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 08:02 . 2012-03-08 08:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 08:02 . 2012-03-08 08:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 08:02 . 2012-03-08 08:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 08:02 . 2012-03-08 08:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 08:02 . 2012-03-08 08:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 08:02 . 2012-03-08 08:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 08:02 . 2012-03-08 08:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 08:02 . 2012-03-08 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 08:02 . 2012-03-08 08:02 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 08:02 . 2012-03-08 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 08:02 . 2012-03-08 08:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 08:02 . 2012-03-08 08:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 08:02 . 2012-03-08 08:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 08:02 . 2012-03-08 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-08 08:02 . 2012-03-08 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-08 08:02 . 2012-03-08 08:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 08:02 . 2012-03-08 08:02 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-08 08:02 . 2012-03-08 08:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 08:02 . 2012-03-08 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 08:02 . 2012-03-08 08:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 08:02 . 2012-03-08 08:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 08:02 . 2012-03-08 08:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 08:02 . 2012-03-08 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 08:02 . 2012-03-08 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-08 08:02 . 2012-03-08 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 08:02 . 2012-03-08 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-08 08:02 . 2012-03-08 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-08 08:02 . 2012-03-08 08:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 08:02 . 2012-03-08 08:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 08:02 . 2012-03-08 08:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 08:02 . 2012-03-08 08:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 08:02 . 2012-03-08 08:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 08:02 . 2012-03-08 08:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-22 19:58 . 2011-11-13 17:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 20:46 . 2012-02-05 03:15 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-18 20:46 . 2012-02-05 03:06 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-17 07:19 . 2012-02-05 03:06 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-05 03:06 . 2012-02-05 03:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-12 09:06 . 2011-11-12 09:06 71733104 ----a-w- c:\program files\iTunes64Setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-12 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
.
c:\users\Yaseen Razeq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-2-2 495104]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205780895-299214005-3157646644-1001Core.job
- c:\users\Yaseen Razeq\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 09:14]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205780895-299214005-3157646644-1001UA.job
- c:\users\Yaseen Razeq\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 09:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF743.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NEOFLTR_600_13319
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,e9,9e,45,d2,ee,64,40,87,a0,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,e9,9e,45,d2,ee,64,40,87,a0,92,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-07 05:02:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 09:01
ComboFix2.txt 2012-04-06 09:09
.
Pre-Run: 472,458,629,120 bytes free
Post-Run: 472,839,733,248 bytes free
.
- - End Of File - - 246E3A59E6227D0C2253CEB26643C3E0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 07 April 2012 - 05:00 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 07 April 2012 - 02:11 PM

My problem still persists and went back to the way it was originally before the combfix. Anyway, here are the logs for TDSS and aswMBR

TDSS:


14:41:58.0429 4316 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:41:58.0826 4316 ============================================================
14:41:58.0826 4316 Current date / time: 2012/04/07 14:41:58.0826
14:41:58.0826 4316 SystemInfo:
14:41:58.0826 4316
14:41:58.0826 4316 OS Version: 6.1.7600 ServicePack: 0.0
14:41:58.0826 4316 Product type: Workstation
14:41:58.0827 4316 ComputerName: YASEENRAZEQ-PC
14:41:58.0827 4316 UserName: Yaseen Razeq
14:41:58.0827 4316 Windows directory: C:\Windows
14:41:58.0827 4316 System windows directory: C:\Windows
14:41:58.0827 4316 Running under WOW64
14:41:58.0827 4316 Processor architecture: Intel x64
14:41:58.0827 4316 Number of processors: 4
14:41:58.0827 4316 Page size: 0x1000
14:41:58.0827 4316 Boot type: Normal boot
14:41:58.0827 4316 ============================================================
14:42:02.0077 4316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:02.0093 4316 \Device\Harddisk0\DR0:
14:42:02.0093 4316 MBR used
14:42:02.0093 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x561BC800
14:42:02.0121 4316 Initialize success
14:42:02.0121 4316 ============================================================
14:43:05.0541 1856 ============================================================
14:43:05.0541 1856 Scan started
14:43:05.0541 1856 Mode: Manual;
14:43:05.0541 1856 ============================================================
14:43:08.0607 1856 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:43:08.0608 1856 !SASCORE - ok
14:43:08.0866 1856 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:43:08.0869 1856 1394ohci - ok
14:43:08.0917 1856 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:43:08.0922 1856 ACPI - ok
14:43:08.0960 1856 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:43:08.0975 1856 AcpiPmi - ok
14:43:09.0094 1856 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:43:09.0095 1856 AdobeARMservice - ok
14:43:09.0150 1856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:09.0159 1856 adp94xx - ok
14:43:09.0257 1856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:43:09.0265 1856 adpahci - ok
14:43:09.0310 1856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:43:09.0314 1856 adpu320 - ok
14:43:09.0356 1856 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:43:09.0359 1856 AeLookupSvc - ok
14:43:09.0415 1856 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:43:09.0422 1856 AFD - ok
14:43:09.0441 1856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:43:09.0444 1856 agp440 - ok
14:43:09.0466 1856 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:43:09.0468 1856 ALG - ok
14:43:09.0503 1856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:43:09.0505 1856 aliide - ok
14:43:09.0529 1856 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
14:43:09.0532 1856 AMD External Events Utility - ok
14:43:09.0552 1856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:43:09.0555 1856 amdide - ok
14:43:09.0571 1856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:43:09.0574 1856 AmdK8 - ok
14:43:09.0913 1856 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:10.0061 1856 amdkmdag - ok
14:43:10.0123 1856 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:43:10.0140 1856 amdkmdap - ok
14:43:10.0160 1856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:43:10.0164 1856 AmdPPM - ok
14:43:10.0214 1856 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:43:10.0222 1856 amdsata - ok
14:43:10.0279 1856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:10.0284 1856 amdsbs - ok
14:43:10.0312 1856 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:43:10.0312 1856 amdxata - ok
14:43:10.0385 1856 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:43:10.0394 1856 AppID - ok
14:43:10.0430 1856 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:43:10.0444 1856 AppIDSvc - ok
14:43:10.0495 1856 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:43:10.0500 1856 Appinfo - ok
14:43:10.0999 1856 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:43:11.0004 1856 Apple Mobile Device - ok
14:43:11.0369 1856 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:43:11.0376 1856 arc - ok
14:43:11.0442 1856 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:43:11.0450 1856 arcsas - ok
14:43:11.0520 1856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:11.0523 1856 AsyncMac - ok
14:43:11.0551 1856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:43:11.0551 1856 atapi - ok
14:43:11.0622 1856 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
14:43:11.0623 1856 AtiHDAudioService - ok
14:43:12.0196 1856 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:12.0261 1856 atikmdag - ok
14:43:12.0570 1856 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:43:12.0590 1856 AudioEndpointBuilder - ok
14:43:12.0627 1856 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:43:12.0631 1856 AudioSrv - ok
14:43:12.0768 1856 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:43:12.0773 1856 AxInstSV - ok
14:43:13.0001 1856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:43:13.0051 1856 b06bdrv - ok
14:43:13.0296 1856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:43:13.0301 1856 b57nd60a - ok
14:43:13.0461 1856 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:43:13.0464 1856 BDESVC - ok
14:43:13.0606 1856 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:43:13.0606 1856 Beep - ok
14:43:13.0797 1856 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:43:13.0823 1856 BITS - ok
14:43:13.0973 1856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:13.0982 1856 blbdrive - ok
14:43:14.0095 1856 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:43:14.0135 1856 Bonjour Service - ok
14:43:14.0282 1856 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:43:14.0285 1856 bowser - ok
14:43:14.0362 1856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:14.0365 1856 BrFiltLo - ok
14:43:14.0475 1856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:14.0481 1856 BrFiltUp - ok
14:43:14.0753 1856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:43:14.0760 1856 BridgeMP - ok
14:43:14.0867 1856 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:43:14.0870 1856 Browser - ok
14:43:15.0008 1856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:43:15.0032 1856 Brserid - ok
14:43:15.0185 1856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:15.0188 1856 BrSerWdm - ok
14:43:15.0284 1856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:15.0287 1856 BrUsbMdm - ok
14:43:15.0413 1856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:15.0420 1856 BrUsbSer - ok
14:43:15.0571 1856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:15.0575 1856 BTHMODEM - ok
14:43:15.0727 1856 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:43:15.0732 1856 bthserv - ok
14:43:15.0840 1856 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:15.0856 1856 cdfs - ok
14:43:16.0022 1856 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:16.0026 1856 cdrom - ok
14:43:16.0250 1856 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:43:16.0255 1856 CertPropSvc - ok
14:43:16.0373 1856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:43:16.0379 1856 circlass - ok
14:43:16.0568 1856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:43:16.0600 1856 CLFS - ok
14:43:16.0783 1856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:16.0790 1856 clr_optimization_v2.0.50727_32 - ok
14:43:16.0960 1856 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:43:16.0960 1856 clr_optimization_v2.0.50727_64 - ok
14:43:17.0379 1856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:43:17.0618 1856 clr_optimization_v4.0.30319_32 - ok
14:43:17.0858 1856 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:43:17.0863 1856 clr_optimization_v4.0.30319_64 - ok
14:43:18.0334 1856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:18.0339 1856 CmBatt - ok
14:43:18.0439 1856 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:43:18.0445 1856 cmdide - ok
14:43:18.0688 1856 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:43:18.0719 1856 CNG - ok
14:43:18.0814 1856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:43:18.0817 1856 Compbatt - ok
14:43:18.0956 1856 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:43:18.0959 1856 CompositeBus - ok
14:43:19.0156 1856 COMSysApp - ok
14:43:19.0418 1856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:43:19.0424 1856 crcdisk - ok
14:43:19.0651 1856 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
14:43:19.0656 1856 CryptSvc - ok
14:43:19.0833 1856 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:43:19.0865 1856 DcomLaunch - ok
14:43:20.0230 1856 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:43:20.0235 1856 defragsvc - ok
14:43:20.0563 1856 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:43:20.0567 1856 DfsC - ok
14:43:20.0867 1856 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:43:20.0900 1856 Dhcp - ok
14:43:21.0070 1856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:43:21.0071 1856 discache - ok
14:43:21.0310 1856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:43:21.0315 1856 Disk - ok
14:43:21.0591 1856 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:43:21.0591 1856 Dnscache - ok
14:43:21.0933 1856 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:43:21.0937 1856 dot3svc - ok
14:43:22.0028 1856 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:43:22.0043 1856 DPS - ok
14:43:22.0215 1856 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:43:22.0218 1856 drmkaud - ok
14:43:22.0478 1856 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:22.0483 1856 DXGKrnl - ok
14:43:22.0611 1856 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
14:43:22.0615 1856 e1express - ok
14:43:22.0788 1856 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:43:22.0788 1856 EapHost - ok
14:43:23.0110 1856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:43:23.0186 1856 ebdrv - ok
14:43:23.0368 1856 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:43:23.0369 1856 EFS - ok
14:43:23.0669 1856 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:43:23.0724 1856 ehRecvr - ok
14:43:23.0775 1856 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:43:23.0778 1856 ehSched - ok
14:43:24.0080 1856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:43:24.0095 1856 elxstor - ok
14:43:24.0264 1856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:43:24.0267 1856 ErrDev - ok
14:43:24.0413 1856 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:43:24.0442 1856 EventSystem - ok
14:43:24.0566 1856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:43:24.0571 1856 exfat - ok
14:43:24.0670 1856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:43:24.0674 1856 fastfat - ok
14:43:24.0879 1856 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:43:24.0903 1856 Fax - ok
14:43:24.0992 1856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:43:24.0992 1856 fdc - ok
14:43:25.0116 1856 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:43:25.0119 1856 fdPHost - ok
14:43:25.0258 1856 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:43:25.0264 1856 FDResPub - ok
14:43:25.0531 1856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:43:25.0538 1856 FileInfo - ok
14:43:25.0597 1856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:43:25.0602 1856 Filetrace - ok
14:43:25.0780 1856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:25.0785 1856 flpydisk - ok
14:43:25.0854 1856 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:43:25.0859 1856 FltMgr - ok
14:43:26.0031 1856 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
14:43:26.0077 1856 FontCache - ok
14:43:26.0265 1856 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:43:26.0265 1856 FontCache3.0.0.0 - ok
14:43:26.0390 1856 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:43:26.0394 1856 FsDepends - ok
14:43:26.0423 1856 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:26.0423 1856 Fs_Rec - ok
14:43:26.0547 1856 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:26.0550 1856 fvevol - ok
14:43:26.0599 1856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:43:26.0601 1856 gagp30kx - ok
14:43:26.0649 1856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:26.0649 1856 GEARAspiWDM - ok
14:43:26.0786 1856 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:43:26.0808 1856 gpsvc - ok
14:43:26.0830 1856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:43:26.0835 1856 hcw85cir - ok
14:43:26.0993 1856 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:43:27.0008 1856 HdAudAddService - ok
14:43:27.0060 1856 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:27.0062 1856 HDAudBus - ok
14:43:27.0097 1856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:43:27.0103 1856 HidBatt - ok
14:43:27.0138 1856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:43:27.0144 1856 HidBth - ok
14:43:27.0178 1856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:43:27.0183 1856 HidIr - ok
14:43:27.0225 1856 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:43:27.0229 1856 hidserv - ok
14:43:27.0388 1856 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:27.0392 1856 HidUsb - ok
14:43:27.0476 1856 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:43:27.0482 1856 hkmsvc - ok
14:43:27.0575 1856 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:43:27.0582 1856 HomeGroupListener - ok
14:43:27.0800 1856 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:43:27.0804 1856 HomeGroupProvider - ok
14:43:27.0835 1856 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:43:27.0837 1856 HpSAMD - ok
14:43:28.0043 1856 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:43:28.0117 1856 HTTP - ok
14:43:28.0170 1856 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:43:28.0171 1856 hwpolicy - ok
14:43:28.0296 1856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:28.0302 1856 i8042prt - ok
14:43:28.0483 1856 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:43:28.0505 1856 iaStorV - ok
14:43:28.0797 1856 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:43:28.0840 1856 idsvc - ok
14:43:29.0016 1856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:43:29.0019 1856 iirsp - ok
14:43:29.0243 1856 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:43:29.0274 1856 IKEEXT - ok
14:43:29.0779 1856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:43:29.0785 1856 intelide - ok
14:43:29.0919 1856 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:29.0920 1856 intelppm - ok
14:43:30.0115 1856 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:43:30.0119 1856 IPBusEnum - ok
14:43:30.0201 1856 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:30.0206 1856 IpFilterDriver - ok
14:43:30.0428 1856 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:43:30.0446 1856 iphlpsvc - ok
14:43:30.0576 1856 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:43:30.0582 1856 IPMIDRV - ok
14:43:30.0827 1856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:43:30.0834 1856 IPNAT - ok
14:43:30.0992 1856 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:43:31.0017 1856 iPod Service - ok
14:43:31.0324 1856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:43:31.0328 1856 IRENUM - ok
14:43:31.0584 1856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:43:31.0593 1856 isapnp - ok
14:43:31.0720 1856 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:31.0731 1856 iScsiPrt - ok
14:43:31.0877 1856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:31.0877 1856 kbdclass - ok
14:43:31.0924 1856 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:31.0924 1856 kbdhid - ok
14:43:31.0980 1856 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:31.0981 1856 KeyIso - ok
14:43:32.0025 1856 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:43:32.0029 1856 KSecDD - ok
14:43:32.0058 1856 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:32.0061 1856 KSecPkg - ok
14:43:32.0078 1856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:43:32.0080 1856 ksthunk - ok
14:43:32.0170 1856 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:43:32.0192 1856 KtmRm - ok
14:43:32.0295 1856 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
14:43:32.0300 1856 LanmanServer - ok
14:43:32.0388 1856 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:43:32.0396 1856 LanmanWorkstation - ok
14:43:32.0596 1856 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:32.0599 1856 lltdio - ok
14:43:32.0727 1856 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:43:32.0827 1856 lltdsvc - ok
14:43:32.0963 1856 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:43:32.0963 1856 lmhosts - ok
14:43:33.0010 1856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:43:33.0010 1856 LSI_FC - ok
14:43:33.0041 1856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:43:33.0041 1856 LSI_SAS - ok
14:43:33.0075 1856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:43:33.0082 1856 LSI_SAS2 - ok
14:43:33.0109 1856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:43:33.0118 1856 LSI_SCSI - ok
14:43:33.0170 1856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:43:33.0179 1856 luafv - ok
14:43:33.0483 1856 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:43:33.0484 1856 MBAMProtector - ok
14:43:34.0174 1856 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:43:34.0252 1856 MBAMService - ok
14:43:34.0404 1856 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:43:34.0411 1856 McComponentHostService - ok
14:43:34.0663 1856 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:43:34.0666 1856 Mcx2Svc - ok
14:43:34.0791 1856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:43:34.0794 1856 megasas - ok
14:43:34.0854 1856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:43:34.0858 1856 MegaSR - ok
14:43:34.0966 1856 Microsoft SharePoint Workspace Audit Service - ok
14:43:35.0074 1856 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:43:35.0077 1856 MMCSS - ok
14:43:35.0149 1856 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:43:35.0149 1856 Modem - ok
14:43:35.0248 1856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:43:35.0249 1856 monitor - ok
14:43:36.0108 1856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:36.0108 1856 mouclass - ok
14:43:36.0332 1856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:36.0336 1856 mouhid - ok
14:43:36.0410 1856 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:43:36.0412 1856 mountmgr - ok
14:43:36.0459 1856 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:43:36.0459 1856 mpio - ok
14:43:36.0560 1856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:43:36.0563 1856 mpsdrv - ok
14:43:36.0632 1856 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:43:36.0635 1856 MRxDAV - ok
14:43:36.0791 1856 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:36.0793 1856 mrxsmb - ok
14:43:36.0944 1856 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:36.0949 1856 mrxsmb10 - ok
14:43:37.0158 1856 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:37.0162 1856 mrxsmb20 - ok
14:43:37.0248 1856 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:43:37.0292 1856 msahci - ok
14:43:37.0606 1856 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:43:37.0618 1856 msdsm - ok
14:43:38.0032 1856 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:43:38.0035 1856 MSDTC - ok
14:43:38.0140 1856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:43:38.0146 1856 Msfs - ok
14:43:38.0196 1856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:43:38.0198 1856 mshidkmdf - ok
14:43:38.0269 1856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:43:38.0270 1856 msisadrv - ok
14:43:38.0416 1856 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:43:38.0422 1856 MSiSCSI - ok
14:43:38.0473 1856 msiserver - ok
14:43:38.0634 1856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:43:38.0642 1856 MSKSSRV - ok
14:43:38.0877 1856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:38.0880 1856 MSPCLOCK - ok
14:43:38.0917 1856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:43:38.0922 1856 MSPQM - ok
14:43:38.0965 1856 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:43:38.0971 1856 MsRPC - ok
14:43:39.0025 1856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:39.0025 1856 mssmbios - ok
14:43:39.0087 1856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:43:39.0096 1856 MSTEE - ok
14:43:39.0157 1856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:43:39.0163 1856 MTConfig - ok
14:43:39.0319 1856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:43:39.0319 1856 Mup - ok
14:43:40.0000 1856 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:43:40.0014 1856 napagent - ok
14:43:40.0381 1856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:43:40.0385 1856 NativeWifiP - ok
14:43:40.0551 1856 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:43:40.0584 1856 NDIS - ok
14:43:40.0713 1856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:40.0716 1856 NdisCap - ok
14:43:40.0846 1856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:40.0853 1856 NdisTapi - ok
14:43:40.0946 1856 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:40.0953 1856 Ndisuio - ok
14:43:41.0093 1856 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:41.0104 1856 NdisWan - ok
14:43:41.0199 1856 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:43:41.0202 1856 NDProxy - ok
14:43:41.0289 1856 NEOFLTR_600_13319 (5f22132c9153639762708909f156b33d) C:\Windows\system32\zfdwm.dll
14:43:41.0291 1856 NEOFLTR_600_13319 ( Backdoor.Multi.ZAccess.gen ) - infected
14:43:41.0291 1856 NEOFLTR_600_13319 - detected Backdoor.Multi.ZAccess.gen (0)
14:43:41.0806 1856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:43:41.0809 1856 NetBIOS - ok
14:43:41.0902 1856 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:43:41.0906 1856 NetBT - ok
14:43:41.0983 1856 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:41.0984 1856 Netlogon - ok
14:43:42.0128 1856 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:43:42.0128 1856 Netman - ok
14:43:42.0292 1856 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:43:42.0300 1856 netprofm - ok
14:43:42.0653 1856 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:43:42.0670 1856 NetTcpPortSharing - ok
14:43:42.0984 1856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:43:42.0986 1856 nfrd960 - ok
14:43:44.0594 1856 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:43:44.0636 1856 NlaSvc - ok
14:43:46.0585 1856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:43:46.0590 1856 Npfs - ok
14:43:46.0834 1856 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:43:46.0837 1856 nsi - ok
14:43:46.0906 1856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:43:46.0906 1856 nsiproxy - ok
14:43:47.0003 1856 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:43:47.0034 1856 Ntfs - ok
14:43:47.0059 1856 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:43:47.0060 1856 Null - ok
14:43:47.0151 1856 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:43:47.0155 1856 nvraid - ok
14:43:47.0224 1856 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:43:47.0232 1856 nvstor - ok
14:43:47.0423 1856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:43:47.0427 1856 nv_agp - ok
14:43:47.0508 1856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:43:47.0511 1856 ohci1394 - ok
14:43:47.0928 1856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:47.0932 1856 ose - ok
14:43:48.0173 1856 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:43:48.0277 1856 osppsvc - ok
14:43:48.0707 1856 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:43:48.0712 1856 p2pimsvc - ok
14:43:48.0884 1856 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:43:48.0899 1856 p2psvc - ok
14:43:49.0029 1856 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:43:49.0038 1856 Parport - ok
14:43:49.0103 1856 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:43:49.0110 1856 partmgr - ok
14:43:49.0140 1856 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:43:49.0145 1856 PcaSvc - ok
14:43:49.0178 1856 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:43:49.0181 1856 pci - ok
14:43:49.0205 1856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:43:49.0215 1856 pciide - ok
14:43:49.0278 1856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:43:49.0319 1856 pcmcia - ok
14:43:49.0441 1856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:43:49.0442 1856 pcw - ok
14:43:49.0567 1856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:43:49.0585 1856 PEAUTH - ok
14:43:49.0740 1856 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:43:49.0743 1856 PerfHost - ok
14:43:49.0848 1856 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:43:49.0881 1856 pla - ok
14:43:49.0941 1856 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:43:49.0958 1856 PlugPlay - ok
14:43:49.0989 1856 PnkBstrA - ok
14:43:50.0019 1856 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:43:50.0025 1856 PNRPAutoReg - ok
14:43:50.0065 1856 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:43:50.0067 1856 PNRPsvc - ok
14:43:50.0115 1856 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:43:50.0135 1856 PolicyAgent - ok
14:43:50.0175 1856 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:43:50.0185 1856 Power - ok
14:43:50.0280 1856 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:43:50.0285 1856 PptpMiniport - ok
14:43:50.0352 1856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:43:50.0357 1856 Processor - ok
14:43:50.0419 1856 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
14:43:50.0424 1856 ProfSvc - ok
14:43:50.0462 1856 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:50.0463 1856 ProtectedStorage - ok
14:43:50.0592 1856 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:43:50.0597 1856 Psched - ok
14:43:50.0721 1856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:43:50.0790 1856 ql2300 - ok
14:43:50.0812 1856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:50.0817 1856 ql40xx - ok
14:43:50.0853 1856 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:43:50.0857 1856 QWAVE - ok
14:43:50.0877 1856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:43:50.0879 1856 QWAVEdrv - ok
14:43:50.0912 1856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:50.0914 1856 RasAcd - ok
14:43:50.0998 1856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:51.0000 1856 RasAgileVpn - ok
14:43:51.0019 1856 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:43:51.0028 1856 RasAuto - ok
14:43:51.0051 1856 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:51.0054 1856 Rasl2tp - ok
14:43:51.0085 1856 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:43:51.0092 1856 RasMan - ok
14:43:51.0116 1856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:51.0118 1856 RasPppoe - ok
14:43:51.0157 1856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:51.0161 1856 RasSstp - ok
14:43:51.0194 1856 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:51.0198 1856 rdbss - ok
14:43:51.0217 1856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:51.0221 1856 rdpbus - ok
14:43:51.0243 1856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:51.0244 1856 RDPCDD - ok
14:43:51.0613 1856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:43:51.0614 1856 RDPENCDD - ok
14:43:51.0661 1856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:43:51.0662 1856 RDPREFMP - ok
14:43:51.0718 1856 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
14:43:51.0724 1856 RDPWD - ok
14:43:51.0760 1856 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:43:51.0764 1856 rdyboost - ok
14:43:51.0840 1856 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:43:51.0844 1856 RemoteAccess - ok
14:43:51.0938 1856 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:43:51.0942 1856 RemoteRegistry - ok
14:43:51.0963 1856 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:43:51.0966 1856 RpcEptMapper - ok
14:43:51.0998 1856 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:43:52.0000 1856 RpcLocator - ok
14:43:52.0051 1856 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:43:52.0055 1856 RpcSs - ok
14:43:52.0082 1856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:52.0084 1856 rspndr - ok
14:43:52.0111 1856 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:52.0112 1856 SamSs - ok
14:43:52.0226 1856 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:43:52.0226 1856 SASDIFSV - ok
14:43:52.0280 1856 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:43:52.0281 1856 SASKUTIL - ok
14:43:52.0303 1856 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:43:52.0308 1856 sbp2port - ok
14:43:52.0341 1856 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:43:52.0346 1856 SCardSvr - ok
14:43:52.0366 1856 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:43:52.0416 1856 scfilter - ok
14:43:52.0522 1856 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:43:52.0545 1856 Schedule - ok
14:43:52.0589 1856 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:43:52.0590 1856 SCPolicySvc - ok
14:43:52.0650 1856 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:43:52.0654 1856 SDRSVC - ok
14:43:52.0787 1856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:43:52.0796 1856 secdrv - ok
14:43:52.0829 1856 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:43:52.0832 1856 seclogon - ok
14:43:52.0852 1856 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:43:52.0855 1856 SENS - ok
14:43:52.0872 1856 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:43:52.0875 1856 SensrSvc - ok
14:43:52.0891 1856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:43:52.0895 1856 Serenum - ok
14:43:52.0938 1856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:43:52.0942 1856 Serial - ok
14:43:52.0968 1856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:43:52.0970 1856 sermouse - ok
14:43:52.0998 1856 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:43:53.0001 1856 SessionEnv - ok
14:43:53.0025 1856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:43:53.0026 1856 sffdisk - ok
14:43:53.0041 1856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:43:53.0043 1856 sffp_mmc - ok
14:43:53.0059 1856 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:43:53.0061 1856 sffp_sd - ok
14:43:53.0076 1856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:53.0078 1856 sfloppy - ok
14:43:53.0125 1856 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:43:53.0131 1856 SharedAccess - ok
14:43:53.0195 1856 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:43:53.0212 1856 ShellHWDetection - ok
14:43:53.0224 1856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:53.0226 1856 SiSRaid2 - ok
14:43:53.0257 1856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:53.0266 1856 SiSRaid4 - ok
14:43:53.0331 1856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:43:53.0339 1856 Smb - ok
14:43:53.0378 1856 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:43:53.0383 1856 SNMPTRAP - ok
14:43:53.0447 1856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:43:53.0447 1856 spldr - ok
14:43:53.0553 1856 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:43:53.0642 1856 Spooler - ok
14:43:53.0791 1856 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:43:53.0852 1856 sppsvc - ok
14:43:53.0881 1856 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:43:53.0884 1856 sppuinotify - ok
14:43:53.0939 1856 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:43:53.0946 1856 srv - ok
14:43:53.0996 1856 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:43:54.0002 1856 srv2 - ok
14:43:54.0083 1856 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
14:43:54.0091 1856 SrvHsfPCI - ok
14:43:55.0672 1856 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:43:55.0787 1856 SrvHsfV92 - ok
14:43:57.0001 1856 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:43:57.0021 1856 SrvHsfWinac - ok
14:43:57.0073 1856 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:57.0077 1856 srvnet - ok
14:43:57.0123 1856 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:43:57.0128 1856 SSDPSRV - ok
14:43:57.0159 1856 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:43:57.0168 1856 SstpSvc - ok
14:43:57.0837 1856 Steam Client Service - ok
14:43:58.0020 1856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:43:58.0023 1856 stexstor - ok
14:43:58.0116 1856 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:43:58.0136 1856 stisvc - ok
14:43:58.0166 1856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:43:58.0176 1856 swenum - ok
14:43:58.0250 1856 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:43:58.0258 1856 swprv - ok
14:43:58.0299 1856 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:43:58.0339 1856 SysMain - ok
14:43:58.0362 1856 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:43:58.0366 1856 TabletInputService - ok
14:43:58.0400 1856 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:43:58.0406 1856 TapiSrv - ok
14:43:58.0428 1856 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:43:58.0429 1856 TBS - ok
14:43:58.0482 1856 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:43:58.0518 1856 Tcpip - ok
14:43:58.0582 1856 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:43:58.0594 1856 TCPIP6 - ok
14:43:58.0642 1856 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:43:58.0723 1856 tcpipreg - ok
14:43:58.0748 1856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:43:58.0749 1856 TDPIPE - ok
14:43:58.0772 1856 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:43:58.0775 1856 TDTCP - ok
14:43:58.0795 1856 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:43:58.0797 1856 tdx - ok
14:43:58.0814 1856 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:43:58.0815 1856 TermDD - ok
14:43:58.0842 1856 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:43:58.0867 1856 TermService - ok
14:43:58.0889 1856 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:43:58.0892 1856 Themes - ok
14:43:58.0920 1856 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:43:58.0922 1856 THREADORDER - ok
14:43:58.0967 1856 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:43:58.0971 1856 TrkWks - ok
14:43:59.0022 1856 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:43:59.0023 1856 TrustedInstaller - ok
14:43:59.0194 1856 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:59.0228 1856 tssecsrv - ok
14:43:59.0914 1856 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:43:59.0917 1856 tunnel - ok
14:44:00.0109 1856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:00.0114 1856 uagp35 - ok
14:44:00.0283 1856 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:44:00.0290 1856 udfs - ok
14:44:00.0363 1856 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:44:00.0366 1856 UI0Detect - ok
14:44:00.0386 1856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:00.0386 1856 uliagpkx - ok
14:44:00.0426 1856 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:44:00.0426 1856 umbus - ok
14:44:00.0446 1856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:44:00.0463 1856 UmPass - ok
14:44:00.0493 1856 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:44:00.0499 1856 upnphost - ok
14:44:00.0562 1856 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:44:00.0564 1856 USBAAPL64 - ok
14:44:00.0642 1856 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:44:00.0716 1856 usbaudio - ok
14:44:00.0760 1856 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:00.0763 1856 usbccgp - ok
14:44:00.0809 1856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:00.0813 1856 usbcir - ok
14:44:00.0844 1856 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:00.0846 1856 usbehci - ok
14:44:00.0891 1856 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:00.0897 1856 usbhub - ok
14:44:00.0915 1856 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:44:00.0919 1856 usbohci - ok
14:44:00.0963 1856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:00.0966 1856 usbprint - ok
14:44:01.0001 1856 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:01.0008 1856 USBSTOR - ok
14:44:01.0029 1856 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:01.0031 1856 usbuhci - ok
14:44:01.0098 1856 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:44:01.0101 1856 usbvideo - ok
14:44:01.0217 1856 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:44:01.0220 1856 UxSms - ok
14:44:01.0273 1856 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:01.0274 1856 VaultSvc - ok
14:44:01.0563 1856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:01.0563 1856 vdrvroot - ok
14:44:01.0838 1856 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:44:01.0870 1856 vds - ok
14:44:01.0898 1856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:01.0907 1856 vga - ok
14:44:01.0959 1856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:44:01.0963 1856 VgaSave - ok
14:44:02.0018 1856 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:02.0022 1856 vhdmp - ok
14:44:02.0051 1856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:44:02.0056 1856 viaide - ok
14:44:02.0250 1856 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:02.0257 1856 volmgr - ok
14:44:02.0348 1856 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:44:02.0353 1856 volmgrx - ok
14:44:02.0409 1856 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:02.0425 1856 volsnap - ok
14:44:02.0454 1856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:02.0459 1856 vsmraid - ok
14:44:02.0572 1856 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:44:02.0624 1856 VSS - ok
14:44:02.0689 1856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:44:02.0699 1856 vwifibus - ok
14:44:02.0820 1856 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:44:02.0827 1856 W32Time - ok
14:44:02.0862 1856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:02.0864 1856 WacomPen - ok
14:44:02.0923 1856 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:02.0925 1856 WANARP - ok
14:44:02.0942 1856 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:02.0942 1856 Wanarpv6 - ok
14:44:03.0050 1856 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:44:03.0074 1856 WatAdminSvc - ok
14:44:03.0171 1856 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:44:03.0203 1856 wbengine - ok
14:44:03.0227 1856 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:44:03.0233 1856 WbioSrvc - ok
14:44:03.0349 1856 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:44:03.0355 1856 wcncsvc - ok
14:44:03.0406 1856 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:44:03.0440 1856 WcsPlugInService - ok
14:44:03.0577 1856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:44:03.0579 1856 Wd - ok
14:44:03.0634 1856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:44:03.0657 1856 Wdf01000 - ok
14:44:03.0728 1856 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:44:03.0732 1856 WdiServiceHost - ok
14:44:03.0738 1856 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:44:03.0740 1856 WdiSystemHost - ok
14:44:03.0781 1856 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:44:03.0787 1856 WebClient - ok
14:44:03.0811 1856 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:44:03.0816 1856 Wecsvc - ok
14:44:03.0839 1856 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:44:03.0843 1856 wercplsupport - ok
14:44:03.0906 1856 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:44:03.0906 1856 WerSvc - ok
14:44:03.0995 1856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:03.0996 1856 WfpLwf - ok
14:44:04.0017 1856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:44:04.0020 1856 WIMMount - ok
14:44:04.0081 1856 WinDefend - ok
14:44:04.0089 1856 WinHttpAutoProxySvc - ok
14:44:04.0152 1856 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:44:04.0156 1856 Winmgmt - ok
14:44:04.0220 1856 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:44:04.0260 1856 WinRM - ok
14:44:04.0338 1856 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:44:04.0366 1856 Wlansvc - ok
14:44:04.0586 1856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:44:04.0590 1856 WmiAcpi - ok
14:44:04.0643 1856 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:44:04.0722 1856 wmiApSrv - ok
14:44:04.0778 1856 WMPNetworkSvc - ok
14:44:04.0822 1856 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:44:04.0825 1856 WPCSvc - ok
14:44:04.0847 1856 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:44:04.0851 1856 WPDBusEnum - ok
14:44:04.0872 1856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:04.0873 1856 ws2ifsl - ok
14:44:04.0931 1856 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
14:44:04.0935 1856 wscsvc - ok
14:44:04.0943 1856 WSearch - ok
14:44:05.0014 1856 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
14:44:05.0063 1856 wuauserv - ok
14:44:05.0085 1856 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:44:05.0088 1856 WudfPf - ok
14:44:05.0129 1856 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:05.0133 1856 WUDFRd - ok
14:44:05.0154 1856 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:44:05.0164 1856 wudfsvc - ok
14:44:05.0196 1856 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:44:05.0202 1856 WwanSvc - ok
14:44:05.0221 1856 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
14:44:05.0240 1856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:44:05.0240 1856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:44:05.0263 1856 Boot (0x1200) (8cac0fdbbc8847fdcaa54c4c72f487ae) \Device\Harddisk0\DR0\Partition0
14:44:05.0267 1856 \Device\Harddisk0\DR0\Partition0 - ok
14:44:05.0267 1856 ============================================================
14:44:05.0267 1856 Scan finished
14:44:05.0267 1856 ============================================================
14:44:05.0280 3456 Detected object count: 2
14:44:05.0280 3456 Actual detected object count: 2
14:45:52.0765 3456 NEOFLTR_600_13319 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
14:45:52.0765 3456 NEOFLTR_600_13319 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
14:45:53.0224 3456 \Device\Harddisk0\DR0\# - copied to quarantine
14:45:53.0224 3456 \Device\Harddisk0\DR0 - copied to quarantine
14:45:53.0404 3456 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:45:53.0408 3456 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:45:53.0422 3456 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:45:53.0467 3456 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:45:53.0520 3456 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:45:53.0553 3456 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:45:53.0575 3456 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:45:53.0577 3456 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:45:53.0580 3456 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:45:53.0585 3456 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:45:53.0590 3456 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:45:53.0593 3456 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:45:53.0596 3456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:45:53.0596 3456 \Device\Harddisk0\DR0 - ok
14:45:53.0949 3456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:46:36.0844 4600 Deinitialize success




aswMBR:


14:41:58.0429 4316 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:41:58.0826 4316 ============================================================
14:41:58.0826 4316 Current date / time: 2012/04/07 14:41:58.0826
14:41:58.0826 4316 SystemInfo:
14:41:58.0826 4316
14:41:58.0826 4316 OS Version: 6.1.7600 ServicePack: 0.0
14:41:58.0826 4316 Product type: Workstation
14:41:58.0827 4316 ComputerName: YASEENRAZEQ-PC
14:41:58.0827 4316 UserName: Yaseen Razeq
14:41:58.0827 4316 Windows directory: C:\Windows
14:41:58.0827 4316 System windows directory: C:\Windows
14:41:58.0827 4316 Running under WOW64
14:41:58.0827 4316 Processor architecture: Intel x64
14:41:58.0827 4316 Number of processors: 4
14:41:58.0827 4316 Page size: 0x1000
14:41:58.0827 4316 Boot type: Normal boot
14:41:58.0827 4316 ============================================================
14:42:02.0077 4316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:02.0093 4316 \Device\Harddisk0\DR0:
14:42:02.0093 4316 MBR used
14:42:02.0093 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x561BC800
14:42:02.0121 4316 Initialize success
14:42:02.0121 4316 ============================================================
14:43:05.0541 1856 ============================================================
14:43:05.0541 1856 Scan started
14:43:05.0541 1856 Mode: Manual;
14:43:05.0541 1856 ============================================================
14:43:08.0607 1856 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:43:08.0608 1856 !SASCORE - ok
14:43:08.0866 1856 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:43:08.0869 1856 1394ohci - ok
14:43:08.0917 1856 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:43:08.0922 1856 ACPI - ok
14:43:08.0960 1856 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:43:08.0975 1856 AcpiPmi - ok
14:43:09.0094 1856 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:43:09.0095 1856 AdobeARMservice - ok
14:43:09.0150 1856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:09.0159 1856 adp94xx - ok
14:43:09.0257 1856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:43:09.0265 1856 adpahci - ok
14:43:09.0310 1856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:43:09.0314 1856 adpu320 - ok
14:43:09.0356 1856 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:43:09.0359 1856 AeLookupSvc - ok
14:43:09.0415 1856 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:43:09.0422 1856 AFD - ok
14:43:09.0441 1856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:43:09.0444 1856 agp440 - ok
14:43:09.0466 1856 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:43:09.0468 1856 ALG - ok
14:43:09.0503 1856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:43:09.0505 1856 aliide - ok
14:43:09.0529 1856 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
14:43:09.0532 1856 AMD External Events Utility - ok
14:43:09.0552 1856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:43:09.0555 1856 amdide - ok
14:43:09.0571 1856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:43:09.0574 1856 AmdK8 - ok
14:43:09.0913 1856 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:10.0061 1856 amdkmdag - ok
14:43:10.0123 1856 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:43:10.0140 1856 amdkmdap - ok
14:43:10.0160 1856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:43:10.0164 1856 AmdPPM - ok
14:43:10.0214 1856 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:43:10.0222 1856 amdsata - ok
14:43:10.0279 1856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:10.0284 1856 amdsbs - ok
14:43:10.0312 1856 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:43:10.0312 1856 amdxata - ok
14:43:10.0385 1856 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:43:10.0394 1856 AppID - ok
14:43:10.0430 1856 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:43:10.0444 1856 AppIDSvc - ok
14:43:10.0495 1856 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:43:10.0500 1856 Appinfo - ok
14:43:10.0999 1856 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:43:11.0004 1856 Apple Mobile Device - ok
14:43:11.0369 1856 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:43:11.0376 1856 arc - ok
14:43:11.0442 1856 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:43:11.0450 1856 arcsas - ok
14:43:11.0520 1856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:11.0523 1856 AsyncMac - ok
14:43:11.0551 1856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:43:11.0551 1856 atapi - ok
14:43:11.0622 1856 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
14:43:11.0623 1856 AtiHDAudioService - ok
14:43:12.0196 1856 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:12.0261 1856 atikmdag - ok
14:43:12.0570 1856 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:43:12.0590 1856 AudioEndpointBuilder - ok
14:43:12.0627 1856 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:43:12.0631 1856 AudioSrv - ok
14:43:12.0768 1856 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:43:12.0773 1856 AxInstSV - ok
14:43:13.0001 1856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:43:13.0051 1856 b06bdrv - ok
14:43:13.0296 1856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:43:13.0301 1856 b57nd60a - ok
14:43:13.0461 1856 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:43:13.0464 1856 BDESVC - ok
14:43:13.0606 1856 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:43:13.0606 1856 Beep - ok
14:43:13.0797 1856 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:43:13.0823 1856 BITS - ok
14:43:13.0973 1856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:13.0982 1856 blbdrive - ok
14:43:14.0095 1856 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:43:14.0135 1856 Bonjour Service - ok
14:43:14.0282 1856 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:43:14.0285 1856 bowser - ok
14:43:14.0362 1856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:14.0365 1856 BrFiltLo - ok
14:43:14.0475 1856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:14.0481 1856 BrFiltUp - ok
14:43:14.0753 1856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:43:14.0760 1856 BridgeMP - ok
14:43:14.0867 1856 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:43:14.0870 1856 Browser - ok
14:43:15.0008 1856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:43:15.0032 1856 Brserid - ok
14:43:15.0185 1856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:15.0188 1856 BrSerWdm - ok
14:43:15.0284 1856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:15.0287 1856 BrUsbMdm - ok
14:43:15.0413 1856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:15.0420 1856 BrUsbSer - ok
14:43:15.0571 1856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:15.0575 1856 BTHMODEM - ok
14:43:15.0727 1856 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:43:15.0732 1856 bthserv - ok
14:43:15.0840 1856 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:15.0856 1856 cdfs - ok
14:43:16.0022 1856 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:16.0026 1856 cdrom - ok
14:43:16.0250 1856 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:43:16.0255 1856 CertPropSvc - ok
14:43:16.0373 1856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:43:16.0379 1856 circlass - ok
14:43:16.0568 1856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:43:16.0600 1856 CLFS - ok
14:43:16.0783 1856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:16.0790 1856 clr_optimization_v2.0.50727_32 - ok
14:43:16.0960 1856 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:43:16.0960 1856 clr_optimization_v2.0.50727_64 - ok
14:43:17.0379 1856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:43:17.0618 1856 clr_optimization_v4.0.30319_32 - ok
14:43:17.0858 1856 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:43:17.0863 1856 clr_optimization_v4.0.30319_64 - ok
14:43:18.0334 1856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:18.0339 1856 CmBatt - ok
14:43:18.0439 1856 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:43:18.0445 1856 cmdide - ok
14:43:18.0688 1856 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:43:18.0719 1856 CNG - ok
14:43:18.0814 1856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:43:18.0817 1856 Compbatt - ok
14:43:18.0956 1856 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:43:18.0959 1856 CompositeBus - ok
14:43:19.0156 1856 COMSysApp - ok
14:43:19.0418 1856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:43:19.0424 1856 crcdisk - ok
14:43:19.0651 1856 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
14:43:19.0656 1856 CryptSvc - ok
14:43:19.0833 1856 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:43:19.0865 1856 DcomLaunch - ok
14:43:20.0230 1856 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:43:20.0235 1856 defragsvc - ok
14:43:20.0563 1856 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:43:20.0567 1856 DfsC - ok
14:43:20.0867 1856 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:43:20.0900 1856 Dhcp - ok
14:43:21.0070 1856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:43:21.0071 1856 discache - ok
14:43:21.0310 1856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:43:21.0315 1856 Disk - ok
14:43:21.0591 1856 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:43:21.0591 1856 Dnscache - ok
14:43:21.0933 1856 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:43:21.0937 1856 dot3svc - ok
14:43:22.0028 1856 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:43:22.0043 1856 DPS - ok
14:43:22.0215 1856 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:43:22.0218 1856 drmkaud - ok
14:43:22.0478 1856 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:22.0483 1856 DXGKrnl - ok
14:43:22.0611 1856 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
14:43:22.0615 1856 e1express - ok
14:43:22.0788 1856 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:43:22.0788 1856 EapHost - ok
14:43:23.0110 1856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:43:23.0186 1856 ebdrv - ok
14:43:23.0368 1856 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:43:23.0369 1856 EFS - ok
14:43:23.0669 1856 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:43:23.0724 1856 ehRecvr - ok
14:43:23.0775 1856 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:43:23.0778 1856 ehSched - ok
14:43:24.0080 1856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:43:24.0095 1856 elxstor - ok
14:43:24.0264 1856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:43:24.0267 1856 ErrDev - ok
14:43:24.0413 1856 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:43:24.0442 1856 EventSystem - ok
14:43:24.0566 1856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:43:24.0571 1856 exfat - ok
14:43:24.0670 1856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:43:24.0674 1856 fastfat - ok
14:43:24.0879 1856 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:43:24.0903 1856 Fax - ok
14:43:24.0992 1856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:43:24.0992 1856 fdc - ok
14:43:25.0116 1856 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:43:25.0119 1856 fdPHost - ok
14:43:25.0258 1856 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:43:25.0264 1856 FDResPub - ok
14:43:25.0531 1856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:43:25.0538 1856 FileInfo - ok
14:43:25.0597 1856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:43:25.0602 1856 Filetrace - ok
14:43:25.0780 1856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:25.0785 1856 flpydisk - ok
14:43:25.0854 1856 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:43:25.0859 1856 FltMgr - ok
14:43:26.0031 1856 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
14:43:26.0077 1856 FontCache - ok
14:43:26.0265 1856 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:43:26.0265 1856 FontCache3.0.0.0 - ok
14:43:26.0390 1856 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:43:26.0394 1856 FsDepends - ok
14:43:26.0423 1856 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:26.0423 1856 Fs_Rec - ok
14:43:26.0547 1856 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:26.0550 1856 fvevol - ok
14:43:26.0599 1856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:43:26.0601 1856 gagp30kx - ok
14:43:26.0649 1856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:26.0649 1856 GEARAspiWDM - ok
14:43:26.0786 1856 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:43:26.0808 1856 gpsvc - ok
14:43:26.0830 1856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:43:26.0835 1856 hcw85cir - ok
14:43:26.0993 1856 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:43:27.0008 1856 HdAudAddService - ok
14:43:27.0060 1856 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:27.0062 1856 HDAudBus - ok
14:43:27.0097 1856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:43:27.0103 1856 HidBatt - ok
14:43:27.0138 1856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:43:27.0144 1856 HidBth - ok
14:43:27.0178 1856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:43:27.0183 1856 HidIr - ok
14:43:27.0225 1856 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:43:27.0229 1856 hidserv - ok
14:43:27.0388 1856 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:27.0392 1856 HidUsb - ok
14:43:27.0476 1856 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:43:27.0482 1856 hkmsvc - ok
14:43:27.0575 1856 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:43:27.0582 1856 HomeGroupListener - ok
14:43:27.0800 1856 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:43:27.0804 1856 HomeGroupProvider - ok
14:43:27.0835 1856 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:43:27.0837 1856 HpSAMD - ok
14:43:28.0043 1856 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:43:28.0117 1856 HTTP - ok
14:43:28.0170 1856 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:43:28.0171 1856 hwpolicy - ok
14:43:28.0296 1856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:28.0302 1856 i8042prt - ok
14:43:28.0483 1856 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:43:28.0505 1856 iaStorV - ok
14:43:28.0797 1856 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:43:28.0840 1856 idsvc - ok
14:43:29.0016 1856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:43:29.0019 1856 iirsp - ok
14:43:29.0243 1856 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:43:29.0274 1856 IKEEXT - ok
14:43:29.0779 1856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:43:29.0785 1856 intelide - ok
14:43:29.0919 1856 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:29.0920 1856 intelppm - ok
14:43:30.0115 1856 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:43:30.0119 1856 IPBusEnum - ok
14:43:30.0201 1856 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:30.0206 1856 IpFilterDriver - ok
14:43:30.0428 1856 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:43:30.0446 1856 iphlpsvc - ok
14:43:30.0576 1856 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:43:30.0582 1856 IPMIDRV - ok
14:43:30.0827 1856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:43:30.0834 1856 IPNAT - ok
14:43:30.0992 1856 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:43:31.0017 1856 iPod Service - ok
14:43:31.0324 1856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:43:31.0328 1856 IRENUM - ok
14:43:31.0584 1856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:43:31.0593 1856 isapnp - ok
14:43:31.0720 1856 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:31.0731 1856 iScsiPrt - ok
14:43:31.0877 1856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:31.0877 1856 kbdclass - ok
14:43:31.0924 1856 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:31.0924 1856 kbdhid - ok
14:43:31.0980 1856 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:31.0981 1856 KeyIso - ok
14:43:32.0025 1856 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:43:32.0029 1856 KSecDD - ok
14:43:32.0058 1856 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:32.0061 1856 KSecPkg - ok
14:43:32.0078 1856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:43:32.0080 1856 ksthunk - ok
14:43:32.0170 1856 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:43:32.0192 1856 KtmRm - ok
14:43:32.0295 1856 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
14:43:32.0300 1856 LanmanServer - ok
14:43:32.0388 1856 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:43:32.0396 1856 LanmanWorkstation - ok
14:43:32.0596 1856 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:32.0599 1856 lltdio - ok
14:43:32.0727 1856 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:43:32.0827 1856 lltdsvc - ok
14:43:32.0963 1856 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:43:32.0963 1856 lmhosts - ok
14:43:33.0010 1856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:43:33.0010 1856 LSI_FC - ok
14:43:33.0041 1856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:43:33.0041 1856 LSI_SAS - ok
14:43:33.0075 1856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:43:33.0082 1856 LSI_SAS2 - ok
14:43:33.0109 1856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:43:33.0118 1856 LSI_SCSI - ok
14:43:33.0170 1856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:43:33.0179 1856 luafv - ok
14:43:33.0483 1856 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:43:33.0484 1856 MBAMProtector - ok
14:43:34.0174 1856 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:43:34.0252 1856 MBAMService - ok
14:43:34.0404 1856 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:43:34.0411 1856 McComponentHostService - ok
14:43:34.0663 1856 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:43:34.0666 1856 Mcx2Svc - ok
14:43:34.0791 1856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:43:34.0794 1856 megasas - ok
14:43:34.0854 1856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:43:34.0858 1856 MegaSR - ok
14:43:34.0966 1856 Microsoft SharePoint Workspace Audit Service - ok
14:43:35.0074 1856 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:43:35.0077 1856 MMCSS - ok
14:43:35.0149 1856 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:43:35.0149 1856 Modem - ok
14:43:35.0248 1856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:43:35.0249 1856 monitor - ok
14:43:36.0108 1856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:36.0108 1856 mouclass - ok
14:43:36.0332 1856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:36.0336 1856 mouhid - ok
14:43:36.0410 1856 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:43:36.0412 1856 mountmgr - ok
14:43:36.0459 1856 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:43:36.0459 1856 mpio - ok
14:43:36.0560 1856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:43:36.0563 1856 mpsdrv - ok
14:43:36.0632 1856 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:43:36.0635 1856 MRxDAV - ok
14:43:36.0791 1856 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:36.0793 1856 mrxsmb - ok
14:43:36.0944 1856 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:36.0949 1856 mrxsmb10 - ok
14:43:37.0158 1856 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:37.0162 1856 mrxsmb20 - ok
14:43:37.0248 1856 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:43:37.0292 1856 msahci - ok
14:43:37.0606 1856 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:43:37.0618 1856 msdsm - ok
14:43:38.0032 1856 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:43:38.0035 1856 MSDTC - ok
14:43:38.0140 1856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:43:38.0146 1856 Msfs - ok
14:43:38.0196 1856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:43:38.0198 1856 mshidkmdf - ok
14:43:38.0269 1856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:43:38.0270 1856 msisadrv - ok
14:43:38.0416 1856 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:43:38.0422 1856 MSiSCSI - ok
14:43:38.0473 1856 msiserver - ok
14:43:38.0634 1856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:43:38.0642 1856 MSKSSRV - ok
14:43:38.0877 1856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:38.0880 1856 MSPCLOCK - ok
14:43:38.0917 1856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:43:38.0922 1856 MSPQM - ok
14:43:38.0965 1856 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:43:38.0971 1856 MsRPC - ok
14:43:39.0025 1856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:39.0025 1856 mssmbios - ok
14:43:39.0087 1856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:43:39.0096 1856 MSTEE - ok
14:43:39.0157 1856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:43:39.0163 1856 MTConfig - ok
14:43:39.0319 1856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:43:39.0319 1856 Mup - ok
14:43:40.0000 1856 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:43:40.0014 1856 napagent - ok
14:43:40.0381 1856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:43:40.0385 1856 NativeWifiP - ok
14:43:40.0551 1856 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:43:40.0584 1856 NDIS - ok
14:43:40.0713 1856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:40.0716 1856 NdisCap - ok
14:43:40.0846 1856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:40.0853 1856 NdisTapi - ok
14:43:40.0946 1856 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:40.0953 1856 Ndisuio - ok
14:43:41.0093 1856 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:41.0104 1856 NdisWan - ok
14:43:41.0199 1856 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:43:41.0202 1856 NDProxy - ok
14:43:41.0289 1856 NEOFLTR_600_13319 (5f22132c9153639762708909f156b33d) C:\Windows\system32\zfdwm.dll
14:43:41.0291 1856 NEOFLTR_600_13319 ( Backdoor.Multi.ZAccess.gen ) - infected
14:43:41.0291 1856 NEOFLTR_600_13319 - detected Backdoor.Multi.ZAccess.gen (0)
14:43:41.0806 1856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:43:41.0809 1856 NetBIOS - ok
14:43:41.0902 1856 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:43:41.0906 1856 NetBT - ok
14:43:41.0983 1856 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:41.0984 1856 Netlogon - ok
14:43:42.0128 1856 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:43:42.0128 1856 Netman - ok
14:43:42.0292 1856 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:43:42.0300 1856 netprofm - ok
14:43:42.0653 1856 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:43:42.0670 1856 NetTcpPortSharing - ok
14:43:42.0984 1856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:43:42.0986 1856 nfrd960 - ok
14:43:44.0594 1856 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:43:44.0636 1856 NlaSvc - ok
14:43:46.0585 1856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:43:46.0590 1856 Npfs - ok
14:43:46.0834 1856 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:43:46.0837 1856 nsi - ok
14:43:46.0906 1856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:43:46.0906 1856 nsiproxy - ok
14:43:47.0003 1856 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:43:47.0034 1856 Ntfs - ok
14:43:47.0059 1856 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:43:47.0060 1856 Null - ok
14:43:47.0151 1856 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:43:47.0155 1856 nvraid - ok
14:43:47.0224 1856 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:43:47.0232 1856 nvstor - ok
14:43:47.0423 1856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:43:47.0427 1856 nv_agp - ok
14:43:47.0508 1856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:43:47.0511 1856 ohci1394 - ok
14:43:47.0928 1856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:47.0932 1856 ose - ok
14:43:48.0173 1856 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:43:48.0277 1856 osppsvc - ok
14:43:48.0707 1856 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:43:48.0712 1856 p2pimsvc - ok
14:43:48.0884 1856 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:43:48.0899 1856 p2psvc - ok
14:43:49.0029 1856 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:43:49.0038 1856 Parport - ok
14:43:49.0103 1856 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:43:49.0110 1856 partmgr - ok
14:43:49.0140 1856 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:43:49.0145 1856 PcaSvc - ok
14:43:49.0178 1856 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:43:49.0181 1856 pci - ok
14:43:49.0205 1856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:43:49.0215 1856 pciide - ok
14:43:49.0278 1856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:43:49.0319 1856 pcmcia - ok
14:43:49.0441 1856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:43:49.0442 1856 pcw - ok
14:43:49.0567 1856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:43:49.0585 1856 PEAUTH - ok
14:43:49.0740 1856 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:43:49.0743 1856 PerfHost - ok
14:43:49.0848 1856 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:43:49.0881 1856 pla - ok
14:43:49.0941 1856 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:43:49.0958 1856 PlugPlay - ok
14:43:49.0989 1856 PnkBstrA - ok
14:43:50.0019 1856 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:43:50.0025 1856 PNRPAutoReg - ok
14:43:50.0065 1856 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:43:50.0067 1856 PNRPsvc - ok
14:43:50.0115 1856 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:43:50.0135 1856 PolicyAgent - ok
14:43:50.0175 1856 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:43:50.0185 1856 Power - ok
14:43:50.0280 1856 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:43:50.0285 1856 PptpMiniport - ok
14:43:50.0352 1856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:43:50.0357 1856 Processor - ok
14:43:50.0419 1856 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
14:43:50.0424 1856 ProfSvc - ok
14:43:50.0462 1856 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:50.0463 1856 ProtectedStorage - ok
14:43:50.0592 1856 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:43:50.0597 1856 Psched - ok
14:43:50.0721 1856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:43:50.0790 1856 ql2300 - ok
14:43:50.0812 1856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:50.0817 1856 ql40xx - ok
14:43:50.0853 1856 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:43:50.0857 1856 QWAVE - ok
14:43:50.0877 1856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:43:50.0879 1856 QWAVEdrv - ok
14:43:50.0912 1856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:50.0914 1856 RasAcd - ok
14:43:50.0998 1856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:51.0000 1856 RasAgileVpn - ok
14:43:51.0019 1856 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:43:51.0028 1856 RasAuto - ok
14:43:51.0051 1856 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:51.0054 1856 Rasl2tp - ok
14:43:51.0085 1856 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:43:51.0092 1856 RasMan - ok
14:43:51.0116 1856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:51.0118 1856 RasPppoe - ok
14:43:51.0157 1856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:51.0161 1856 RasSstp - ok
14:43:51.0194 1856 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:51.0198 1856 rdbss - ok
14:43:51.0217 1856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:51.0221 1856 rdpbus - ok
14:43:51.0243 1856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:51.0244 1856 RDPCDD - ok
14:43:51.0613 1856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:43:51.0614 1856 RDPENCDD - ok
14:43:51.0661 1856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:43:51.0662 1856 RDPREFMP - ok
14:43:51.0718 1856 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
14:43:51.0724 1856 RDPWD - ok
14:43:51.0760 1856 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:43:51.0764 1856 rdyboost - ok
14:43:51.0840 1856 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:43:51.0844 1856 RemoteAccess - ok
14:43:51.0938 1856 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:43:51.0942 1856 RemoteRegistry - ok
14:43:51.0963 1856 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:43:51.0966 1856 RpcEptMapper - ok
14:43:51.0998 1856 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:43:52.0000 1856 RpcLocator - ok
14:43:52.0051 1856 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:43:52.0055 1856 RpcSs - ok
14:43:52.0082 1856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:52.0084 1856 rspndr - ok
14:43:52.0111 1856 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:43:52.0112 1856 SamSs - ok
14:43:52.0226 1856 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:43:52.0226 1856 SASDIFSV - ok
14:43:52.0280 1856 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:43:52.0281 1856 SASKUTIL - ok
14:43:52.0303 1856 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:43:52.0308 1856 sbp2port - ok
14:43:52.0341 1856 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:43:52.0346 1856 SCardSvr - ok
14:43:52.0366 1856 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:43:52.0416 1856 scfilter - ok
14:43:52.0522 1856 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:43:52.0545 1856 Schedule - ok
14:43:52.0589 1856 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:43:52.0590 1856 SCPolicySvc - ok
14:43:52.0650 1856 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:43:52.0654 1856 SDRSVC - ok
14:43:52.0787 1856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:43:52.0796 1856 secdrv - ok
14:43:52.0829 1856 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:43:52.0832 1856 seclogon - ok
14:43:52.0852 1856 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:43:52.0855 1856 SENS - ok
14:43:52.0872 1856 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:43:52.0875 1856 SensrSvc - ok
14:43:52.0891 1856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:43:52.0895 1856 Serenum - ok
14:43:52.0938 1856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:43:52.0942 1856 Serial - ok
14:43:52.0968 1856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:43:52.0970 1856 sermouse - ok
14:43:52.0998 1856 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:43:53.0001 1856 SessionEnv - ok
14:43:53.0025 1856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:43:53.0026 1856 sffdisk - ok
14:43:53.0041 1856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:43:53.0043 1856 sffp_mmc - ok
14:43:53.0059 1856 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:43:53.0061 1856 sffp_sd - ok
14:43:53.0076 1856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:53.0078 1856 sfloppy - ok
14:43:53.0125 1856 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:43:53.0131 1856 SharedAccess - ok
14:43:53.0195 1856 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:43:53.0212 1856 ShellHWDetection - ok
14:43:53.0224 1856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:53.0226 1856 SiSRaid2 - ok
14:43:53.0257 1856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:53.0266 1856 SiSRaid4 - ok
14:43:53.0331 1856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:43:53.0339 1856 Smb - ok
14:43:53.0378 1856 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:43:53.0383 1856 SNMPTRAP - ok
14:43:53.0447 1856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:43:53.0447 1856 spldr - ok
14:43:53.0553 1856 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:43:53.0642 1856 Spooler - ok
14:43:53.0791 1856 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:43:53.0852 1856 sppsvc - ok
14:43:53.0881 1856 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:43:53.0884 1856 sppuinotify - ok
14:43:53.0939 1856 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:43:53.0946 1856 srv - ok
14:43:53.0996 1856 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:43:54.0002 1856 srv2 - ok
14:43:54.0083 1856 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
14:43:54.0091 1856 SrvHsfPCI - ok
14:43:55.0672 1856 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:43:55.0787 1856 SrvHsfV92 - ok
14:43:57.0001 1856 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:43:57.0021 1856 SrvHsfWinac - ok
14:43:57.0073 1856 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:57.0077 1856 srvnet - ok
14:43:57.0123 1856 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:43:57.0128 1856 SSDPSRV - ok
14:43:57.0159 1856 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:43:57.0168 1856 SstpSvc - ok
14:43:57.0837 1856 Steam Client Service - ok
14:43:58.0020 1856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:43:58.0023 1856 stexstor - ok
14:43:58.0116 1856 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:43:58.0136 1856 stisvc - ok
14:43:58.0166 1856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:43:58.0176 1856 swenum - ok
14:43:58.0250 1856 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:43:58.0258 1856 swprv - ok
14:43:58.0299 1856 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:43:58.0339 1856 SysMain - ok
14:43:58.0362 1856 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:43:58.0366 1856 TabletInputService - ok
14:43:58.0400 1856 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:43:58.0406 1856 TapiSrv - ok
14:43:58.0428 1856 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:43:58.0429 1856 TBS - ok
14:43:58.0482 1856 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:43:58.0518 1856 Tcpip - ok
14:43:58.0582 1856 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:43:58.0594 1856 TCPIP6 - ok
14:43:58.0642 1856 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:43:58.0723 1856 tcpipreg - ok
14:43:58.0748 1856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:43:58.0749 1856 TDPIPE - ok
14:43:58.0772 1856 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:43:58.0775 1856 TDTCP - ok
14:43:58.0795 1856 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:43:58.0797 1856 tdx - ok
14:43:58.0814 1856 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:43:58.0815 1856 TermDD - ok
14:43:58.0842 1856 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:43:58.0867 1856 TermService - ok
14:43:58.0889 1856 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:43:58.0892 1856 Themes - ok
14:43:58.0920 1856 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:43:58.0922 1856 THREADORDER - ok
14:43:58.0967 1856 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:43:58.0971 1856 TrkWks - ok
14:43:59.0022 1856 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:43:59.0023 1856 TrustedInstaller - ok
14:43:59.0194 1856 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:59.0228 1856 tssecsrv - ok
14:43:59.0914 1856 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:43:59.0917 1856 tunnel - ok
14:44:00.0109 1856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:00.0114 1856 uagp35 - ok
14:44:00.0283 1856 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:44:00.0290 1856 udfs - ok
14:44:00.0363 1856 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:44:00.0366 1856 UI0Detect - ok
14:44:00.0386 1856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:00.0386 1856 uliagpkx - ok
14:44:00.0426 1856 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:44:00.0426 1856 umbus - ok
14:44:00.0446 1856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:44:00.0463 1856 UmPass - ok
14:44:00.0493 1856 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:44:00.0499 1856 upnphost - ok
14:44:00.0562 1856 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:44:00.0564 1856 USBAAPL64 - ok
14:44:00.0642 1856 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:44:00.0716 1856 usbaudio - ok
14:44:00.0760 1856 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:00.0763 1856 usbccgp - ok
14:44:00.0809 1856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:00.0813 1856 usbcir - ok
14:44:00.0844 1856 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:00.0846 1856 usbehci - ok
14:44:00.0891 1856 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:00.0897 1856 usbhub - ok
14:44:00.0915 1856 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:44:00.0919 1856 usbohci - ok
14:44:00.0963 1856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:00.0966 1856 usbprint - ok
14:44:01.0001 1856 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:01.0008 1856 USBSTOR - ok
14:44:01.0029 1856 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:01.0031 1856 usbuhci - ok
14:44:01.0098 1856 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:44:01.0101 1856 usbvideo - ok
14:44:01.0217 1856 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:44:01.0220 1856 UxSms - ok
14:44:01.0273 1856 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:44:01.0274 1856 VaultSvc - ok
14:44:01.0563 1856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:01.0563 1856 vdrvroot - ok
14:44:01.0838 1856 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:44:01.0870 1856 vds - ok
14:44:01.0898 1856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:01.0907 1856 vga - ok
14:44:01.0959 1856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:44:01.0963 1856 VgaSave - ok
14:44:02.0018 1856 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:02.0022 1856 vhdmp - ok
14:44:02.0051 1856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:44:02.0056 1856 viaide - ok
14:44:02.0250 1856 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:02.0257 1856 volmgr - ok
14:44:02.0348 1856 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:44:02.0353 1856 volmgrx - ok
14:44:02.0409 1856 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:02.0425 1856 volsnap - ok
14:44:02.0454 1856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:02.0459 1856 vsmraid - ok
14:44:02.0572 1856 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:44:02.0624 1856 VSS - ok
14:44:02.0689 1856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:44:02.0699 1856 vwifibus - ok
14:44:02.0820 1856 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:44:02.0827 1856 W32Time - ok
14:44:02.0862 1856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:02.0864 1856 WacomPen - ok
14:44:02.0923 1856 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:02.0925 1856 WANARP - ok
14:44:02.0942 1856 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:02.0942 1856 Wanarpv6 - ok
14:44:03.0050 1856 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:44:03.0074 1856 WatAdminSvc - ok
14:44:03.0171 1856 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:44:03.0203 1856 wbengine - ok
14:44:03.0227 1856 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:44:03.0233 1856 WbioSrvc - ok
14:44:03.0349 1856 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:44:03.0355 1856 wcncsvc - ok
14:44:03.0406 1856 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:44:03.0440 1856 WcsPlugInService - ok
14:44:03.0577 1856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:44:03.0579 1856 Wd - ok
14:44:03.0634 1856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:44:03.0657 1856 Wdf01000 - ok
14:44:03.0728 1856 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:44:03.0732 1856 WdiServiceHost - ok
14:44:03.0738 1856 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:44:03.0740 1856 WdiSystemHost - ok
14:44:03.0781 1856 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:44:03.0787 1856 WebClient - ok
14:44:03.0811 1856 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:44:03.0816 1856 Wecsvc - ok
14:44:03.0839 1856 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:44:03.0843 1856 wercplsupport - ok
14:44:03.0906 1856 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:44:03.0906 1856 WerSvc - ok
14:44:03.0995 1856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:03.0996 1856 WfpLwf - ok
14:44:04.0017 1856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:44:04.0020 1856 WIMMount - ok
14:44:04.0081 1856 WinDefend - ok
14:44:04.0089 1856 WinHttpAutoProxySvc - ok
14:44:04.0152 1856 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:44:04.0156 1856 Winmgmt - ok
14:44:04.0220 1856 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:44:04.0260 1856 WinRM - ok
14:44:04.0338 1856 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:44:04.0366 1856 Wlansvc - ok
14:44:04.0586 1856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:44:04.0590 1856 WmiAcpi - ok
14:44:04.0643 1856 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:44:04.0722 1856 wmiApSrv - ok
14:44:04.0778 1856 WMPNetworkSvc - ok
14:44:04.0822 1856 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:44:04.0825 1856 WPCSvc - ok
14:44:04.0847 1856 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:44:04.0851 1856 WPDBusEnum - ok
14:44:04.0872 1856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:04.0873 1856 ws2ifsl - ok
14:44:04.0931 1856 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
14:44:04.0935 1856 wscsvc - ok
14:44:04.0943 1856 WSearch - ok
14:44:05.0014 1856 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
14:44:05.0063 1856 wuauserv - ok
14:44:05.0085 1856 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:44:05.0088 1856 WudfPf - ok
14:44:05.0129 1856 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:05.0133 1856 WUDFRd - ok
14:44:05.0154 1856 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:44:05.0164 1856 wudfsvc - ok
14:44:05.0196 1856 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:44:05.0202 1856 WwanSvc - ok
14:44:05.0221 1856 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
14:44:05.0240 1856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:44:05.0240 1856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:44:05.0263 1856 Boot (0x1200) (8cac0fdbbc8847fdcaa54c4c72f487ae) \Device\Harddisk0\DR0\Partition0
14:44:05.0267 1856 \Device\Harddisk0\DR0\Partition0 - ok
14:44:05.0267 1856 ============================================================
14:44:05.0267 1856 Scan finished
14:44:05.0267 1856 ============================================================
14:44:05.0280 3456 Detected object count: 2
14:44:05.0280 3456 Actual detected object count: 2
14:45:52.0765 3456 NEOFLTR_600_13319 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
14:45:52.0765 3456 NEOFLTR_600_13319 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
14:45:53.0224 3456 \Device\Harddisk0\DR0\# - copied to quarantine
14:45:53.0224 3456 \Device\Harddisk0\DR0 - copied to quarantine
14:45:53.0404 3456 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:45:53.0408 3456 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:45:53.0422 3456 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:45:53.0467 3456 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:45:53.0520 3456 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:45:53.0553 3456 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:45:53.0575 3456 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:45:53.0577 3456 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:45:53.0580 3456 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:45:53.0585 3456 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:45:53.0590 3456 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:45:53.0593 3456 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:45:53.0596 3456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:45:53.0596 3456 \Device\Harddisk0\DR0 - ok
14:45:53.0949 3456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:46:36.0844 4600 Deinitialize success

#6 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 07 April 2012 - 04:24 PM

Also, it would seem that I started getting a certificate error (I use chrome) whenever I use Google, Facebook, or Twitter. The error is as follows: "The site's security certificate is signed using a weak signature algorithm!" It doesn't happen when I use Internet Explorer however.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 07 April 2012 - 05:52 PM

you sent me the TDSSKiller report twice - I would like to see the aswMBR report also


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 07 April 2012 - 06:41 PM

Oh wow, sorry. Here is the aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 14:55:33
-----------------------------
14:55:33.568 OS Version: Windows x64 6.1.7600
14:55:33.568 Number of processors: 4 586 0x170A
14:55:33.569 ComputerName: YASEENRAZEQ-PC UserName: Yaseen Razeq
14:55:36.863 Initialize success
14:56:10.436 AVAST engine defs: 12040701
14:56:16.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:56:16.729 Disk 0 Vendor: ST3750630AS SD46 Size: 715404MB BusType: 11
14:56:16.745 Disk 0 MBR read successfully
14:56:16.745 Disk 0 MBR scan
14:56:16.745 Disk 0 Windows 7 default MBR code
14:56:16.745 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
14:56:16.760 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 705401 MB offset 20484096
14:56:16.791 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 1465145344
14:56:16.791 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
14:56:16.838 Disk 0 scanning C:\Windows\system32\drivers
14:56:28.140 Service scanning
14:56:40.838 Service NEOFLTR_600_13319 C:\Windows\system32\zfdwm.dll **INFECTED** Win64:ZAccess-E [Rtk]
14:56:49.329 Modules scanning
14:56:49.828 Disk 0 trace - called modules:
14:56:49.844 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:56:49.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062c3060]
14:56:49.860 3 CLASSPNP.SYS[fffff8800192643f] -> nt!IofCallDriver -> [0xfffffa8005cbe1e0]
14:56:49.860 5 ACPI.sys[fffff88000edf781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800600a060]
14:56:51.747 AVAST engine scan C:\Windows
14:57:01.575 AVAST engine scan C:\Windows\system32
14:57:12.526 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
14:58:46.788 File: C:\Windows\system32\zfdwm.dll **INFECTED** Win64:ZAccess-E [Rtk]
14:58:51.717 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
14:58:54.011 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
15:00:23.063 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
15:00:23.107 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
15:00:24.255 AVAST engine scan C:\Windows\system32\drivers
15:00:38.298 AVAST engine scan C:\Users\Yaseen Razeq
15:07:05.751 AVAST engine scan C:\ProgramData
15:07:54.221 Scan finished successfully
15:08:08.894 Disk 0 MBR has been saved successfully to "C:\Users\Yaseen Razeq\Desktop\MBR.dat"
15:08:08.899 The log file has been saved successfully to "C:\Users\Yaseen Razeq\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 07 April 2012 - 08:32 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 08 April 2012 - 08:36 PM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 08-04-2012 21:30:35
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Yaseen Razeq\...\Run: [Google Update] "C:\Users\Yaseen Razeq\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-12] (Google Inc.)
HKU\Yaseen Razeq\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-11-12] (Valve Corporation)
HKU\Yaseen Razeq\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-07] (SUPERAntiSpyware.com)
HKU\Yaseen Razeq\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17151624 2012-02-29] (Skype Technologies S.A.)
HKU\Yaseen Razeq\...\Policies\system: [disableregistrytools] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 NEOFLTR_600_13319; C:\Windows\System32\zfdwm.dll [6656 2009-07-13] (Oak Technology Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-04] ()
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)

========================== NetSvcs (Whitelisted) ===========
NETSVC: NEOFLTR_600_13319

============ One Month Created Files and Folders ==============

2012-04-08 17:23 - 2012-04-08 17:23 - 1385843 ____A C:\Users\Yaseen Razeq\Downloads\FRST64 (2).exe
2012-04-08 17:23 - 2012-04-08 17:23 - 1385843 ____A C:\Users\Yaseen Razeq\Downloads\FRST64 (1).exe
2012-04-08 10:48 - 2012-04-08 10:48 - 0000013 ____A C:\Users\Yaseen Razeq\Desktop\S.txt
2012-04-07 23:14 - 2012-04-07 23:14 - 1385843 ____A C:\Users\Yaseen Razeq\Downloads\FRST64.exe
2012-04-07 22:52 - 2012-04-07 22:52 - 0282072 ____A C:\Windows\Minidump\040812-48765-01.dmp
2012-04-07 11:08 - 2012-04-07 11:08 - 0002806 ____A C:\Users\Yaseen Razeq\Desktop\aswMBR.txt
2012-04-07 11:08 - 2012-04-07 11:08 - 0000512 ____A C:\Users\Yaseen Razeq\Desktop\MBR.dat
2012-04-07 10:55 - 2012-04-07 10:55 - 4731392 ____A (AVAST Software) C:\Users\Yaseen Razeq\Downloads\aswMBR.exe
2012-04-07 10:45 - 2012-04-07 10:45 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-07 10:41 - 2012-04-07 10:46 - 0119374 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_14.41.58_log.txt
2012-04-07 10:41 - 2012-04-07 10:41 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Yaseen Razeq\Downloads\tdsskiller.exe
2012-04-07 10:38 - 2012-04-07 10:38 - 0000000 ____D C:\Windows\system64
2012-04-07 01:02 - 2012-04-07 01:02 - 0017547 ____A C:\ComboFix.txt
2012-04-07 00:32 - 2012-04-07 14:37 - 0000000 ___SD C:\ComboFix
2012-04-07 00:31 - 2012-04-07 00:31 - 4452287 ____R (Swearware) C:\Users\Yaseen Razeq\Downloads\ComboFix.exe
2012-04-07 00:01 - 2012-04-07 00:01 - 0005020 ____A C:\Users\Yaseen Razeq\Desktop\ark.txt
2012-04-06 23:40 - 2012-04-06 23:40 - 0001168 ____A C:\Users\Yaseen Razeq\Desktop\bleepingcomputer.txt
2012-04-06 23:25 - 2011-07-16 14:21 - 0302592 ____A C:\Users\Yaseen Razeq\Desktop\gmer.exe
2012-04-06 23:19 - 2012-04-06 23:24 - 0294216 ____A C:\Users\Yaseen Razeq\Desktop\gmer.zip
2012-04-06 23:19 - 2012-04-06 23:19 - 0017556 ____A C:\Users\Yaseen Razeq\Desktop\Attach.txt
2012-04-06 23:19 - 2012-04-06 23:19 - 0002014 ____A C:\Users\Yaseen Razeq\Desktop\mbam-log-2012-04-07 (03-18-03).txt
2012-04-06 23:18 - 2012-04-06 23:18 - 0016030 ____A C:\Users\Yaseen Razeq\Desktop\DDS.txt
2012-04-06 23:15 - 2012-04-06 23:15 - 0607260 ____R (Swearware) C:\Users\Yaseen Razeq\Downloads\dds.scr
2012-04-06 23:11 - 2012-04-06 23:12 - 0274360 ____A C:\Windows\Minidump\040712-30451-01.dmp
2012-04-06 22:58 - 2012-04-06 22:58 - 0270120 ____A C:\Windows\Minidump\040712-42947-01.dmp
2012-04-06 22:56 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-06 22:56 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-06 22:56 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-06 22:56 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-06 22:56 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-06 22:56 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-06 22:56 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-06 22:56 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-06 22:39 - 2012-04-06 22:39 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-06 22:39 - 2012-04-06 22:39 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-06 22:34 - 2012-04-06 22:34 - 0270120 ____A C:\Windows\Minidump\040712-34569-01.dmp
2012-04-06 22:24 - 2012-04-06 22:24 - 0274360 ____A C:\Windows\Minidump\040712-33009-01.dmp
2012-04-06 22:21 - 2012-04-06 22:21 - 0282072 ____A C:\Windows\Minidump\040712-31777-01.dmp
2012-04-06 11:56 - 2012-04-06 17:34 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-04-06 11:56 - 2012-04-06 11:56 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-06 11:56 - 2012-04-06 11:56 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-06 11:55 - 2012-04-06 17:34 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\sdasetup_dl
2012-04-06 11:51 - 2012-04-06 11:54 - 66321419 ____A C:\Users\Yaseen Razeq\Downloads\sdasetup_dl.rar
2012-04-06 01:29 - 2012-04-06 01:29 - 0025169 ____A C:\Users\Yaseen Razeq\Downloads\224572_2264452859786_1502437357_2474387_920138_n.jpg
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-06 00:12 - 2012-04-07 14:37 - 0000000 ____D C:\Windows\ERDNT
2012-04-06 00:12 - 2012-04-07 14:35 - 0000000 ____D C:\Qoobox
2012-04-05 12:45 - 2012-04-05 12:46 - 2417651 ____A C:\Users\Yaseen Razeq\Downloads\Chuckie Ft Gregor Salto 'What Happens In Vegas' (Pierce Fulton Remix).mp3
2012-04-05 12:45 - 2012-04-05 12:45 - 1858506 ____A C:\Users\Yaseen Razeq\Downloads\Chuckie - Who Is Ready To Jump.mp3
2012-04-05 12:44 - 2012-04-05 12:44 - 3640269 ____A C:\Users\Yaseen Razeq\Downloads\Katy Perry - Dressin' Up (Lyric Video).mp3
2012-04-05 12:42 - 2012-04-05 12:43 - 5954224 ____A C:\Users\Yaseen Razeq\Downloads\Arty & Mat Zo - Rebound (ORIGINAL) [HD].mp3
2012-04-05 12:41 - 2012-04-05 12:42 - 5915226 ____A C:\Users\Yaseen Razeq\Downloads\Porter Robinson - Language.mp3
2012-04-05 12:40 - 2012-04-05 12:41 - 3332652 ____A C:\Users\Yaseen Razeq\Downloads\Demi Lovato - Give Your Heart A Break (Lyric video).mp3
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\SUPERAntiSpyware.com
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-05 11:41 - 2012-04-05 11:41 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\Secunia PSI
2012-04-05 11:38 - 2012-04-05 11:38 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-04-05 10:59 - 2012-04-05 10:59 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\Yaseen Razeq\Downloads\chromeinstall-6u31.exe
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\PCPro
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\PC Cleaners
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\Users\All Users\PC1Data
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\ProgramData\PC1Data
2012-04-05 10:50 - 2012-04-05 10:49 - 4039952 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-04-05 10:49 - 2012-04-05 10:49 - 4039952 ____A (PC Cleaners) C:\Users\Yaseen Razeq\Downloads\PC_Cleaner_Pro_Installer_app3.exe
2012-04-05 07:43 - 2012-04-05 07:43 - 0274360 ____A C:\Windows\Minidump\040512-35084-01.dmp
2012-04-04 13:56 - 2012-04-06 22:58 - 0320780 ____A C:\Windows\ntbtlog.txt
2012-04-04 13:56 - 2012-04-04 13:56 - 0274360 ____A C:\Windows\Minidump\040412-29889-01.dmp
2012-04-04 13:53 - 2012-04-04 13:53 - 0282072 ____A C:\Windows\Minidump\040412-21730-01.dmp
2012-04-03 20:23 - 2012-04-04 17:51 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\Apps\F.lux
2012-04-02 21:08 - 2012-04-02 21:08 - 0071694 ____A C:\Users\Yaseen Razeq\Documents\bookmarks_4_3_12.html
2012-04-02 20:41 - 2012-04-02 20:41 - 0980480 ____A C:\Users\Yaseen Razeq\Downloads\MicrosoftFixit50267.msi
2012-04-02 20:03 - 2012-04-02 20:03 - 0282072 ____A C:\Windows\Minidump\040312-44475-01.dmp
2012-04-01 00:44 - 2012-04-01 00:44 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-30 22:28 - 2012-03-30 22:28 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\MalwareBytes_Anti-Malware_1.60.0.180
2012-03-30 22:24 - 2012-03-30 22:27 - 11217535 ____A C:\Users\Yaseen Razeq\Downloads\MalwareBytes_Anti-Malware_1.60.0.180.rar
2012-03-30 21:49 - 2012-04-08 10:39 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-30 11:41 - 2012-03-30 11:41 - 0000219 ____A C:\Users\Yaseen Razeq\Desktop\Counter-Strike Global Offensive Beta.url
2012-03-30 11:15 - 2012-03-30 11:15 - 0282072 ____A C:\Windows\Minidump\033012-25365-01.dmp
2012-03-29 23:09 - 2012-03-29 23:09 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-29 23:08 - 2012-03-29 23:09 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 23:08 - 2012-03-29 23:08 - 0000000 ____D C:\Program Files\iPod
2012-03-28 19:07 - 2012-03-28 19:07 - 1724492 ____A C:\Users\Yaseen Razeq\Downloads\photo.JPG
2012-03-27 19:35 - 2012-03-27 20:02 - 3870984 ____A C:\Users\Yaseen Razeq\Downloads\Snow Patrol - Called Out In The Dark (Audio Only).mp3
2012-03-26 22:50 - 2012-03-26 22:50 - 0282072 ____A C:\Windows\Minidump\032712-21262-01.dmp
2012-03-26 00:25 - 2012-03-26 00:25 - 11194612 ____A C:\Users\Yaseen Razeq\Downloads\b506Starships (DalePlay Remix).mp3
2012-03-25 21:52 - 2012-03-25 21:52 - 0282072 ____A C:\Windows\Minidump\032612-20451-01.dmp
2012-03-25 19:56 - 2012-03-25 19:57 - 3378217 ____A C:\Users\Yaseen Razeq\Downloads\NEW!! Pop Dance Skrillex.mp3
2012-03-24 12:40 - 2012-03-24 12:40 - 0282072 ____A C:\Windows\Minidump\032412-22074-01.dmp
2012-03-24 00:10 - 2012-03-24 00:10 - 0282072 ____A C:\Windows\Minidump\032412-25038-01.dmp
2012-03-22 23:31 - 2012-03-22 23:31 - 0203748 ____A C:\Users\Yaseen Razeq\Desktop\Sad Dad.png
2012-03-22 23:30 - 2012-03-22 23:29 - 0049558 ____A C:\Users\Yaseen Razeq\Desktop\RIP.jpg
2012-03-22 12:27 - 2012-03-22 12:27 - 0282072 ____A C:\Windows\Minidump\032212-20779-01.dmp
2012-03-20 07:42 - 2012-03-20 07:42 - 0282072 ____A C:\Windows\Minidump\032012-20950-01.dmp
2012-03-17 23:57 - 2012-03-17 23:57 - 0282072 ____A C:\Windows\Minidump\031812-25896-01.dmp
2012-03-17 12:47 - 2012-03-17 12:47 - 0282072 ____A C:\Windows\Minidump\031712-24507-01.dmp
2012-03-17 10:03 - 2012-03-17 10:03 - 0000162 ___AH C:\Users\Yaseen Razeq\Documents\~$SINESS PLAN.docx
2012-03-14 20:28 - 2012-04-04 22:00 - 0033106 ____A C:\Users\Yaseen Razeq\Documents\BUSINESS PLAN.docx
2012-03-14 14:28 - 2012-04-07 14:37 - 0000000 ____D C:\Windows\AutoKMS
2012-03-14 14:23 - 2012-03-14 14:23 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\MT231_ldomancic_warez-bb.org
2012-03-14 14:22 - 2012-03-14 14:23 - 27099578 ____A C:\Users\Yaseen Razeq\Downloads\MT231_ldomancic_warez-bb.org.rar
2012-03-14 14:18 - 2012-03-14 14:18 - 0000162 ___AH C:\Users\Yaseen Razeq\Documents\~$ver Letter.docx
2012-03-13 20:16 - 2012-03-14 14:30 - 0025832 ____A C:\Users\Yaseen Razeq\Documents\Cover Letter.docx
2012-03-13 19:38 - 2012-03-13 20:27 - 0020442 ____A C:\Users\Yaseen Razeq\Desktop\Resume.docx
2012-03-13 16:05 - 2012-03-13 16:05 - 0282072 ____A C:\Windows\Minidump\031312-22292-01.dmp
2012-03-13 11:50 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 11:50 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 11:50 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 11:50 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 11:50 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 11:50 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 11:50 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 11:50 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 11:50 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 11:50 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 11:50 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 11:50 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 11:50 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 11:50 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 11:50 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 11:50 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 11:50 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 11:50 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-10 14:16 - 2012-03-10 14:16 - 0817947 ____A C:\Users\Yaseen Razeq\Desktop\IMAG1041.jpg
2012-03-10 13:31 - 2012-03-10 13:31 - 0282072 ____A C:\Windows\Minidump\031012-21294-01.dmp


============ 3 Months Modified Files and Folders =============

2012-04-08 21:30 - 2012-04-08 21:30 - 0000000 ____D C:\FRST
2012-04-08 17:28 - 2011-11-12 02:24 - 1692244 ____A C:\Windows\WindowsUpdate.log
2012-04-08 17:28 - 2009-07-13 20:45 - 0015472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 17:28 - 2009-07-13 20:45 - 0015472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 17:24 - 2009-07-13 21:13 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 17:23 - 2012-04-08 17:23 - 1385843 ____A C:\Users\Yaseen Razeq\Downloads\FRST64 (2).exe
2012-04-08 17:23 - 2012-04-08 17:23 - 1385843 ____A C:\Users\Yaseen Razeq\Downloads\FRST64 (1).exe
2012-04-08 17:22 - 2009-07-13 20:51 - 0037057 ____A C:\Windows\setupact.log
2012-04-08 17:09 - 2011-11-12 01:26 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\PMB Files
2012-04-08 17:03 - 2011-11-12 00:58 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\Skype
2012-04-08 16:30 - 2011-11-12 01:15 - 0000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205780895-299214005-3157646644-1001UA.job
2012-04-08 16:27 - 2011-11-12 01:46 - 0000000 ____D C:\Users\Yaseen Razeq\riotsGamesLogs
2012-04-08 14:30 - 2011-11-12 01:14 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205780895-299214005-3157646644-1001Core.job
2012-04-08 11:43 - 2011-11-12 01:39 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-08 10:48 - 2012-04-08 10:48 - 0000013 ____A C:\Users\Yaseen Razeq\Desktop\S.txt
2012-04-08 10:39 - 2012-03-30 21:49 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-08 10:38 - 2011-11-10 17:51 - 535433216 __ASH C:\hiberfil.sys
2012-04-08 10:38 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-07 23:14 - 2012-04-07 23:14 - 1385843 ____A C:\Users\Yaseen Razeq\Downloads\FRST64.exe
2012-04-07 22:52 - 2012-04-07 22:52 - 0282072 ____A C:\Windows\Minidump\040812-48765-01.dmp
2012-04-07 22:52 - 2011-11-12 02:22 - 0000000 ____D C:\Windows\Minidump
2012-04-07 22:52 - 2011-11-12 02:21 - 542903902 ____A C:\Windows\MEMORY.DMP
2012-04-07 14:37 - 2012-04-07 00:32 - 0000000 ___SD C:\ComboFix
2012-04-07 14:37 - 2012-04-06 00:12 - 0000000 ____D C:\Windows\ERDNT
2012-04-07 14:37 - 2012-03-14 14:28 - 0000000 ____D C:\Windows\AutoKMS
2012-04-07 14:37 - 2011-12-13 15:29 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 14:37 - 2011-12-13 15:29 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 14:37 - 2011-11-12 01:26 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-07 14:37 - 2011-11-12 01:26 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-07 14:37 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-07 14:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-07 14:35 - 2012-04-06 00:12 - 0000000 ____D C:\Qoobox
2012-04-07 12:13 - 2011-11-12 00:58 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-07 12:13 - 2011-11-12 00:58 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-07 11:30 - 2011-11-12 01:15 - 0002442 ____A C:\Users\Yaseen Razeq\Desktop\Google Chrome.lnk
2012-04-07 11:08 - 2012-04-07 11:08 - 0002806 ____A C:\Users\Yaseen Razeq\Desktop\aswMBR.txt
2012-04-07 11:08 - 2012-04-07 11:08 - 0000512 ____A C:\Users\Yaseen Razeq\Desktop\MBR.dat
2012-04-07 10:55 - 2012-04-07 10:55 - 4731392 ____A (AVAST Software) C:\Users\Yaseen Razeq\Downloads\aswMBR.exe
2012-04-07 10:46 - 2012-04-07 10:41 - 0119374 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_14.41.58_log.txt
2012-04-07 10:45 - 2012-04-07 10:45 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-07 10:41 - 2012-04-07 10:41 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Yaseen Razeq\Downloads\tdsskiller.exe
2012-04-07 10:39 - 2011-11-12 00:21 - 0000000 ____D C:\users\Yaseen Razeq
2012-04-07 10:38 - 2012-04-07 10:38 - 0000000 ____D C:\Windows\system64
2012-04-07 10:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-07 02:08 - 2011-11-21 14:02 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\TS3Client
2012-04-07 02:07 - 2011-11-13 09:04 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-07 02:03 - 2011-11-20 15:28 - 0000000 ____D C:\Riot Games
2012-04-07 02:03 - 2011-11-12 00:58 - 0000000 ____D C:\Users\All Users\Skype
2012-04-07 02:03 - 2011-11-12 00:58 - 0000000 ____D C:\ProgramData\Skype
2012-04-07 02:03 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-07 02:03 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-07 01:02 - 2012-04-07 01:02 - 0017547 ____A C:\ComboFix.txt
2012-04-07 00:45 - 2009-07-13 18:34 - 61603840 ____A C:\Windows\System32\config\software.bak
2012-04-07 00:45 - 2009-07-13 18:34 - 14942208 ____A C:\Windows\System32\config\system.bak
2012-04-07 00:45 - 2009-07-13 18:34 - 0786432 ____A C:\Windows\System32\config\default.bak
2012-04-07 00:45 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-07 00:45 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-07 00:31 - 2012-04-07 00:31 - 4452287 ____R (Swearware) C:\Users\Yaseen Razeq\Downloads\ComboFix.exe
2012-04-07 00:01 - 2012-04-07 00:01 - 0005020 ____A C:\Users\Yaseen Razeq\Desktop\ark.txt
2012-04-06 23:40 - 2012-04-06 23:40 - 0001168 ____A C:\Users\Yaseen Razeq\Desktop\bleepingcomputer.txt
2012-04-06 23:24 - 2012-04-06 23:19 - 0294216 ____A C:\Users\Yaseen Razeq\Desktop\gmer.zip
2012-04-06 23:19 - 2012-04-06 23:19 - 0017556 ____A C:\Users\Yaseen Razeq\Desktop\Attach.txt
2012-04-06 23:19 - 2012-04-06 23:19 - 0002014 ____A C:\Users\Yaseen Razeq\Desktop\mbam-log-2012-04-07 (03-18-03).txt
2012-04-06 23:18 - 2012-04-06 23:18 - 0016030 ____A C:\Users\Yaseen Razeq\Desktop\DDS.txt
2012-04-06 23:15 - 2012-04-06 23:15 - 0607260 ____R (Swearware) C:\Users\Yaseen Razeq\Downloads\dds.scr
2012-04-06 23:12 - 2012-04-06 23:11 - 0274360 ____A C:\Windows\Minidump\040712-30451-01.dmp
2012-04-06 23:07 - 2011-11-12 01:10 - 0013300 ____A C:\Windows\PFRO.log
2012-04-06 22:58 - 2012-04-06 22:58 - 0270120 ____A C:\Windows\Minidump\040712-42947-01.dmp
2012-04-06 22:58 - 2012-04-04 13:56 - 0320780 ____A C:\Windows\ntbtlog.txt
2012-04-06 22:39 - 2012-04-06 22:39 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-06 22:39 - 2012-04-06 22:39 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-06 22:34 - 2012-04-06 22:34 - 0270120 ____A C:\Windows\Minidump\040712-34569-01.dmp
2012-04-06 22:24 - 2012-04-06 22:24 - 0274360 ____A C:\Windows\Minidump\040712-33009-01.dmp
2012-04-06 22:21 - 2012-04-06 22:21 - 0282072 ____A C:\Windows\Minidump\040712-31777-01.dmp
2012-04-06 17:34 - 2012-04-06 11:56 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-04-06 17:34 - 2012-04-06 11:55 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\sdasetup_dl
2012-04-06 11:56 - 2012-04-06 11:56 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-06 11:56 - 2012-04-06 11:56 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-06 11:54 - 2012-04-06 11:51 - 66321419 ____A C:\Users\Yaseen Razeq\Downloads\sdasetup_dl.rar
2012-04-06 01:29 - 2012-04-06 01:29 - 0025169 ____A C:\Users\Yaseen Razeq\Downloads\224572_2264452859786_1502437357_2474387_920138_n.jpg
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-06 00:22 - 2012-04-06 00:22 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-06 00:11 - 2010-12-24 19:38 - 0001880 ___AH C:\rkill.log
2012-04-05 12:46 - 2012-04-05 12:45 - 2417651 ____A C:\Users\Yaseen Razeq\Downloads\Chuckie Ft Gregor Salto 'What Happens In Vegas' (Pierce Fulton Remix).mp3
2012-04-05 12:45 - 2012-04-05 12:45 - 1858506 ____A C:\Users\Yaseen Razeq\Downloads\Chuckie - Who Is Ready To Jump.mp3
2012-04-05 12:44 - 2012-04-05 12:44 - 3640269 ____A C:\Users\Yaseen Razeq\Downloads\Katy Perry - Dressin' Up (Lyric Video).mp3
2012-04-05 12:43 - 2012-04-05 12:42 - 5954224 ____A C:\Users\Yaseen Razeq\Downloads\Arty & Mat Zo - Rebound (ORIGINAL) [HD].mp3
2012-04-05 12:42 - 2012-04-05 12:41 - 5915226 ____A C:\Users\Yaseen Razeq\Downloads\Porter Robinson - Language.mp3
2012-04-05 12:41 - 2012-04-05 12:40 - 3332652 ____A C:\Users\Yaseen Razeq\Downloads\Demi Lovato - Give Your Heart A Break (Lyric video).mp3
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\SUPERAntiSpyware.com
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-05 11:41 - 2012-04-05 11:41 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\Secunia PSI
2012-04-05 11:38 - 2012-04-05 11:38 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-04-05 10:59 - 2012-04-05 10:59 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\Yaseen Razeq\Downloads\chromeinstall-6u31.exe
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\PCPro
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\PC Cleaners
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\Users\All Users\PC1Data
2012-04-05 10:50 - 2012-04-05 10:50 - 0000000 ____D C:\ProgramData\PC1Data
2012-04-05 10:49 - 2012-04-05 10:50 - 4039952 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-04-05 10:49 - 2012-04-05 10:49 - 4039952 ____A (PC Cleaners) C:\Users\Yaseen Razeq\Downloads\PC_Cleaner_Pro_Installer_app3.exe
2012-04-05 07:43 - 2012-04-05 07:43 - 0274360 ____A C:\Windows\Minidump\040512-35084-01.dmp
2012-04-04 22:00 - 2012-03-14 20:28 - 0033106 ____A C:\Users\Yaseen Razeq\Documents\BUSINESS PLAN.docx
2012-04-04 17:51 - 2012-04-03 20:23 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\Apps\F.lux
2012-04-04 17:51 - 2011-12-25 17:11 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 17:48 - 2011-11-12 01:14 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\Google
2012-04-04 13:56 - 2012-04-04 13:56 - 0274360 ____A C:\Windows\Minidump\040412-29889-01.dmp
2012-04-04 13:53 - 2012-04-04 13:53 - 0282072 ____A C:\Windows\Minidump\040412-21730-01.dmp
2012-04-02 21:08 - 2012-04-02 21:08 - 0071694 ____A C:\Users\Yaseen Razeq\Documents\bookmarks_4_3_12.html
2012-04-02 20:41 - 2012-04-02 20:41 - 0980480 ____A C:\Users\Yaseen Razeq\Downloads\MicrosoftFixit50267.msi
2012-04-02 20:03 - 2012-04-02 20:03 - 0282072 ____A C:\Windows\Minidump\040312-44475-01.dmp
2012-04-01 19:05 - 2011-11-12 02:14 - 0000000 ____D C:\Users\Yaseen Razeq\IPOD
2012-04-01 00:44 - 2012-04-01 00:44 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-30 22:28 - 2012-03-30 22:28 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\MalwareBytes_Anti-Malware_1.60.0.180
2012-03-30 22:27 - 2012-03-30 22:24 - 11217535 ____A C:\Users\Yaseen Razeq\Downloads\MalwareBytes_Anti-Malware_1.60.0.180.rar
2012-03-30 11:41 - 2012-03-30 11:41 - 0000219 ____A C:\Users\Yaseen Razeq\Desktop\Counter-Strike Global Offensive Beta.url
2012-03-30 11:15 - 2012-03-30 11:15 - 0282072 ____A C:\Windows\Minidump\033012-25365-01.dmp
2012-03-29 23:09 - 2012-03-29 23:09 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-29 23:09 - 2012-03-29 23:08 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 23:09 - 2012-03-07 12:37 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 23:08 - 2012-03-29 23:08 - 0000000 ____D C:\Program Files\iPod
2012-03-28 19:07 - 2012-03-28 19:07 - 1724492 ____A C:\Users\Yaseen Razeq\Downloads\photo.JPG
2012-03-27 20:02 - 2012-03-27 19:35 - 3870984 ____A C:\Users\Yaseen Razeq\Downloads\Snow Patrol - Called Out In The Dark (Audio Only).mp3
2012-03-26 22:50 - 2012-03-26 22:50 - 0282072 ____A C:\Windows\Minidump\032712-21262-01.dmp
2012-03-26 00:25 - 2012-03-26 00:25 - 11194612 ____A C:\Users\Yaseen Razeq\Downloads\b506Starships (DalePlay Remix).mp3
2012-03-25 21:52 - 2012-03-25 21:52 - 0282072 ____A C:\Windows\Minidump\032612-20451-01.dmp
2012-03-25 19:57 - 2012-03-25 19:56 - 3378217 ____A C:\Users\Yaseen Razeq\Downloads\NEW!! Pop Dance Skrillex.mp3
2012-03-24 15:57 - 2011-11-15 14:23 - 0000000 ____D C:\Windows\.jagex_cache_32
2012-03-24 12:40 - 2012-03-24 12:40 - 0282072 ____A C:\Windows\Minidump\032412-22074-01.dmp
2012-03-24 00:10 - 2012-03-24 00:10 - 0282072 ____A C:\Windows\Minidump\032412-25038-01.dmp
2012-03-23 15:39 - 2011-11-12 11:11 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\Skyrim
2012-03-22 23:31 - 2012-03-22 23:31 - 0203748 ____A C:\Users\Yaseen Razeq\Desktop\Sad Dad.png
2012-03-22 23:29 - 2012-03-22 23:30 - 0049558 ____A C:\Users\Yaseen Razeq\Desktop\RIP.jpg
2012-03-22 12:27 - 2012-03-22 12:27 - 0282072 ____A C:\Windows\Minidump\032212-20779-01.dmp
2012-03-20 07:42 - 2012-03-20 07:42 - 0282072 ____A C:\Windows\Minidump\032012-20950-01.dmp
2012-03-17 23:57 - 2012-03-17 23:57 - 0282072 ____A C:\Windows\Minidump\031812-25896-01.dmp
2012-03-17 12:47 - 2012-03-17 12:47 - 0282072 ____A C:\Windows\Minidump\031712-24507-01.dmp
2012-03-17 10:03 - 2012-03-17 10:03 - 0000162 ___AH C:\Users\Yaseen Razeq\Documents\~$SINESS PLAN.docx
2012-03-14 14:30 - 2012-03-13 20:16 - 0025832 ____A C:\Users\Yaseen Razeq\Documents\Cover Letter.docx
2012-03-14 14:27 - 2011-11-16 18:08 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 14:27 - 2011-11-16 18:08 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 14:23 - 2012-03-14 14:23 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\MT231_ldomancic_warez-bb.org
2012-03-14 14:23 - 2012-03-14 14:22 - 27099578 ____A C:\Users\Yaseen Razeq\Downloads\MT231_ldomancic_warez-bb.org.rar
2012-03-14 14:18 - 2012-03-14 14:18 - 0000162 ___AH C:\Users\Yaseen Razeq\Documents\~$ver Letter.docx
2012-03-13 23:18 - 2009-07-13 20:45 - 0433848 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 20:27 - 2012-03-13 19:38 - 0020442 ____A C:\Users\Yaseen Razeq\Desktop\Resume.docx
2012-03-13 16:05 - 2012-03-13 16:05 - 0282072 ____A C:\Windows\Minidump\031312-22292-01.dmp
2012-03-10 14:16 - 2012-03-10 14:16 - 0817947 ____A C:\Users\Yaseen Razeq\Desktop\IMAG1041.jpg
2012-03-10 13:31 - 2012-03-10 13:31 - 0282072 ____A C:\Windows\Minidump\031012-21294-01.dmp
2012-03-08 14:02 - 2012-03-08 14:02 - 0282072 ____A C:\Windows\Minidump\030812-20982-01.dmp
2012-03-08 13:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-08 00:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-08 00:03 - 2012-03-08 00:00 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-08 00:02 - 2012-03-08 00:02 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-08 00:02 - 2012-03-08 00:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-08 00:02 - 2012-03-08 00:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-08 00:02 - 2012-03-08 00:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-08 00:02 - 2012-03-08 00:02 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-08 00:02 - 2012-03-08 00:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-08 00:02 - 2012-03-08 00:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-08 00:02 - 2012-03-08 00:02 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-08 00:02 - 2012-03-08 00:02 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-08 00:02 - 2012-03-08 00:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-08 00:02 - 2012-03-08 00:02 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-08 00:02 - 2012-03-08 00:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-08 00:02 - 2012-03-08 00:02 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-08 00:02 - 2012-03-08 00:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-08 00:02 - 2012-03-08 00:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-07 19:36 - 2012-03-07 19:35 - 0282072 ____A C:\Windows\Minidump\030712-22120-01.dmp
2012-03-07 15:34 - 2012-03-07 15:34 - 0282072 ____A C:\Windows\Minidump\030712-26800-01.dmp
2012-03-06 15:54 - 2012-03-06 15:54 - 0282072 ____A C:\Windows\Minidump\030612-21840-01.dmp
2012-03-05 17:36 - 2012-03-05 17:36 - 0282072 ____A C:\Windows\Minidump\030512-30045-01.dmp
2012-03-05 13:55 - 2012-03-05 13:55 - 7762200 ____A C:\Users\Yaseen Razeq\Downloads\RafaŽl Frost - Red (Original Mix) [HQ].mp3
2012-03-05 13:54 - 2012-03-05 13:53 - 3120321 ____A C:\Users\Yaseen Razeq\Downloads\ATC - All Around The World (la la la la la la la la).mp3
2012-03-05 12:46 - 2012-03-05 12:46 - 0282072 ____A C:\Windows\Minidump\030512-33649-01.dmp
2012-03-04 22:20 - 2012-03-04 22:20 - 0282072 ____A C:\Windows\Minidump\030512-24585-01.dmp
2012-03-03 18:02 - 2012-03-03 18:02 - 0216879 ____A C:\Users\Yaseen Razeq\Desktop\makeup.jpg
2012-03-03 17:35 - 2012-03-03 17:35 - 0282072 ____A C:\Windows\Minidump\030312-25069-01.dmp
2012-03-03 13:37 - 2012-03-03 13:37 - 0282072 ____A C:\Windows\Minidump\030312-24476-01.dmp
2012-03-03 01:23 - 2012-03-03 01:24 - 0060422 ____A C:\Users\Yaseen Razeq\Desktop\lightning scar.jpg
2012-03-02 22:54 - 2012-03-02 22:54 - 0282072 ____A C:\Windows\Minidump\030312-27456-01.dmp
2012-03-01 22:32 - 2012-03-01 22:32 - 0282072 ____A C:\Windows\Minidump\030212-24866-01.dmp
2012-02-29 23:21 - 2012-02-29 23:21 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\348_How_the_Stock_Market_Work
2012-02-29 23:21 - 2012-02-29 23:20 - 7216827 ____A C:\Users\Yaseen Razeq\Downloads\348_How_the_Stock_Market_Work.rar
2012-02-29 10:44 - 2012-02-29 10:44 - 0282072 ____A C:\Windows\Minidump\022912-25833-01.dmp
2012-02-29 07:49 - 2012-02-28 13:49 - 0016267 ____A C:\Users\Yaseen Razeq\Documents\Works Cited fnl rsrch paper.docx
2012-02-29 07:49 - 2012-02-26 15:08 - 0018910 ____A C:\Users\Yaseen Razeq\Documents\Final Rsrch Paper.docx
2012-02-28 16:50 - 2012-02-28 16:50 - 1205760 ____A C:\Users\Yaseen Razeq\Downloads\FALL 2011 8 WEEK LESSON 4 np.ppt
2012-02-28 16:50 - 2012-02-28 16:50 - 0696320 ____A C:\Users\Yaseen Razeq\Downloads\Lesson 3 Powerpoint NP.ppt
2012-02-28 16:50 - 2012-02-28 16:50 - 0670720 ____A C:\Users\Yaseen Razeq\Downloads\Lesson 5 PWPT NP.ppt
2012-02-28 16:50 - 2012-02-28 16:50 - 0391680 ____A C:\Users\Yaseen Razeq\Downloads\SDV 100 LESSON 6 PWPT NP.ppt
2012-02-28 16:50 - 2012-02-28 16:50 - 0374272 ____A C:\Users\Yaseen Razeq\Downloads\SPRING 1ST 8 WEEKS 2012 NP[1].ppt
2012-02-28 16:50 - 2012-02-28 16:50 - 0342016 ____A C:\Users\Yaseen Razeq\Downloads\8 Week Lesson 2 PWPT NP.ppt
2012-02-28 16:50 - 2012-02-28 16:50 - 0249856 ____A C:\Users\Yaseen Razeq\Downloads\Lesson 7 PWPT NP.ppt
2012-02-28 16:49 - 2012-02-28 16:49 - 0074240 ____A C:\Users\Yaseen Razeq\Downloads\8 Week Final Exam Student Study Guide.doc
2012-02-28 14:10 - 2012-02-28 14:10 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (7).rtf
2012-02-28 13:08 - 2012-02-28 13:08 - 0958615 ____A C:\Users\Yaseen Razeq\Desktop\life.gif
2012-02-27 20:54 - 2012-02-27 20:54 - 2287104 ____A C:\Users\Yaseen Razeq\Downloads\Unit7ModuleA (2).ppt
2012-02-27 20:54 - 2012-02-27 20:54 - 2285056 ____A C:\Users\Yaseen Razeq\Downloads\Unit7ModuleA (1).ppt
2012-02-27 20:17 - 2012-02-27 20:17 - 0282072 ____A C:\Windows\Minidump\022712-24492-01.dmp
2012-02-26 15:04 - 2012-02-26 15:04 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (6).rtf
2012-02-26 15:03 - 2012-02-26 15:03 - 0000039 ____A C:\Users\Yaseen Razeq\Desktop\rteacct.txt
2012-02-26 13:44 - 2012-02-26 13:44 - 8260359 ____A C:\Users\Yaseen Razeq\Downloads\Pop Dance.mp3
2012-02-26 12:18 - 2012-02-08 22:28 - 0000000 ____D C:\Users\Yaseen Razeq\Documents\LOLReplay
2012-02-25 23:22 - 2012-02-25 23:22 - 0282072 ____A C:\Windows\Minidump\022612-23805-01.dmp
2012-02-24 19:28 - 2012-02-24 19:28 - 0004386 ____A C:\Users\Yaseen Razeq\Downloads\Download (2).pdf
2012-02-24 19:28 - 2012-02-24 19:28 - 0004385 ____A C:\Users\Yaseen Razeq\Downloads\Download (1).pdf
2012-02-24 19:27 - 2012-02-24 19:27 - 0004385 ____A C:\Users\Yaseen Razeq\Downloads\Download.pdf
2012-02-24 19:21 - 2011-11-28 12:41 - 0000032 ____A C:\Users\Yaseen Razeq\jagex_cl_runescape_LIVE.dat
2012-02-24 13:10 - 2012-02-24 13:10 - 0282072 ____A C:\Windows\Minidump\022412-25537-01.dmp
2012-02-24 10:16 - 2012-02-24 10:16 - 0279028 ____A C:\Users\Yaseen Razeq\Desktop\tumblr_lxcksbDLxt1qevzluo1_1280.jpg
2012-02-23 17:00 - 2012-02-23 17:00 - 0207883 ____A C:\Users\Yaseen Razeq\Desktop\sick.jpg
2012-02-23 16:30 - 2012-02-23 16:30 - 0259665 ____A C:\Users\Yaseen Razeq\Desktop\space.jpg
2012-02-22 22:18 - 2012-02-22 22:18 - 11603225 ____A C:\Users\Yaseen Razeq\Downloads\7b88lazerswag.mp3
2012-02-22 11:58 - 2011-11-13 09:04 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-21 22:55 - 2012-02-21 20:20 - 0017172 ____A C:\Users\Yaseen Razeq\Documents\Annotated Bib.docx
2012-02-21 22:22 - 2012-02-21 22:10 - 0014113 ____A C:\Users\Yaseen Razeq\Documents\Paper Proposal.docx
2012-02-21 19:22 - 2012-02-21 19:22 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (5).rtf
2012-02-21 19:20 - 2012-02-21 19:20 - 0015214 ____A C:\Users\Yaseen Razeq\Downloads\Research Paper Proposal (1).docx
2012-02-21 19:19 - 2012-02-21 19:19 - 0017621 ____A C:\Users\Yaseen Razeq\Downloads\RESEARCH PAPER REQUIREMENTS.docx
2012-02-21 19:19 - 2012-02-21 19:19 - 0014891 ____A C:\Users\Yaseen Razeq\Downloads\taking a stance worksheet.docx
2012-02-21 19:19 - 2012-02-21 19:19 - 0014891 ____A C:\Users\Yaseen Razeq\Downloads\taking a stance worksheet (1).docx
2012-02-21 19:02 - 2012-02-21 18:43 - 0034816 ____A C:\Users\Yaseen Razeq\Desktop\Budegt Homework 1 (1).doc
2012-02-21 18:34 - 2012-02-21 18:34 - 0050688 ____A C:\Users\Yaseen Razeq\Downloads\Budegt Homework 1 (1).doc
2012-02-21 18:03 - 2012-02-21 18:03 - 0050688 ____A C:\Users\Yaseen Razeq\Downloads\Budegt Homework 1.doc
2012-02-20 19:55 - 2012-02-20 19:55 - 0558595 ____A C:\Users\Yaseen Razeq\Desktop\Ivone.png
2012-02-19 19:09 - 2012-02-19 18:41 - 0022264 ____A C:\Users\Yaseen Razeq\Documents\Taking a Stance Final.docx
2012-02-19 19:06 - 2012-02-19 19:01 - 0014587 ____A C:\Users\Yaseen Razeq\Documents\Works Cited Taking a Stance1.docx
2012-02-19 19:00 - 2012-02-19 19:00 - 0016038 ____A C:\Users\Yaseen Razeq\Downloads\Taking a Stance Prompt (1).docx
2012-02-19 18:59 - 2012-02-19 18:59 - 0012483 ____A C:\Users\Yaseen Razeq\Documents\Bibliography Taking a Stance1.docx
2012-02-19 18:22 - 2012-02-14 19:01 - 0017375 ____A C:\Users\Yaseen Razeq\Documents\Taking a Stance RD.docx
2012-02-19 15:42 - 2012-02-19 15:42 - 0282072 ____A C:\Windows\Minidump\021912-21793-01.dmp
2012-02-19 01:20 - 2012-02-19 01:20 - 0282072 ____A C:\Windows\Minidump\021912-25022-01.dmp
2012-02-18 19:59 - 2012-02-18 19:59 - 0282072 ____A C:\Windows\Minidump\021812-22713-01.dmp
2012-02-18 12:46 - 2012-02-04 19:15 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-02-18 12:46 - 2012-02-04 19:06 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-02-17 23:20 - 2012-02-17 23:20 - 0282072 ____A C:\Windows\Minidump\021812-21824-01.dmp
2012-02-16 23:19 - 2012-02-04 19:06 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-02-16 20:57 - 2011-11-21 14:00 - 0000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-02-16 12:42 - 2012-02-16 12:42 - 5524198 ____A C:\Users\Yaseen Razeq\Downloads\Avicii playing Michael Woods -- Drop Zone (Avicii Remix) @ Las Vegas EDC 26-6-11.mp3
2012-02-16 12:41 - 2012-02-16 12:41 - 3969390 ____A C:\Users\Yaseen Razeq\Downloads\Avicii - Levels (Cazzette NYC Mode Mix) [LE7ELS] - AT NIGHT MANAGEMENT.mp3
2012-02-16 12:40 - 2012-02-16 12:40 - 4925263 ____A C:\Users\Yaseen Razeq\Downloads\Avicii - Level Two (HQ).mp3
2012-02-16 12:40 - 2012-02-16 12:40 - 4804472 ____A C:\Users\Yaseen Razeq\Downloads\Skrillex - Wind Blows AAR.mp3
2012-02-16 12:39 - 2012-02-16 12:39 - 14877631 ____A C:\Users\Yaseen Razeq\Downloads\Dirty South - Walking Alone (Magnus & Timon Remix).mp3
2012-02-15 19:17 - 2012-02-15 19:17 - 0282072 ____A C:\Windows\Minidump\021512-21325-01.dmp
2012-02-14 22:27 - 2012-03-13 11:50 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 11:50 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 21:29 - 2012-02-12 22:38 - 0060411 ____A C:\Users\Yaseen Razeq\Documents\Benefits of Legalizing Marijuana.pptx
2012-02-14 20:47 - 2012-03-13 11:50 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 11:50 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 19:57 - 2012-02-14 19:06 - 0017744 ____A C:\Users\Yaseen Razeq\Documents\Bibliography Taking a Stance.docx
2012-02-14 18:48 - 2012-02-14 18:48 - 2276937 ____A C:\Users\Yaseen Razeq\Downloads\Skrillex - My Good Bye (SkrillexMothership Exclusive).mp3
2012-02-14 16:50 - 2012-02-14 16:50 - 0129536 ____A C:\Users\Yaseen Razeq\Downloads\Mandatory Career Extra Credit Assignment.doc
2012-02-14 16:50 - 2012-02-14 16:50 - 0020572 ____A C:\Users\Yaseen Razeq\Downloads\8 Week Time Management Assignment.docx
2012-02-13 12:51 - 2011-11-16 17:23 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\ElevatedDiagnostics
2012-02-12 21:57 - 2012-02-12 21:57 - 0016038 ____A C:\Users\Yaseen Razeq\Downloads\Taking a Stance Prompt.docx
2012-02-12 20:36 - 2012-02-12 20:36 - 0282072 ____A C:\Windows\Minidump\021212-26426-01.dmp
2012-02-12 06:55 - 2012-02-12 06:55 - 0000000 ____D C:\Users\All Users\ATI
2012-02-12 06:55 - 2012-02-12 06:55 - 0000000 ____D C:\ProgramData\ATI
2012-02-12 06:54 - 2012-02-12 06:54 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-02-12 06:54 - 2011-11-20 14:42 - 0000000 ____D C:\Program Files\ATI Technologies
2012-02-12 06:51 - 2012-02-12 06:51 - 0000000 ____D C:\AMD
2012-02-09 22:18 - 2012-03-13 11:50 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 11:50 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 11:50 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 11:50 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 11:50 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 11:50 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 11:50 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 11:50 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 11:50 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 11:50 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-08 22:27 - 2012-02-08 22:27 - 1274150 ____A C:\Users\Yaseen Razeq\Downloads\LOLReplay-0.7.6.4.exe
2012-02-08 22:27 - 2012-02-08 22:27 - 0001995 ____A C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk
2012-02-08 22:27 - 2012-02-08 22:27 - 0001903 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
2012-02-08 22:27 - 2012-02-08 22:27 - 0000000 ____D C:\Program Files (x86)\LOLReplay
2012-02-08 19:03 - 2012-02-08 19:03 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Roaming\Mozilla
2012-02-07 20:57 - 2012-02-07 20:57 - 0275904 ____A C:\Users\Yaseen Razeq\Desktop\insgnificant.jpg
2012-02-07 19:44 - 2012-02-07 17:35 - 0015564 ____A C:\Users\Yaseen Razeq\Documents\Compare Contrast.docx
2012-02-07 17:45 - 2012-02-07 17:44 - 0013273 ____A C:\Users\Yaseen Razeq\Documents\Works Cited compare contrast.docx
2012-02-07 15:37 - 2012-02-07 15:37 - 4872886 ____A C:\Users\Yaseen Razeq\Downloads\Rafael Frost Red Ferry Corsten Remix.mp3
2012-02-07 15:34 - 2012-02-07 15:34 - 12011698 ____A C:\Users\Yaseen Razeq\Downloads\Jack_Holiday_and_Mike_Candys_-_Children_(Original_Higher_Level_Mix)(www.ckmp3.com).mp3
2012-02-07 15:29 - 2012-02-07 15:29 - 0038707 ____A C:\Users\Yaseen Razeq\Downloads\comp and cont.rtf
2012-02-07 13:42 - 2012-02-07 13:42 - 0282072 ____A C:\Windows\Minidump\020712-21231-01.dmp
2012-02-05 19:32 - 2012-02-05 19:32 - 0013583 ____A C:\Users\Yaseen Razeq\Downloads\Compare Contrast writing prompt (1).docx
2012-02-05 18:02 - 2012-02-05 18:02 - 0282072 ____A C:\Windows\Minidump\020512-26800-01.dmp
2012-02-04 19:30 - 2012-02-04 19:30 - 0001162 ____A C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
2012-02-04 19:30 - 2012-02-04 19:30 - 0001128 ____A C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
2012-02-04 19:30 - 2012-02-04 19:30 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\GamersFirst LIVE!
2012-02-04 19:30 - 2012-02-04 19:30 - 0000000 ____D C:\Program Files (x86)\GamersFirst
2012-02-04 19:30 - 2012-02-04 19:29 - 14988064 ____A (GamersFirst) C:\Users\Yaseen Razeq\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2012-02-04 19:15 - 2012-02-04 19:15 - 0000000 ____D C:\Users\Yaseen Razeq\AppData\Local\PunkBuster
2012-02-04 19:06 - 2012-02-04 19:06 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-02-04 19:06 - 2011-11-12 11:10 - 0074607 ____A C:\Windows\DirectX.log
2012-02-04 19:05 - 2012-02-04 19:05 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-02-04 15:50 - 2012-02-04 15:50 - 0282072 ____A C:\Windows\Minidump\020412-22448-01.dmp
2012-02-02 23:26 - 2012-02-02 23:26 - 7357458 ____A C:\Users\Yaseen Razeq\Downloads\Sick+Bubblegum+(Skrillex+Remix).mp3
2012-02-02 20:16 - 2012-03-13 11:50 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 10:46 - 2012-02-02 10:46 - 5264645 ____A C:\Users\Yaseen Razeq\Downloads\Robbie Rivera - Roxy (David Jones & Robbie Rivera Remix).mp3
2012-02-02 10:44 - 2012-02-02 10:44 - 7328946 ____A C:\Users\Yaseen Razeq\Downloads\Swanky Tunes, Matisse & Sadko - The Legend [Full Version].mp3
2012-02-02 10:44 - 2012-02-02 10:44 - 5290559 ____A C:\Users\Yaseen Razeq\Downloads\Robbie Rivera - Roxy (David Jones & Robbie Rivera Remix) [1080p DL Link].mp3
2012-02-02 10:17 - 2012-02-02 10:17 - 4454459 ____A C:\Users\Yaseen Razeq\Downloads\CunninLynguists - Enemies With Benefits featuring Tonedeff.mp3
2012-02-02 08:54 - 2012-02-02 08:53 - 7633941 ____A C:\Users\Yaseen Razeq\Downloads\Scary Monsters & Nice Sprites (COOP3R COV3R).mp3
2012-02-01 04:20 - 2009-07-13 21:08 - 0032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-31 10:04 - 2012-01-31 10:03 - 7019889 ____A C:\Users\Yaseen Razeq\Downloads\Rafael Frost- Smash (Original Mix).mp3
2012-01-30 17:25 - 2012-01-30 17:24 - 15994322 ____A C:\Users\Yaseen Razeq\Downloads\Axwell & Sebastian Ingrosso feat. Michael Feiner Together (Thand Remix).mp3
2012-01-30 17:24 - 2012-01-30 17:24 - 16397972 ____A C:\Users\Yaseen Razeq\Downloads\83a501 In My Mind feat. Georgi Kay (Axwell Mix).mp3
2012-01-30 08:04 - 2012-01-29 17:32 - 0494454 ____A C:\Users\Yaseen Razeq\Documents\HvB.pptx
2012-01-29 20:19 - 2012-01-29 20:18 - 3305909 ____A C:\Users\Yaseen Razeq\Downloads\If I Was You (OMG) Far East Movement with Lyrics.mp3
2012-01-29 16:18 - 2012-01-29 16:05 - 0014525 ____A C:\Users\Yaseen Razeq\Documents\Interview Essay.docx
2012-01-29 12:41 - 2012-01-29 12:41 - 0136668 ____A C:\Users\Yaseen Razeq\Documents\Scientology vs.pptx
2012-01-28 17:41 - 2012-01-28 17:40 - 3386992 ____A C:\Users\Yaseen Razeq\Downloads\Breathe Carolina - Blackout Lyric Video.mp3
2012-01-28 17:40 - 2012-01-28 17:40 - 3376724 ____A C:\Users\Yaseen Razeq\Downloads\Breathe Carolina - Blackout Lyric Video (1).mp3
2012-01-28 17:38 - 2012-01-28 17:38 - 0282072 ____A C:\Windows\Minidump\012812-22713-01.dmp
2012-01-28 01:16 - 2012-01-28 01:16 - 4329904 ____A C:\Users\Yaseen Razeq\Downloads\Richard Marx - Right Here Waiting For You.mp3
2012-01-28 01:11 - 2012-01-28 01:11 - 3830436 ____A C:\Users\Yaseen Razeq\Downloads\Yiruma - River Flows in You.mp3
2012-01-27 17:24 - 2012-01-27 17:24 - 0282072 ____A C:\Windows\Minidump\012712-20592-01.dmp
2012-01-27 15:31 - 2012-01-27 15:31 - 4196153 ____A C:\Users\Yaseen Razeq\Downloads\Deadmau5- Get in the Cart Pig HQ.mp3
2012-01-27 15:30 - 2012-01-27 15:30 - 3668459 ____A C:\Users\Yaseen Razeq\Downloads\Fall (Remixed By M83 Vs Big Black Delta) - Daft Punk.mp3
2012-01-27 13:57 - 2012-01-27 13:57 - 0944051 ____A C:\Users\Yaseen Razeq\Desktop\1280x1024.jpg
2012-01-27 00:39 - 2012-01-27 00:36 - 7218288 ____A C:\Users\Yaseen Razeq\Downloads\Rafael Frost - If Only.mp3
2012-01-26 20:46 - 2012-01-26 20:45 - 4496124 ____A C:\Users\Yaseen Razeq\Downloads\Safe House - Trailer Music_Song [Jay-Z & Kanye West Ft. Frank Ocean - No Church In The Wild].mp3
2012-01-26 20:43 - 2012-01-26 20:43 - 0000000 ____D C:\Users\Yaseen Razeq\Desktop\Driver.Genius.Pro.v11.0.0.1112.by.tano1221
2012-01-26 20:42 - 2012-01-26 20:42 - 15032004 ____A C:\Users\Yaseen Razeq\Downloads\Driver.Genius.Pro.v11.0.0.1112.by.tano1221.rar
2012-01-26 14:04 - 2012-01-26 14:04 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (4).rtf
2012-01-26 14:03 - 2012-01-26 14:03 - 0013583 ____A C:\Users\Yaseen Razeq\Downloads\Compare Contrast writing prompt.docx
2012-01-25 17:05 - 2012-01-25 17:05 - 3342676 ____A C:\Users\Yaseen Razeq\Downloads\Far Away - Tyga feat. Chris Richardson Lyrics.mp3
2012-01-24 22:27 - 2012-03-13 11:50 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 11:50 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 11:50 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 21:04 - 2012-01-24 21:04 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (3).rtf
2012-01-24 17:19 - 2012-01-24 17:19 - 6184197 ____A C:\Users\Yaseen Razeq\Downloads\Afrojack & Shermanology - Can't Stop Me (Original Mix).mp3
2012-01-24 13:09 - 2012-01-24 13:09 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (2).rtf
2012-01-23 12:27 - 2012-01-23 12:28 - 0268046 ____A C:\Users\Yaseen Razeq\Desktop\me too.png
2012-01-22 22:58 - 2012-01-22 22:51 - 5567064 ____A C:\Users\Yaseen Razeq\Downloads\Ferry Corsten-Fire(Original Mix).mp3
2012-01-22 22:15 - 2012-01-22 22:16 - 0385794 ____A C:\Users\Yaseen Razeq\Desktop\creation.jpg
2012-01-22 19:03 - 2012-01-22 14:42 - 0020051 ____A C:\Users\Yaseen Razeq\Documents\Final Personal Experience.docx
2012-01-22 15:12 - 2012-01-22 15:12 - 0026112 ____A C:\Users\Yaseen Razeq\Downloads\Recalling An Experience (2).doc
2012-01-22 15:12 - 2012-01-22 15:12 - 0026112 ____A C:\Users\Yaseen Razeq\Downloads\Recalling An Experience (1).doc
2012-01-21 22:14 - 2012-01-21 22:14 - 0282072 ____A C:\Windows\Minidump\012212-23587-01.dmp
2012-01-20 10:07 - 2012-01-20 10:07 - 0198888 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-01-18 17:52 - 2012-01-18 17:52 - 0056307 ____A C:\Users\Yaseen Razeq\Desktop\flawless.jpg
2012-01-17 19:17 - 2012-01-17 16:13 - 0019208 ____A C:\Users\Yaseen Razeq\Documents\Personal Experience.docx
2012-01-17 19:15 - 2012-01-17 19:15 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk (1).rtf
2012-01-17 19:10 - 2012-01-17 19:10 - 0077662 ____A C:\Users\Yaseen Razeq\Downloads\ENG 111-spring 8 wk.rtf
2012-01-17 16:00 - 2012-01-17 16:00 - 0026112 ____A C:\Users\Yaseen Razeq\Downloads\Recalling An Experience.doc
2012-01-17 13:57 - 2012-01-17 13:57 - 0000012 ____A C:\Users\Yaseen Razeq\Desktop\hollister.txt
2012-01-17 11:05 - 2012-01-17 11:05 - 11644237 ____A C:\Users\Yaseen Razeq\Downloads\Elements (Original Mix).mp3
2012-01-17 11:02 - 2012-01-17 11:02 - 12213291 ____A C:\Users\Yaseen Razeq\Downloads\2012 (Twenty Twelve) - Instrumental.mp3
2012-01-16 18:46 - 2012-01-16 18:46 - 0000033 ____A C:\Users\Yaseen Razeq\Downloads\RiotCode.txt
2012-01-16 02:37 - 2012-01-16 02:37 - 3187614 ____A C:\Users\Yaseen Razeq\Downloads\Train - Drive By.mp3
2012-01-15 16:46 - 2012-01-15 16:46 - 0067176 ____A C:\Users\Yaseen Razeq\Desktop\young.jpg
2012-01-14 20:14 - 2012-01-14 20:12 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\Spyro
2012-01-14 20:13 - 2012-01-14 20:13 - 0001329 ____A C:\Users\Yaseen Razeq\Desktop\Spyro.lnk
2012-01-14 20:13 - 2012-01-14 20:13 - 0000000 ____D C:\Game
2012-01-14 19:24 - 2012-01-14 19:18 - 136851446 ____A C:\Users\Yaseen Razeq\Downloads\Spyro.rar
2012-01-14 19:11 - 2012-01-14 19:11 - 0529265 ____A C:\Users\Yaseen Razeq\Downloads\epsxe170.zip
2012-01-14 19:07 - 2012-01-14 19:07 - 0286715 ____A C:\Users\Yaseen Razeq\Downloads\epsxe160.zip
2012-01-14 19:05 - 2012-01-14 19:02 - 0000000 ____D C:\Users\Yaseen Razeq\Downloads\Spyro+-+Year+of+the+Dragon+(E)+[SCES-02835]
2012-01-14 19:02 - 2012-01-14 19:00 - 411883363 ____A C:\Users\Yaseen Razeq\Downloads\Spyro+-+Year+of+the+Dragon+(E)+[SCES-02835].7z
2012-01-14 18:58 - 2012-01-14 18:58 - 3235728 ____A C:\Users\Yaseen Razeq\Desktop\One Step At A Time (Remix).mp3
2012-01-14 18:18 - 2012-01-14 18:18 - 3235617 ____A C:\Users\Yaseen Razeq\Desktop\Waiting on the World to Change.mp3
2012-01-13 00:41 - 2012-01-13 00:41 - 0090124 ____A C:\Users\Yaseen Razeq\Desktop\247516_229904793691556_100000161113646_1079962_2501540_n.jpg
2012-01-13 00:36 - 2012-01-13 00:36 - 20063869 ____A C:\Users\Yaseen Razeq\Downloads\Binaural Beats- Focus, Concentrate, Study Music - Beta and Gamma.mp3
2012-01-13 00:08 - 2012-01-13 00:06 - 160593186 ____A C:\Users\Yaseen Razeq\Downloads\1 Hour 741Hz Conscious and Intuitive Expansion Meditation Recalibrated to 432 Tuning.mp3
2012-01-13 00:05 - 2012-01-13 00:05 - 86404859 ____A C:\Users\Yaseen Razeq\Downloads\[Ultra DeepMeditation] - Binaural Beats.mp3
2012-01-13 00:02 - 2012-01-13 00:02 - 56703261 ____A C:\Users\Yaseen Razeq\Downloads\binaural beat subliminal sounds lucid dreaming.mp3
2012-01-12 23:56 - 2012-01-12 23:56 - 14404159 ____A C:\Users\Yaseen Razeq\Downloads\Pure Gamma Binaural Beat Brainwave Entrainment (Problem Solving).mp3
2012-01-12 19:43 - 2012-01-12 19:43 - 0015214 ____A C:\Users\Yaseen Razeq\Downloads\Research Paper Proposal.docx
2012-01-12 16:16 - 2012-01-12 16:16 - 5486213 ____A C:\Users\Yaseen Razeq\Downloads\Avicii & NERVO - You're Gonna Love Again (Extended Mix).mp3
2012-01-11 18:00 - 2012-01-11 18:00 - 4458642 ____A C:\Users\Yaseen Razeq\Downloads\Death Cab for Cutie - You Are A Tourist w_ Lyrics (1).mp3
2012-01-11 17:59 - 2012-01-11 17:59 - 4448371 ____A C:\Users\Yaseen Razeq\Downloads\Death Cab for Cutie - You Are A Tourist w_ Lyrics.mp3
2012-01-11 17:39 - 2012-01-11 17:37 - 3570056 ____A C:\Users\Yaseen Razeq\Downloads\Kelly Clarkson - What Doesn't Kill You (Stronger).mp3
2012-01-10 03:16 - 2012-01-10 03:15 - 15871128 ____A C:\Users\Yaseen Razeq\Downloads\M83 - Midnight City (Eric Prydz Remix) (www.house-music-exclusive.net).mp3

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 6142.18 MB
Available physical RAM: 5474.49 MB
Total Pagefile: 6140.32 MB
Available Pagefile: 5457.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:688.87 GB) (Free:438.94 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (PQSERVICE) (Fixed) (Total:9.77 GB) (Free:1.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 1900 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 31 KB
Partition 2 Primary 688 GB 9 GB
Partition 3 Primary 1904 KB 698 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D PQSERVICE NTFS Partition 9 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 688 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1899 MB 32 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1899 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 10:04

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 08 April 2012 - 08:48 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 NEOFLTR_600_13319; C:\Windows\System32\zfdwm.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\zfdwm.dll
NETSVC: NEOFLTR_600_13319


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 08 April 2012 - 10:39 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-08 23:34:59 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
NEOFLTR_600_13319 service deleted successfully.
C:\Windows\System32\zfdwm.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NEOFLTR_600_13319 Deleted successfully.

==== End of Fixlog ====

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 08 April 2012 - 10:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\system32\consrv.dll
C:\Windows\system32\zfdwm.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 cursed sasuke

cursed sasuke
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 09 April 2012 - 03:30 PM

Had no problems and it seems as though my computer is running perfectly!


ComboFix 12-04-07.02 - Yaseen Razeq 04/09/2012 16:17:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6142.4565 [GMT -4:00]
Running from: c:\users\Yaseen Razeq\Downloads\ComboFix.exe
Command switches used :: c:\users\Yaseen Razeq\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\consrv.dll"
"c:\windows\system32\zfdwm.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\programdata\TEMP
C:\setup.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 05:30 . 2012-04-09 05:31 -------- d-----w- C:\FRST
2012-04-07 20:13 . 2012-04-07 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-07 18:45 . 2012-04-07 18:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 18:38 . 2012-04-07 18:38 -------- d-----we c:\windows\system64
2012-04-07 06:39 . 2012-04-07 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 19:56 . 2012-04-07 01:34 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-04-06 19:56 . 2012-04-06 19:57 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-05 19:38 . 2012-04-05 19:38 -------- d-----w- c:\program files (x86)\Secunia
2012-04-05 18:50 . 2012-04-05 18:49 4039952 ----a-w- c:\windows\uninst.exe
2012-03-30 07:08 . 2012-03-30 07:08 -------- d-----w- c:\program files\iPod
2012-03-30 07:08 . 2012-03-30 07:09 -------- d-----w- c:\program files\iTunes
2012-03-14 22:28 . 2012-04-07 22:37 -------- d-----w- c:\windows\AutoKMS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 08:02 . 2012-03-08 08:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 08:02 . 2012-03-08 08:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 08:02 . 2012-03-08 08:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 08:02 . 2012-03-08 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 08:02 . 2012-03-08 08:02 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-08 08:02 . 2012-03-08 08:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 08:02 . 2012-03-08 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-08 08:02 . 2012-03-08 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 08:02 . 2012-03-08 08:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 08:02 . 2012-03-08 08:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 08:02 . 2012-03-08 08:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 08:02 . 2012-03-08 08:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 08:02 . 2012-03-08 08:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 08:02 . 2012-03-08 08:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 08:02 . 2012-03-08 08:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 08:02 . 2012-03-08 08:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 08:02 . 2012-03-08 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 08:02 . 2012-03-08 08:02 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 08:02 . 2012-03-08 08:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 08:02 . 2012-03-08 08:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 08:02 . 2012-03-08 08:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 08:02 . 2012-03-08 08:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 08:02 . 2012-03-08 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-08 08:02 . 2012-03-08 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-08 08:02 . 2012-03-08 08:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 08:02 . 2012-03-08 08:02 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-08 08:02 . 2012-03-08 08:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 08:02 . 2012-03-08 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 08:02 . 2012-03-08 08:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 08:02 . 2012-03-08 08:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 08:02 . 2012-03-08 08:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 08:02 . 2012-03-08 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 08:02 . 2012-03-08 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-08 08:02 . 2012-03-08 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 08:02 . 2012-03-08 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-08 08:02 . 2012-03-08 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-08 08:02 . 2012-03-08 08:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 08:02 . 2012-03-08 08:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 08:02 . 2012-03-08 08:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 08:02 . 2012-03-08 08:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 08:02 . 2012-03-08 08:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 08:02 . 2012-03-08 08:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-22 19:58 . 2011-11-13 17:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 20:46 . 2012-02-05 03:15 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-18 20:46 . 2012-02-05 03:06 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-17 07:19 . 2012-02-05 03:06 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-05 03:06 . 2012-02-05 03:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-12 09:06 . 2011-11-12 09:06 71733104 ----a-w- c:\program files\iTunes64Setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-12 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17151624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17151624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205780895-299214005-3157646644-1001Core.job
- c:\users\Yaseen Razeq\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 09:14]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205780895-299214005-3157646644-1001UA.job
- c:\users\Yaseen Razeq\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 09:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,e9,9e,45,d2,ee,64,40,87,a0,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,e9,9e,45,d2,ee,64,40,87,a0,92,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\LOLReplay\LOLRecorder.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
.
**************************************************************************
.
Completion time: 2012-04-09 16:29:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 20:29
ComboFix2.txt 2012-04-07 09:02
ComboFix3.txt 2012-04-06 09:09
.
Pre-Run: 473,904,009,216 bytes free
Post-Run: 474,327,613,440 bytes free
.
- - End Of File - - 718BB90FEF4C56EF95086F7C57B7A4DE

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:30 AM

Posted 09 April 2012 - 06:22 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users