Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK


  • This topic is locked This topic is locked
27 replies to this topic

#1 ahmadpu

ahmadpu

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 08 June 2012 - 01:04 PM

I installed Microsoft security essential and ran a full scan of the system. But I found out that my windows is attacked by Trojan:win64/Sirefef.W, Trojan:win64/Sirefef.M and Trojan:win32/Sirefef.AK. Microsoft security essentials was unable to remove them. The main issue that I have been facing since this incident is that windows can't update Firewall settings. the following message is displayed "Windows Firewall cant change some of your settings. Error code 0x80070424". Additionally, the antivirus program "Microsoft security essential" keeps on detecting the above mentioned malwares and asks to delete these files. Once deleted it asks for a reboot. After restart again these viruses are re-created and its been happening for the last couple of weeks.sea
In order to resolve this issue I searched the internet and found http://www.bleepingcomputer.com so I posted a topic regarding this issue and I have been recieving help from one of your experts. Here's the link of this topic:
http://www.bleepingcomputer.com/forums/topic455970.html/page__gopid__2721298#entry2721298

Now that problem persists, I have been asked for the elevated help and to post a new topic here. I am glad to know that your team is so dedicated for our help.

As I am using 64-bit version of windows so only DDS logs were created. DDS.txt logs are given below and attach.txt is been attached as well....

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ahmad at 22:22:55 on 2012-06-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2368 [GMT 5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ergative.com/
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 10.0.0.20:80
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\Ahmad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 4.2.2.4
TCP: Interfaces\{0E48238E-9059-4F85-8064-49AB379EEDA2} : NameServer = 8.8.8.8
TCP: Interfaces\{E5A78904-02E3-4684-9E43-99D11D6675DB} : DhcpNameServer = 8.8.8.8 4.2.2.4
TCP: Interfaces\{E5A78904-02E3-4684-9E43-99D11D6675DB}\7516475656E6 : DhcpNameServer = 10.16.6.11 10.16.128.4
TCP: Interfaces\{E5A78904-02E3-4684-9E43-99D11D6675DB}\A54554 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E5A78904-02E3-4684-9E43-99D11D6675DB}\B40284025502250225021402D4 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{E5A78904-02E3-4684-9E43-99D11D6675DB}\D4F62696C697F52427F616462616E646 : DhcpNameServer = 86.51.34.24 86.51.35.24
TCP: Interfaces\{E5A78904-02E3-4684-9E43-99D11D6675DB}\D61686D6F6F646 : DhcpNameServer = 192.168.137.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-X64: Updater For Spam Free Search Bar - No File
BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO-X64: Spam Free Search Bar - No File
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pk/
FF - prefs.js: network.proxy.ftp - 10.0.0.20
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.0.0.20
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.0.0.20
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ahmad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ahmad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Ahmad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ahmad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100994
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 12c9c3990000000000000aa3c4e05352
FF - user.js: extensions.BabylonToolbar_i.hardId - 12c9c3990000000000000aa3c4e05352
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:24:45
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-6 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-3-2 266680]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-27 2027840]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-3 2656280]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\drivers\QIOMem.sys --> C:\Windows\system32\drivers\QIOMem.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-3 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-7-8 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 slkxyppv;slkxyppv;\??\C:\Windows\system32\drivers\slkxyppv.sys --> C:\Windows\system32\drivers\slkxyppv.sys [?]
S1 wqyktydq;wqyktydq;\??\C:\Windows\system32\drivers\wqyktydq.sys --> C:\Windows\system32\drivers\wqyktydq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTSUVSTOR.sys --> C:\Windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown cgdemfaq;cgdemfaq; [x]
SUnknown glkjfehl;glkjfehl; [x]
SUnknown hditxenf;hditxenf; [x]
SUnknown jidqfdac;jidqfdac; [x]
.
=============== Created Last 30 ================
.
2012-06-08 17:24:17 50000 ----a-w- C:\Windows\System32\drivers\qgqrvaao.sys
2012-06-08 17:23:58 50000 ----a-w- C:\Windows\System32\drivers\xcepjbeq.sys
2012-06-08 17:16:48 50000 ----a-w- C:\Windows\System32\drivers\slkxyppv.sys
2012-06-08 17:16:30 50000 ----a-w- C:\Windows\System32\drivers\wqyktydq.sys
2012-06-08 17:15:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DAE09B29-55FB-46CC-B40B-F692AC429E04}\offreg.dll
2012-06-08 12:06:53 5120 ------w- C:\Windows\SysWow64\chkvdisk.exe
2012-06-08 12:06:53 107632 ------w- C:\Windows\System32\drivers\Shield.sys
2012-06-08 12:06:30 -------- d-----w- C:\Windows\SysWow64\configfix
2012-06-08 12:05:59 -------- d-----w- C:\Program Files (x86)\Shield
2012-06-07 22:16:40 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DAE09B29-55FB-46CC-B40B-F692AC429E04}\mpengine.dll
2012-06-07 16:36:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-06 18:10:10 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 13:00:10 -------- d-----w- C:\Users\Ahmad\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 12:59:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-06 12:59:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-05 20:40:18 -------- d-----w- C:\Users\Ahmad\AppData\Roaming\Malwarebytes
2012-06-05 20:40:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-05 20:40:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-05 20:40:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 16:51:26 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CBAADBB-4759-4EF8-9F6D-B335955C7AD8}\gapaengine.dll
2012-06-05 16:41:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-05 16:41:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-04 18:51:49 81984 ----a-w- C:\Windows\System32\bdod.bin
2012-06-04 17:54:01 -------- d-----w- C:\Users\Ahmad\AppData\Roaming\BitDefender
2012-06-04 17:53:45 -------- d-----w- C:\ProgramData\BitDefender
2012-06-04 17:53:45 -------- d-----w- C:\Program Files\Common Files\BitDefender
2012-06-04 17:53:45 -------- d-----w- C:\Program Files\BitDefender
2012-06-04 17:43:57 -------- d-----w- C:\Program Files (x86)\Common Files\BitDefender
2012-06-01 20:35:59 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2012-06-01 20:35:46 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-01 19:41:58 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-05-31 21:20:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-30 19:20:32 -------- d-----w- C:\Users\Ahmad\AppData\Local\tango
2012-05-30 18:41:33 -------- d-----w- C:\Users\Ahmad\AppData\Local\{FA5AAEC4-551A-4F57-9B2A-422AF72599DF}
2012-05-30 18:41:13 -------- d-----w- C:\Users\Ahmad\AppData\Local\{0256E61C-AECD-4366-BA83-829A126CB5A8}
2012-05-30 06:20:05 -------- d-----w- C:\Users\Ahmad\AppData\Local\{2B7E3ADF-C86D-43F2-BCD7-89DAAE48FA52}
2012-05-30 06:19:42 -------- d-----w- C:\Users\Ahmad\AppData\Local\{8BD46DD5-56C8-4AC0-A27F-4B8CF15490F6}
2012-05-29 18:14:22 -------- d-----w- C:\Users\Ahmad\AppData\Local\{9B991D10-D6CD-44A5-9FEB-B8E8C9E2B2EA}
2012-05-29 18:13:59 -------- d-----w- C:\Users\Ahmad\AppData\Local\{96351AAC-5633-47BB-A128-ABD0C8CF6BEC}
2012-05-29 17:09:58 -------- d-----w- C:\Users\Ahmad\AppData\Local\{3D56F2E0-D2F4-43C9-AFAB-F0044B639B78}
2012-05-28 23:19:50 -------- d-----w- C:\Users\Ahmad\AppData\Local\{575673B6-91B1-46C9-AD37-3261053D4A92}
2012-05-28 23:18:11 -------- d-----w- C:\Users\Ahmad\AppData\Local\{A115B651-CAC2-47A6-9075-77913913806F}
2012-05-28 17:56:49 -------- d-----w- C:\Program Files (x86)\Google Books Downloader
2012-05-27 23:59:16 -------- d-----w- C:\Users\Ahmad\AppData\Local\{F83D48A5-31D2-4C8D-812C-4217E76A426B}
2012-05-27 21:06:27 13800 ----a-w- C:\Windows\System32\drivers\ssadwh.sys
2012-05-27 21:06:27 13288 ----a-w- C:\Windows\System32\drivers\ssadcm.sys
2012-05-27 21:05:13 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-05-27 20:30:13 -------- d-----w- C:\Program Files\SAMSUNG
2012-05-27 10:23:30 -------- d-----w- C:\Users\Ahmad\AppData\Local\{157683B7-DFF7-4D86-94F0-C4F5762CA031}
2012-05-27 10:23:17 -------- d-----w- C:\Users\Ahmad\AppData\Local\{B41334FF-682A-4CD8-AAC2-5E7288695488}
2012-05-27 07:13:20 -------- d-----w- C:\Users\Ahmad\AppData\Local\{9B592670-D139-4E8A-9FA6-D166C37AF093}
2012-05-26 11:46:56 -------- d-----w- C:\Users\Ahmad\AppData\Local\{E3694000-D0D9-41F3-89E5-9DE04880ECFF}
2012-05-26 11:46:43 -------- d-----w- C:\Users\Ahmad\AppData\Local\{918E2F09-066C-4B4E-AB18-F8E7329A8A91}
2012-05-25 17:00:48 -------- d-----w- C:\Users\Ahmad\AppData\Local\{DBC51AF1-21CF-47A4-9C3D-3CD135343FB7}
2012-05-25 17:00:32 -------- d-----w- C:\Users\Ahmad\AppData\Local\{F2266A29-E38D-4FE3-964C-DC6A0DCC1ABA}
2012-05-25 12:40:23 -------- d-----w- C:\Users\Ahmad\AppData\Local\{72D3345A-2F2C-4C92-ACB1-7B736F71FF20}
2012-05-25 10:20:33 -------- d-----w- C:\Users\Ahmad\AppData\Local\{5083EFA5-6B5C-4CB0-8304-09C71CBE50D1}
2012-05-24 23:17:46 -------- d-----w- C:\Users\Ahmad\AppData\Local\{E4A547D8-F0A3-4252-8A69-78E6F502D924}
2012-05-24 09:31:42 -------- d-----w- C:\Users\Ahmad\AppData\Local\{CE61EBE8-6C56-4E64-A7FC-626A66970BCB}
2012-05-24 07:33:59 -------- d-----w- C:\Users\Ahmad\AppData\Local\{1F5755B7-281F-49EE-8787-7B633A143ABD}
2012-05-24 07:32:49 -------- d-----w- C:\Users\Ahmad\AppData\Local\{46546268-E89F-4915-BC9E-04CE12F1E4BF}
2012-05-23 17:52:11 -------- d-----w- C:\Users\Ahmad\AppData\Local\{DCEA130A-6A3F-4260-AD77-7F9593269667}
2012-05-23 10:08:44 -------- d-----w- C:\Users\Ahmad\AppData\Local\{EF22ACFA-E372-4C31-8B03-1F2987BD68A6}
2012-05-22 12:13:42 -------- d-----w- C:\Users\Ahmad\AppData\Local\{4F3EE8E3-3075-4C09-B651-088F2D8B17F3}
2012-05-22 12:13:30 -------- d-----w- C:\Users\Ahmad\AppData\Local\{0B615593-2765-422E-A61F-DD7B26642B47}
2012-05-22 11:10:31 -------- d-----w- C:\Users\Ahmad\AppData\Local\{D73FCE79-3BB0-47CC-BCE6-C54D37C4E294}
2012-05-21 20:24:53 -------- d-----w- C:\Users\Ahmad\AppData\Local\{A6C3533B-797A-428F-AAB2-650BBCB790C0}
2012-05-21 20:24:40 -------- d-----w- C:\Users\Ahmad\AppData\Local\{3A784C77-47C8-4B51-8727-FCA5302FD78F}
2012-05-21 20:20:59 -------- d-----w- C:\Windows\en
2012-05-21 20:19:35 -------- d-----w- C:\Windows\ar
2012-05-21 20:19:32 -------- d-----w- C:\Windows\fr
2012-05-21 20:19:27 -------- d-----w- C:\Windows\tr
2012-05-21 20:15:33 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-05-21 19:48:41 -------- d-----w- C:\Users\Ahmad\AppData\Local\{B60295BA-2E94-4885-8F24-469D0ED3AE61}
2012-05-21 19:48:29 -------- d-----w- C:\Users\Ahmad\AppData\Local\{8D85EFC4-1A23-4A34-9B61-88DACCC9F3E0}
2012-05-21 17:42:38 -------- d-----w- C:\Users\Ahmad\AppData\Local\{3BF0F7F1-CA50-48CC-A603-8DDC500AFEFC}
2012-05-21 17:42:25 -------- d-----w- C:\Users\Ahmad\AppData\Local\{A54DF82D-4E0C-47BE-8DEA-A215F7587766}
2012-05-21 17:37:20 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\DSETUP.dll
2012-05-21 17:37:20 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\DXSETUP.exe
2012-05-21 17:37:20 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\dsetup32.dll
2012-05-21 17:37:20 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5fd43ff11cd377802\MeshBetaRemover.exe
2012-05-21 17:36:23 -------- d-----w- C:\Users\Ahmad\AppData\Local\{F275F29A-D69B-4C65-9022-6A8F779C5C4B}
2012-05-21 17:36:05 -------- d-----w- C:\Users\Ahmad\AppData\Local\{3B0D070E-D978-4D13-AC2B-CD9786AAC481}
2012-05-21 17:28:04 -------- d-----w- C:\Users\Ahmad\AppData\Local\{0F75DFBF-397F-4DE8-A69B-D1336124C60A}
2012-05-21 17:27:51 -------- d-----w- C:\Users\Ahmad\AppData\Local\{4127F0F5-AFBD-4259-A428-1ACF910A2EB1}
2012-05-21 14:59:08 -------- d-----w- C:\Users\Ahmad\AppData\Local\{5C3CCCA3-7997-4284-94BE-77E50EBCD4A2}
2012-05-21 13:02:30 -------- d-----w- C:\Users\Ahmad\AppData\Local\{86F98C2D-DBFA-49BC-8D57-11B6384F3D4F}
2012-05-21 13:02:18 -------- d-----w- C:\Users\Ahmad\AppData\Local\{9EA2C08F-CE57-4620-BFAA-72F747C81306}
2012-05-21 10:10:59 -------- d-----w- C:\Users\Ahmad\AppData\Local\{6DDAE96D-15D6-4C27-97FD-C2AFD2E087B0}
2012-05-20 09:39:27 -------- d-----w- C:\Users\Ahmad\AppData\Local\{FAFD9F33-9851-4027-B737-94988036AAB7}
2012-05-20 09:39:14 -------- d-----w- C:\Users\Ahmad\AppData\Local\{CA696DD8-E780-45EF-BA7F-72B013C26D2E}
2012-05-19 19:01:16 -------- d-----w- C:\Program Files (x86)\SopCast
2012-05-19 18:37:21 -------- d-----w- C:\Users\Ahmad\AppData\Local\{38197482-38F2-447D-91E8-0B0792B1F1BB}
2012-05-19 18:37:07 -------- d-----w- C:\Users\Ahmad\AppData\Local\{EAD5A7E0-4B41-4AA1-B6EB-A641B1F6CF6A}
2012-05-19 15:19:56 -------- d-----w- C:\Users\Ahmad\AppData\Local\{09E0BD91-DEC2-4133-9915-A5EF4D9F7D61}
2012-05-19 13:09:38 -------- d-----w- C:\Users\Ahmad\AppData\Local\{2BB90B8E-DCAF-4CC8-ACE6-AAB984313A13}
2012-05-18 17:57:52 -------- d-----w- C:\Users\Ahmad\AppData\Local\{4EAA8B4A-2203-4771-9B0C-2447223F98A1}
2012-05-18 17:57:39 -------- d-----w- C:\Users\Ahmad\AppData\Local\{27739177-5FAA-4B29-AF5B-A1D74A9D6270}
2012-05-17 19:03:46 -------- d-----w- C:\Users\Ahmad\AppData\Local\{713BCD11-064F-44BF-9737-F9C2E47D1A77}
2012-05-17 19:03:33 -------- d-----w- C:\Users\Ahmad\AppData\Local\{0075E1E0-9EDD-41FD-A62B-1A216891E96F}
2012-05-17 17:27:55 -------- d-----w- C:\Users\Ahmad\AppData\Local\{8B06194C-969F-4E02-903D-5EB2ED2B9AFB}
2012-05-17 17:27:41 -------- d-----w- C:\Users\Ahmad\AppData\Local\{1CCA061D-5ED1-47E5-8FE9-3910057E325C}
2012-05-17 13:41:08 -------- d-----w- C:\Users\Ahmad\AppData\Local\{D3FB5B3A-04DD-4D80-A60D-5FDB9AECFEF2}
2012-05-17 13:40:55 -------- d-----w- C:\Users\Ahmad\AppData\Local\{B53BBFF1-1320-41D3-BCB4-9F479C6173E5}
2012-05-17 13:17:56 -------- d-----w- C:\Users\Ahmad\AppData\Local\{88AE7C2B-16FE-4F7D-8E7D-5AD095665EF3}
2012-05-17 13:17:35 -------- d-----w- C:\Users\Ahmad\AppData\Local\{12913D1F-BEC1-4411-A189-FEA2482B268D}
2012-05-17 13:08:25 -------- d-----w- C:\Users\Ahmad\AppData\Local\{F92D119E-0C2D-4D9A-8149-550C5B4066E6}
2012-05-17 13:08:12 -------- d-----w- C:\Users\Ahmad\AppData\Local\{FAA6F11E-9EAE-4234-B774-0EA295CD3955}
2012-05-17 12:45:58 -------- d-----w- C:\Users\Ahmad\AppData\Local\{8262268E-480C-4FA6-AE7A-15937F44F016}
2012-05-17 12:45:46 -------- d-----w- C:\Users\Ahmad\AppData\Local\{0B180ED5-7873-4A93-AC84-1990E6A686D0}
2012-05-16 16:23:52 -------- d-----w- C:\Users\Ahmad\AppData\Local\{1359D708-308B-4232-87C1-A92B1BED56D3}
2012-05-16 15:27:01 -------- d-----w- C:\Users\Ahmad\AppData\Local\{59496808-6B21-4BD0-95AD-6381AE967619}
2012-05-16 07:57:11 -------- d-----w- C:\Users\Ahmad\AppData\Local\{72A23814-4A50-4859-8182-9B7AC83E2629}
2012-05-16 00:46:46 -------- d-----w- C:\Users\Ahmad\AppData\Local\{B9A26233-1DCA-4075-A2C4-277D04FFE359}
2012-05-16 00:46:34 -------- d-----w- C:\Users\Ahmad\AppData\Local\{E7A8A90A-9A43-4A62-9D03-C13E7BF68DA8}
2012-05-16 00:02:50 -------- d-----w- C:\Users\Ahmad\AppData\Local\{493CBC0C-C175-44F9-9F1E-328A230150A8}
2012-05-16 00:01:49 -------- d-----w- C:\Users\Ahmad\AppData\Local\{45918773-CF55-43CC-8017-32B7AD7E4CB5}
2012-05-15 23:11:48 -------- d-----w- C:\Users\Ahmad\AppData\Local\{E55E07BA-6B19-42A5-B372-C3AF79BA80B0}
2012-05-15 23:11:28 -------- d-----w- C:\Users\Ahmad\AppData\Local\{22C0B399-077A-42B4-ABFF-F3C6E48DECBC}
2012-05-15 22:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-15 22:20:49 -------- d-----w- C:\Program Files\DivX
2012-05-15 22:13:06 -------- d-----w- C:\Program Files (x86)\DivX
2012-05-15 21:49:22 -------- d-----w- C:\ProgramData\DivX
2012-05-15 19:53:41 -------- d-----w- C:\Users\Ahmad\AppData\Local\{C770F101-B919-41E6-B172-6D8A337AFABA}
2012-05-15 19:53:29 -------- d-----w- C:\Users\Ahmad\AppData\Local\{79A1FA1E-4ED6-4790-87D9-53FE2528623C}
2012-05-15 17:13:01 -------- d-----w- C:\Users\Ahmad\AppData\Local\{F4BF143E-56FD-4018-8B8B-C4FF6672CECE}
2012-05-15 17:10:31 -------- d-----w- C:\Users\Ahmad\AppData\Local\{9B273528-B42F-4BAC-BB17-96842ABC1FD7}
2012-05-15 09:37:18 -------- d-----w- C:\Users\Ahmad\AppData\Local\{66D77951-F650-4645-B3A0-F4E60B637BAC}
2012-05-15 09:37:05 -------- d-----w- C:\Users\Ahmad\AppData\Local\{0AC74E8A-BEA5-457E-A321-CB15CFB5226D}
2012-05-15 07:16:53 -------- d-----w- C:\Users\Ahmad\AppData\Local\{AB08B110-5E85-4758-BFF8-AFE480C2FD6A}
2012-05-15 07:16:36 -------- d-----w- C:\Users\Ahmad\AppData\Local\{EF4A8132-8BAE-4269-A817-0D6C186E327B}
2012-05-14 15:49:38 -------- d-----w- C:\Users\Ahmad\AppData\Local\{B2BAA3F2-D86B-4A90-822E-76C35FC5F6C1}
2012-05-14 15:08:51 -------- d-----w- C:\Users\Ahmad\AppData\Local\{34C23B66-8732-4CBD-B041-172A7FAA9393}
2012-05-14 15:08:38 -------- d-----w- C:\Users\Ahmad\AppData\Local\{2134A3EA-7BE0-4FBB-BC8B-FB4DB20AC1F2}
2012-05-14 13:24:59 -------- d-----w- C:\Users\Ahmad\AppData\Local\{B9122488-DFF5-4369-8747-345242A25993}
2012-05-14 13:24:45 -------- d-----w- C:\Users\Ahmad\AppData\Local\{09F91A1A-A0B3-4E35-BDAC-AF16FDAAF5E1}
2012-05-14 11:47:22 -------- d-----w- C:\Users\Ahmad\AppData\Local\{66F0C41B-FE90-4239-BCE9-1EACA4CC90D1}
2012-05-14 11:31:41 -------- d-----w- C:\Users\Ahmad\AppData\Local\{D4D2C820-C6FE-4708-AD3F-FD937B64BD4D}
2012-05-14 11:31:28 -------- d-----w- C:\Users\Ahmad\AppData\Local\{E7C0FBAD-4A9E-4893-844A-BA6592E0D232}
2012-05-13 23:07:30 -------- d-----w- C:\Users\Ahmad\AppData\Local\{C2CDA5A1-49B6-4D37-88A4-78B69475C64D}
2012-05-13 23:07:15 -------- d-----w- C:\Users\Ahmad\AppData\Local\{56B17AA1-550B-47F5-904B-90813F7E585B}
2012-05-13 12:43:28 -------- d-----w- C:\Users\Ahmad\AppData\Local\{2C633810-BF52-481D-AF2B-FB8D0D5D66C0}
2012-05-13 11:46:01 -------- d-----w- C:\Users\Ahmad\AppData\Local\{68E070B2-CDDE-45AA-B01C-F28A1C5B4514}
2012-05-13 10:25:33 -------- d-----w- C:\Users\Ahmad\AppData\Local\{CE7EDE99-497D-4EBB-80DB-1A180560A8CC}
2012-05-12 21:22:28 -------- d-----w- C:\Users\Ahmad\AppData\Local\{7B3A19B4-D368-4F68-BBE1-A73BF3C303EC}
2012-05-12 16:31:43 -------- d-----w- C:\Users\Ahmad\AppData\Local\{01F0717F-B6F4-4A28-94E9-086F6E779A12}
2012-05-12 16:31:26 -------- d-----w- C:\Users\Ahmad\AppData\Local\{5A31FBC5-A955-4B08-8DF8-264D4CDD5C01}
2012-05-12 01:29:49 -------- d-----w- C:\Users\Ahmad\AppData\Local\{6E5196ED-070C-44A1-A7C0-D05285E002B4}
2012-05-12 00:19:24 -------- d-----w- C:\Users\Ahmad\AppData\Local\{DAB82794-D0E8-4BB6-8F19-0D5C26785998}
2012-05-11 22:03:40 -------- d-----w- C:\Users\Ahmad\AppData\Local\{BEA77EC5-AE15-4F1E-9A67-60DA4B97BA50}
2012-05-11 19:21:45 -------- d-----w- C:\Users\Ahmad\AppData\Local\{BAA742C1-E6BB-4B0E-9ECE-6C815AD6A438}
2012-05-11 16:20:24 -------- d-----w- C:\Users\Ahmad\AppData\Local\{7DC2F8A7-10F5-4103-819B-6F51DAD105B6}
2012-05-11 16:20:10 -------- d-----w- C:\Users\Ahmad\AppData\Local\{831B4F78-592C-4A32-AAF7-4EA49E8022B6}
2012-05-11 14:40:18 -------- d-----w- C:\Users\Ahmad\AppData\Local\{D68B5507-D4E8-4677-9A18-8C97EF6D7D3F}
2012-05-11 13:37:30 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 13:37:30 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 13:36:58 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 13:36:58 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 13:36:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 13:36:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 13:30:48 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 13:27:35 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 13:27:07 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 13:27:07 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 13:27:07 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 13:27:06 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 13:27:06 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 12:48:48 -------- d-----w- C:\Users\Ahmad\AppData\Local\{52A2815C-39B2-401E-AB0E-101B0CD8E069}
2012-05-11 04:58:26 -------- d-----w- C:\Users\Ahmad\AppData\Local\{458949CD-12AA-4EAB-A973-8A743DAB062F}
2012-05-10 22:07:34 -------- d-----w- C:\Users\Ahmad\AppData\Local\{BCFF42D2-FAF5-47C3-B2F4-ED7A928C7294}
2012-05-10 21:22:19 -------- d-----w- C:\Users\Ahmad\AppData\Local\{A338B71E-08F2-418B-843F-F60D094CB916}
2012-05-10 19:09:27 -------- d-----w- C:\Users\Ahmad\AppData\Local\{6906DD03-9133-417D-82D3-113585B9E133}
2012-05-10 19:09:15 -------- d-----w- C:\Users\Ahmad\AppData\Local\{5BA6CB97-E151-4B2E-8B78-6BBC1204FE13}
2012-05-10 17:18:31 -------- d-----w- C:\Users\Ahmad\AppData\Local\{840A8F8C-6F33-45AC-A968-8AAEB8F10D38}
2012-05-10 16:51:29 -------- d-----w- C:\Users\Ahmad\AppData\Local\{93167BCD-0817-4221-940C-4EB7E113B952}
2012-05-10 02:37:34 -------- d-----w- C:\Users\Ahmad\AppData\Local\{17AF4747-0325-4C6E-BFE9-F318B64DF940}
2012-05-09 23:28:54 -------- d-----w- C:\Users\Ahmad\AppData\Local\{A4B34ADF-D785-467B-A26A-4D408AAAB770}
2012-05-09 23:28:41 -------- d-----w- C:\Users\Ahmad\AppData\Local\{C9E4F703-2778-42F1-A837-DEC60F676257}
2012-05-09 23:22:26 -------- d-----w- C:\Users\Ahmad\AppData\Local\{A7372FB3-B613-418E-B07D-31676E3F6C03}
2012-05-09 23:09:50 -------- d-----w- C:\Users\Ahmad\AppData\Local\{13B0A3AA-D09C-4A26-AC6F-4910EB0F33BA}
.
==================== Find3M ====================
.
2012-05-08 20:32:19 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 20:32:19 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:04:22 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 17:30:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-20 15:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 15:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 22:25:11.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 08 June 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 10 June 2012 - 07:57 AM

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 10-06-2012 17:37:59
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" [136488 2011-02-17] (CyberLink)
HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [232616 2012-01-17] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [165160 2011-09-27] (CyberLink Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Ahmad\...\Run: [] [x]
HKU\Ahmad\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955280 2012-04-26] (Samsung)
HKU\Ahmad\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-05-27] ()
HKU\Ahmad\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3417496 2011-08-29] (Tonec Inc.)
HKU\Ahmad\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [845176 2011-02-18] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [845176 2011-02-18] (TOSHIBA)
HKU\test account\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [845176 2011-02-18] (TOSHIBA)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.4
Tcpip\..\Interfaces\{0E48238E-9059-4F85-8064-49AB379EEDA2}: [NameServer]8.8.8.8
Startup: C:\Users\Ahmad\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\test account\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-09] (Toshiba Europe GmbH)
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe" [2027840 2011-09-27] (TuneUp Software)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36160 2011-09-27] (TuneUp Software)
2 UxTuneUp; C:\Windows\SysWow64\uxtuneup.dll [29504 2011-09-27] (TuneUp Software)
2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [x]
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [42096 2010-10-18] (Atheros)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31216 2011-04-13] (CyberLink Corporation)
2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [145008 2011-07-06] (Tonec Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [307304 2010-11-30] (Realtek Semiconductor Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [291120 2011-01-20] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50864 2010-11-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [82224 2010-11-29] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [18872 2010-06-18] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94528 2010-08-30] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63488 2010-04-26] (TOSHIBA Corporation)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
1 eevlncve; \??\C:\Windows\system32\drivers\eevlncve.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
1 ltvayien; \??\C:\Windows\system32\drivers\ltvayien.sys [x]
1 mbwgdadz; \??\C:\Windows\system32\drivers\mbwgdadz.sys [x]
1 nruqthgp; \??\C:\Windows\system32\drivers\nruqthgp.sys [x]
1 zneurfta; \??\C:\Windows\system32\drivers\zneurfta.sys [x]
1 zvelaryf; \??\C:\Windows\system32\drivers\zvelaryf.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: UxTuneUp -> C:\Windows\System32\uxtuneup.dll (TuneUp Software)

============ One Month Created Files and Folders ==============

2012-06-10 17:37 - 2012-06-10 17:38 - 00000000 ____D C:\FRST
2012-06-09 14:02 - 2012-06-09 14:02 - 00056967 ____A C:\Users\Ahmad\Desktop\1621.torrent
2012-06-09 14:02 - 2012-06-09 14:02 - 00014613 ____A C:\Users\Ahmad\Desktop\[isoHunt] Pride and Prejudice (2005) DVDRip.torrent
2012-06-09 11:00 - 2012-06-10 13:34 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\WildTangent
2012-06-09 09:49 - 2012-06-09 09:49 - 00000084 ____A C:\Users\Public\sdelevURL.tmp
2012-06-09 00:17 - 2012-06-09 00:17 - 00013540 ____A C:\Users\Ahmad\Desktop\AAAAC_ZqWcQAAAAAADW2vg.jpg
2012-06-09 00:14 - 2012-06-09 00:14 - 00111206 ____A C:\Users\Ahmad\Desktop\cake-and-ice-cream-1.jpg
2012-06-08 12:55 - 2012-06-08 12:55 - 00015820 ____A C:\Users\Ahmad\Desktop\[isoHunt] Robin Hood (2010) UNRATED DVDRip XviD-MAXSPEED.torrent
2012-06-08 09:27 - 2012-06-08 09:27 - 00044955 ____A C:\Users\Ahmad\Desktop\DDS.txt
2012-06-08 09:27 - 2012-06-08 09:27 - 00027456 ____A C:\Users\Ahmad\Desktop\Attach.txt
2012-06-08 09:21 - 2012-06-08 09:21 - 00000000 ____A C:\Users\Ahmad\defogger_reenable
2012-06-08 05:17 - 2012-06-08 05:17 - 00026465 ____A C:\Users\Ahmad\Desktop\311482_182075891872446_43542542_n.jpg
2012-06-08 04:06 - 2012-05-10 19:55 - 00107632 ____N () C:\Windows\System32\Drivers\Shield.sys
2012-06-08 04:05 - 2012-06-08 04:19 - 00000000 ____D C:\Program Files (x86)\Shield
2012-06-08 00:38 - 2012-06-08 00:38 - 00038832 ____A C:\Users\Ahmad\Desktop\tumblr_luxt3dkprG1r2rf2oo1_500_large.jpg
2012-06-08 00:30 - 2012-06-08 00:30 - 00023559 ____A C:\Users\Ahmad\Desktop\smokes-mbur1v35-178360-500-500_large.jpg
2012-06-08 00:28 - 2012-06-08 00:28 - 00008465 ____A C:\Users\Ahmad\Desktop\tumblr_luzlwk1D7p1qes8hxo1_500_thumb.jpg
2012-06-07 13:51 - 2012-06-07 13:51 - 00000604 ____A C:\Users\Ahmad\Desktop\ESET SCAN 2.txt
2012-06-07 11:42 - 2012-06-07 11:42 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qtkqcqpl.sys
2012-06-07 11:41 - 2012-06-07 11:41 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wxghsdmu.sys
2012-06-07 08:36 - 2012-06-07 08:36 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-07 06:35 - 2012-06-07 06:40 - 39685888 ____A C:\Users\Ahmad\Desktop\ISHQ HUA REMIX [ AKON ] - 2011 - XTREME REMIXES [DJ MASHUP] .mp4
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 04:59 - 2012-06-06 05:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-06 04:59 - 2012-06-06 04:59 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-06 04:59 - 2012-06-06 04:59 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-06 03:41 - 2012-06-06 03:41 - 00051481 ____A C:\Users\Ahmad\Desktop\bathroom-interio-light-design.jpg
2012-06-05 13:28 - 2009-05-23 00:44 - 00151109 ____A C:\Users\Ahmad\Desktop\Hes Just Not That Into You[2009]DvDrip-aXXo.srt
2012-06-05 12:40 - 2012-06-05 12:40 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-05 12:40 - 2012-06-05 12:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-05 12:40 - 2012-06-05 12:40 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\Malwarebytes
2012-06-05 12:40 - 2012-06-05 12:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 12:40 - 2012-04-04 02:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-05 10:29 - 2012-06-05 10:29 - 00000000 ____D C:\Users\test account\AppData\Roaming\TOSHIBA Online Product Information
2012-06-05 10:08 - 2012-06-05 10:08 - 00000000 ____D C:\Users\test account\AppData\Roaming\Toshiba
2012-06-05 10:07 - 2012-06-05 11:16 - 00000000 ____D C:\Users\test account\AppData\Local\blekkotb
2012-06-05 10:07 - 2012-06-05 10:07 - 00000000 ____D C:\Users\test account\Documents\Bluetooth
2012-06-05 10:06 - 2012-06-05 10:29 - 00000000 ____D C:\Users\test account\AppData\Local\TOSHIBA
2012-06-05 10:06 - 2012-06-05 10:06 - 00108840 ____A C:\Users\test account\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-05 10:05 - 2012-06-05 10:05 - 00000000 ____D C:\Users\test account\AppData\Local\VirtualStore
2012-06-05 10:04 - 2012-06-10 13:34 - 00000000 ____D C:\users\test account
2012-06-05 10:04 - 2012-06-05 10:05 - 00000000 ____D C:\Users\test account\AppData\LocalLow
2012-06-05 10:04 - 2012-06-05 10:04 - 00000020 __ASH C:\Users\test account\ntuser.ini
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Templates
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Start Menu
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\PrintHood
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\NetHood
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\My Documents
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Documents\My Videos
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Documents\My Pictures
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Documents\My Music
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\AppData\Local\Temporary Internet Files
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\AppData\Local\History
2012-06-05 10:04 - 2011-08-28 15:39 - 00000000 ____D C:\Users\test account\AppData\Local\Microsoft Help
2012-06-05 10:04 - 2011-05-04 09:24 - 00000000 ____D C:\Users\test account\AppData\Roaming\Macromedia
2012-06-05 10:04 - 2010-11-20 23:16 - 00000000 ____D C:\Users\test account\AppData\Roaming\Media Center Programs
2012-06-05 08:41 - 2012-06-05 08:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-05 08:41 - 2012-06-05 08:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-04 10:51 - 2012-06-05 04:18 - 00081984 ____A C:\Windows\System32\bdod.bin
2012-06-04 09:57 - 2012-06-04 09:57 - 00000850 ____A C:\Windows\System32\ProductTweaks.xml
2012-06-04 09:57 - 2012-06-04 09:57 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-06-04 09:54 - 2012-06-04 09:54 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\BitDefender
2012-06-04 09:53 - 2012-06-05 04:18 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2012-06-04 09:53 - 2012-06-04 10:17 - 00000000 ____D C:\Users\All Users\BitDefender
2012-06-04 09:53 - 2012-06-04 09:53 - 00000000 ____D C:\Program Files\BitDefender
2012-06-02 13:03 - 2012-06-01 19:07 - 00068722 ____A C:\Users\Ahmad\Downloads\Safe (2012) BluRay 720p.srt
2012-06-02 11:39 - 2012-06-02 12:59 - 653448071 ____A C:\Users\Ahmad\Downloads\Safe (2012) BluRay 720p.mkv
2012-06-02 02:15 - 2012-06-02 02:16 - 00138470 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_15.15.06_log.txt
2012-06-01 12:35 - 2012-06-03 04:55 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-05-31 13:38 - 2012-06-02 00:08 - 00000000 ___SD C:\32788R22FWJFW
2012-05-31 13:24 - 2012-05-31 13:25 - 00132730 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_02.24.04_log.txt
2012-05-31 13:20 - 2012-05-31 13:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-05-31 13:13 - 2012-05-31 13:21 - 00404014 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_02.13.32_log.txt
2012-05-30 13:09 - 2012-06-06 09:44 - 01682186 ____A C:\Windows\ntbtlog.txt
2012-05-30 11:20 - 2012-05-30 11:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\tango
2012-05-30 10:41 - 2012-05-30 10:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FA5AAEC4-551A-4F57-9B2A-422AF72599DF}
2012-05-30 10:41 - 2012-05-30 10:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0256E61C-AECD-4366-BA83-829A126CB5A8}
2012-05-29 22:20 - 2012-05-29 22:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2B7E3ADF-C86D-43F2-BCD7-89DAAE48FA52}
2012-05-29 22:19 - 2012-05-29 22:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8BD46DD5-56C8-4AC0-A27F-4B8CF15490F6}
2012-05-29 10:14 - 2012-05-29 10:14 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9B991D10-D6CD-44A5-9FEB-B8E8C9E2B2EA}
2012-05-29 10:13 - 2012-05-29 10:14 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{96351AAC-5633-47BB-A128-ABD0C8CF6BEC}
2012-05-29 09:09 - 2012-05-29 09:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3D56F2E0-D2F4-43C9-AFAB-F0044B639B78}
2012-05-28 15:19 - 2012-05-28 15:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{575673B6-91B1-46C9-AD37-3261053D4A92}
2012-05-28 15:18 - 2012-05-28 15:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A115B651-CAC2-47A6-9075-77913913806F}
2012-05-28 13:22 - 2012-05-28 13:22 - 00017408 ____A C:\Users\Ahmad\AppData\Local\WebpageIcons.db
2012-05-28 09:56 - 2012-05-28 09:56 - 00001071 ____A C:\Users\Public\Desktop\Google Books Downloader.lnk
2012-05-28 09:56 - 2012-05-28 09:56 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader
2012-05-27 15:59 - 2012-05-27 15:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F83D48A5-31D2-4C8D-812C-4217E76A426B}
2012-05-27 13:07 - 2012-05-27 13:07 - 00001924 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-05-27 13:06 - 2011-06-01 21:47 - 00013800 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadwh.sys
2012-05-27 13:06 - 2011-06-01 21:47 - 00013288 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ssadcm.sys
2012-05-27 13:05 - 2011-03-01 18:57 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-05-27 12:30 - 2012-05-27 12:30 - 00000000 ____D C:\Program Files\SAMSUNG
2012-05-27 02:23 - 2012-05-27 02:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B41334FF-682A-4CD8-AAC2-5E7288695488}
2012-05-27 02:23 - 2012-05-27 02:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{157683B7-DFF7-4D86-94F0-C4F5762CA031}
2012-05-26 23:13 - 2012-05-26 23:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9B592670-D139-4E8A-9FA6-D166C37AF093}
2012-05-26 03:46 - 2012-05-26 03:47 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E3694000-D0D9-41F3-89E5-9DE04880ECFF}
2012-05-26 03:46 - 2012-05-26 03:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{918E2F09-066C-4B4E-AB18-F8E7329A8A91}
2012-05-25 09:00 - 2012-05-25 09:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F2266A29-E38D-4FE3-964C-DC6A0DCC1ABA}
2012-05-25 09:00 - 2012-05-25 09:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DBC51AF1-21CF-47A4-9C3D-3CD135343FB7}
2012-05-25 04:40 - 2012-05-25 04:40 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{72D3345A-2F2C-4C92-ACB1-7B736F71FF20}
2012-05-25 02:20 - 2012-05-25 02:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5083EFA5-6B5C-4CB0-8304-09C71CBE50D1}
2012-05-24 15:17 - 2012-05-24 15:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E4A547D8-F0A3-4252-8A69-78E6F502D924}
2012-05-24 01:32 - 2012-05-24 01:32 - 00027585 ____A C:\Users\Ahmad\Desktop\[kat.ph]sleepers.1996.eng.dvdrip.neroz.rar
2012-05-24 01:31 - 2012-05-24 01:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{CE61EBE8-6C56-4E64-A7FC-626A66970BCB}
2012-05-23 23:33 - 2012-05-23 23:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1F5755B7-281F-49EE-8787-7B633A143ABD}
2012-05-23 23:32 - 2012-05-23 23:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{46546268-E89F-4915-BC9E-04CE12F1E4BF}
2012-05-23 09:52 - 2012-05-23 09:52 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DCEA130A-6A3F-4260-AD77-7F9593269667}
2012-05-23 02:08 - 2012-05-23 02:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{EF22ACFA-E372-4C31-8B03-1F2987BD68A6}
2012-05-22 11:52 - 2012-06-10 13:34 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\vlc
2012-05-22 11:51 - 2012-05-22 11:51 - 00001037 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-22 10:19 - 2012-05-22 10:20 - 00000000 ____D C:\Users\Ahmad\Downloads\samsung
2012-05-22 04:13 - 2012-05-22 04:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4F3EE8E3-3075-4C09-B651-088F2D8B17F3}
2012-05-22 04:13 - 2012-05-22 04:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0B615593-2765-422E-A61F-DD7B26642B47}
2012-05-22 03:10 - 2012-05-22 03:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D73FCE79-3BB0-47CC-BCE6-C54D37C4E294}
2012-05-21 12:24 - 2012-05-21 12:25 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A6C3533B-797A-428F-AAB2-650BBCB790C0}
2012-05-21 12:24 - 2012-05-21 12:24 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3A784C77-47C8-4B51-8727-FCA5302FD78F}
2012-05-21 12:20 - 2012-05-21 12:20 - 00000000 ____D C:\Windows\en
2012-05-21 12:19 - 2012-05-21 12:19 - 00000000 ____D C:\Windows\tr
2012-05-21 12:19 - 2012-05-21 12:19 - 00000000 ____D C:\Windows\fr
2012-05-21 12:19 - 2012-05-21 12:19 - 00000000 ____D C:\Windows\ar
2012-05-21 12:15 - 2012-03-08 05:40 - 00048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-05-21 11:48 - 2012-05-21 11:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B60295BA-2E94-4885-8F24-469D0ED3AE61}
2012-05-21 11:48 - 2012-05-21 11:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8D85EFC4-1A23-4A34-9B61-88DACCC9F3E0}
2012-05-21 09:42 - 2012-05-21 09:42 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A54DF82D-4E0C-47BE-8DEA-A215F7587766}
2012-05-21 09:42 - 2012-05-21 09:42 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3BF0F7F1-CA50-48CC-A603-8DDC500AFEFC}
2012-05-21 09:36 - 2012-05-21 09:36 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F275F29A-D69B-4C65-9022-6A8F779C5C4B}
2012-05-21 09:36 - 2012-05-21 09:36 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3B0D070E-D978-4D13-AC2B-CD9786AAC481}
2012-05-21 09:28 - 2012-05-21 09:28 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0F75DFBF-397F-4DE8-A69B-D1336124C60A}
2012-05-21 09:27 - 2012-05-21 09:28 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4127F0F5-AFBD-4259-A428-1ACF910A2EB1}
2012-05-21 06:59 - 2012-05-21 06:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5C3CCCA3-7997-4284-94BE-77E50EBCD4A2}
2012-05-21 05:02 - 2012-05-21 05:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9EA2C08F-CE57-4620-BFAA-72F747C81306}
2012-05-21 05:02 - 2012-05-21 05:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{86F98C2D-DBFA-49BC-8D57-11B6384F3D4F}
2012-05-21 02:42 - 2009-07-13 20:57 - 00001330 ____A C:\Users\Ahmad\Desktop\Sound Recorder.lnk
2012-05-21 02:10 - 2012-05-21 02:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{6DDAE96D-15D6-4C27-97FD-C2AFD2E087B0}
2012-05-20 01:39 - 2012-05-20 01:39 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FAFD9F33-9851-4027-B737-94988036AAB7}
2012-05-20 01:39 - 2012-05-20 01:39 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{CA696DD8-E780-45EF-BA7F-72B013C26D2E}
2012-05-19 11:01 - 2012-05-19 11:01 - 00000962 ____A C:\Users\Ahmad\Desktop\SopCast.lnk
2012-05-19 11:01 - 2012-05-19 11:01 - 00000000 ____D C:\Program Files (x86)\SopCast
2012-05-19 10:37 - 2012-05-19 10:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{EAD5A7E0-4B41-4AA1-B6EB-A641B1F6CF6A}
2012-05-19 10:37 - 2012-05-19 10:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{38197482-38F2-447D-91E8-0B0792B1F1BB}
2012-05-19 07:19 - 2012-05-19 07:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{09E0BD91-DEC2-4133-9915-A5EF4D9F7D61}
2012-05-19 05:09 - 2012-05-19 05:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2BB90B8E-DCAF-4CC8-ACE6-AAB984313A13}
2012-05-18 09:57 - 2012-05-18 09:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4EAA8B4A-2203-4771-9B0C-2447223F98A1}
2012-05-18 09:57 - 2012-05-18 09:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{27739177-5FAA-4B29-AF5B-A1D74A9D6270}
2012-05-17 11:03 - 2012-05-17 11:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{713BCD11-064F-44BF-9737-F9C2E47D1A77}
2012-05-17 11:03 - 2012-05-17 11:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0075E1E0-9EDD-41FD-A62B-1A216891E96F}
2012-05-17 09:27 - 2012-05-17 09:28 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8B06194C-969F-4E02-903D-5EB2ED2B9AFB}
2012-05-17 09:27 - 2012-05-17 09:27 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1CCA061D-5ED1-47E5-8FE9-3910057E325C}
2012-05-17 05:41 - 2012-05-17 05:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D3FB5B3A-04DD-4D80-A60D-5FDB9AECFEF2}
2012-05-17 05:40 - 2012-05-17 05:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B53BBFF1-1320-41D3-BCB4-9F479C6173E5}
2012-05-17 05:17 - 2012-05-17 05:18 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{88AE7C2B-16FE-4F7D-8E7D-5AD095665EF3}
2012-05-17 05:17 - 2012-05-17 05:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{12913D1F-BEC1-4411-A189-FEA2482B268D}
2012-05-17 05:08 - 2012-05-17 05:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FAA6F11E-9EAE-4234-B774-0EA295CD3955}
2012-05-17 05:08 - 2012-05-17 05:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F92D119E-0C2D-4D9A-8149-550C5B4066E6}
2012-05-17 04:45 - 2012-05-17 04:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8262268E-480C-4FA6-AE7A-15937F44F016}
2012-05-17 04:45 - 2012-05-17 04:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0B180ED5-7873-4A93-AC84-1990E6A686D0}
2012-05-16 08:23 - 2012-05-16 08:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1359D708-308B-4232-87C1-A92B1BED56D3}
2012-05-16 07:27 - 2012-05-16 07:27 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{59496808-6B21-4BD0-95AD-6381AE967619}
2012-05-15 23:57 - 2012-05-15 23:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{72A23814-4A50-4859-8182-9B7AC83E2629}
2012-05-15 16:46 - 2012-05-15 16:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E7A8A90A-9A43-4A62-9D03-C13E7BF68DA8}
2012-05-15 16:46 - 2012-05-15 16:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B9A26233-1DCA-4075-A2C4-277D04FFE359}
2012-05-15 16:02 - 2012-05-15 16:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{493CBC0C-C175-44F9-9F1E-328A230150A8}
2012-05-15 16:01 - 2012-05-15 16:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{45918773-CF55-43CC-8017-32B7AD7E4CB5}
2012-05-15 15:11 - 2012-05-15 15:12 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E55E07BA-6B19-42A5-B372-C3AF79BA80B0}
2012-05-15 15:11 - 2012-05-15 15:11 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{22C0B399-077A-42B4-ABFF-F3C6E48DECBC}
2012-05-15 14:21 - 2012-05-15 15:25 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\DivX
2012-05-15 14:21 - 2012-05-15 14:21 - 00001623 ____A C:\Users\Ahmad\Desktop\DivX Movies.lnk
2012-05-15 14:20 - 2012-05-21 09:40 - 00000000 ____D C:\Program Files\DivX
2012-05-15 14:13 - 2012-05-21 09:40 - 00000000 ____D C:\Program Files (x86)\DivX
2012-05-15 13:49 - 2012-05-21 09:40 - 00000000 ____D C:\Users\All Users\DivX
2012-05-15 11:53 - 2012-05-15 11:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C770F101-B919-41E6-B172-6D8A337AFABA}
2012-05-15 11:53 - 2012-05-15 11:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{79A1FA1E-4ED6-4790-87D9-53FE2528623C}
2012-05-15 09:13 - 2012-05-15 09:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F4BF143E-56FD-4018-8B8B-C4FF6672CECE}
2012-05-15 09:10 - 2012-05-15 09:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9B273528-B42F-4BAC-BB17-96842ABC1FD7}
2012-05-15 08:20 - 2012-05-15 08:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-15 08:20 - 2012-05-15 08:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 01:37 - 2012-05-15 01:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{66D77951-F650-4645-B3A0-F4E60B637BAC}
2012-05-15 01:37 - 2012-05-15 01:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0AC74E8A-BEA5-457E-A321-CB15CFB5226D}
2012-05-14 23:16 - 2012-05-14 23:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{AB08B110-5E85-4758-BFF8-AFE480C2FD6A}
2012-05-14 23:16 - 2012-05-14 23:16 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{EF4A8132-8BAE-4269-A817-0D6C186E327B}
2012-05-14 07:49 - 2012-05-14 07:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B2BAA3F2-D86B-4A90-822E-76C35FC5F6C1}
2012-05-14 07:08 - 2012-05-14 07:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{34C23B66-8732-4CBD-B041-172A7FAA9393}
2012-05-14 07:08 - 2012-05-14 07:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2134A3EA-7BE0-4FBB-BC8B-FB4DB20AC1F2}
2012-05-14 05:24 - 2012-05-14 05:25 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B9122488-DFF5-4369-8747-345242A25993}
2012-05-14 05:24 - 2012-05-14 05:24 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{09F91A1A-A0B3-4E35-BDAC-AF16FDAAF5E1}
2012-05-14 03:47 - 2012-05-14 03:47 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{66F0C41B-FE90-4239-BCE9-1EACA4CC90D1}
2012-05-14 03:31 - 2012-05-14 03:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E7C0FBAD-4A9E-4893-844A-BA6592E0D232}
2012-05-14 03:31 - 2012-05-14 03:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D4D2C820-C6FE-4708-AD3F-FD937B64BD4D}
2012-05-13 15:07 - 2012-05-13 15:07 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C2CDA5A1-49B6-4D37-88A4-78B69475C64D}
2012-05-13 15:07 - 2012-05-13 15:07 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{56B17AA1-550B-47F5-904B-90813F7E585B}
2012-05-13 04:43 - 2012-05-13 04:43 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2C633810-BF52-481D-AF2B-FB8D0D5D66C0}
2012-05-13 03:46 - 2012-05-13 03:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{68E070B2-CDDE-45AA-B01C-F28A1C5B4514}
2012-05-13 02:25 - 2012-05-13 02:25 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{CE7EDE99-497D-4EBB-80DB-1A180560A8CC}
2012-05-12 13:22 - 2012-05-12 13:22 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7B3A19B4-D368-4F68-BBE1-A73BF3C303EC}
2012-05-12 08:31 - 2012-05-12 08:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5A31FBC5-A955-4B08-8DF8-264D4CDD5C01}
2012-05-12 08:31 - 2012-05-12 08:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{01F0717F-B6F4-4A28-94E9-086F6E779A12}
2012-05-11 17:29 - 2012-05-11 17:30 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{6E5196ED-070C-44A1-A7C0-D05285E002B4}
2012-05-11 16:19 - 2012-05-11 16:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DAB82794-D0E8-4BB6-8F19-0D5C26785998}
2012-05-11 14:03 - 2012-05-11 14:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BEA77EC5-AE15-4F1E-9A67-60DA4B97BA50}
2012-05-11 11:21 - 2012-05-11 11:21 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BAA742C1-E6BB-4B0E-9ECE-6C815AD6A438}
2012-05-11 08:20 - 2012-05-11 08:21 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7DC2F8A7-10F5-4103-819B-6F51DAD105B6}
2012-05-11 08:20 - 2012-05-11 08:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{831B4F78-592C-4A32-AAF7-4EA49E8022B6}
2012-05-11 06:40 - 2012-05-11 06:40 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D68B5507-D4E8-4677-9A18-8C97EF6D7D3F}
2012-05-11 05:37 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 05:37 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 05:36 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 05:36 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 05:36 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 05:36 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 05:30 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 05:27 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 04:48 - 2012-05-11 04:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{52A2815C-39B2-401E-AB0E-101B0CD8E069}

============ 3 Months Modified Files and Folders =============

2012-06-10 17:38 - 2012-06-10 17:37 - 00000000 ____D C:\FRST
2012-06-10 13:34 - 2012-06-09 11:00 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\WildTangent
2012-06-10 13:34 - 2012-06-05 10:04 - 00000000 ____D C:\users\test account
2012-06-10 13:34 - 2012-05-22 11:52 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\vlc
2012-06-10 13:34 - 2011-09-24 07:51 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\IDM
2012-06-10 13:34 - 2011-08-15 08:22 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\Skype
2012-06-10 13:34 - 2011-05-04 09:38 - 00000000 ____D C:\Users\All Users\WildTangent
2012-06-10 13:34 - 2011-05-04 09:38 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2012-06-10 13:34 - 2011-05-04 09:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-10 13:34 - 2011-05-04 09:10 - 00000000 ____D C:\Users\All Users\Skype
2012-06-10 13:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-10 04:33 - 2011-09-24 07:51 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\DMCache
2012-06-10 04:33 - 2011-06-02 12:26 - 01288867 ____A C:\Windows\WindowsUpdate.log
2012-06-10 04:29 - 2011-12-17 00:35 - 00000000 ____D C:\Users\Ahmad\Desktop\results
2012-06-10 04:21 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 04:21 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 04:18 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 04:14 - 2012-04-24 14:55 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-06-10 04:14 - 2011-09-28 10:34 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-10 04:13 - 2011-08-17 05:16 - 00157030 ____A C:\Windows\setupact.log
2012-06-10 04:13 - 2011-06-02 12:28 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-10 04:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 03:09 - 2011-09-23 00:41 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001UA.job
2012-06-10 03:04 - 2011-09-28 10:34 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-10 01:08 - 2012-03-12 16:03 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001UA.job
2012-06-10 00:53 - 2011-08-15 04:43 - 00000000 ____D C:\users\Ahmad
2012-06-10 00:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-09 14:02 - 2012-06-09 14:02 - 00056967 ____A C:\Users\Ahmad\Desktop\1621.torrent
2012-06-09 14:02 - 2012-06-09 14:02 - 00014613 ____A C:\Users\Ahmad\Desktop\[isoHunt] Pride and Prejudice (2005) DVDRip.torrent
2012-06-09 09:49 - 2012-06-09 09:49 - 00000084 ____A C:\Users\Public\sdelevURL.tmp
2012-06-09 00:17 - 2012-06-09 00:17 - 00013540 ____A C:\Users\Ahmad\Desktop\AAAAC_ZqWcQAAAAAADW2vg.jpg
2012-06-09 00:14 - 2012-06-09 00:14 - 00111206 ____A C:\Users\Ahmad\Desktop\cake-and-ice-cream-1.jpg
2012-06-08 12:55 - 2012-06-08 12:55 - 00015820 ____A C:\Users\Ahmad\Desktop\[isoHunt] Robin Hood (2010) UNRATED DVDRip XviD-MAXSPEED.torrent
2012-06-08 09:27 - 2012-06-08 09:27 - 00044955 ____A C:\Users\Ahmad\Desktop\DDS.txt
2012-06-08 09:27 - 2012-06-08 09:27 - 00027456 ____A C:\Users\Ahmad\Desktop\Attach.txt
2012-06-08 09:21 - 2012-06-08 09:21 - 00000000 ____A C:\Users\Ahmad\defogger_reenable
2012-06-08 05:17 - 2012-06-08 05:17 - 00026465 ____A C:\Users\Ahmad\Desktop\311482_182075891872446_43542542_n.jpg
2012-06-08 05:16 - 2011-08-16 08:36 - 00000000 ____D C:\Users\Ahmad\Documents\Youcam
2012-06-08 04:19 - 2012-06-08 04:05 - 00000000 ____D C:\Program Files (x86)\Shield
2012-06-08 00:38 - 2012-06-08 00:38 - 00038832 ____A C:\Users\Ahmad\Desktop\tumblr_luxt3dkprG1r2rf2oo1_500_large.jpg
2012-06-08 00:30 - 2012-06-08 00:30 - 00023559 ____A C:\Users\Ahmad\Desktop\smokes-mbur1v35-178360-500-500_large.jpg
2012-06-08 00:28 - 2012-06-08 00:28 - 00008465 ____A C:\Users\Ahmad\Desktop\tumblr_luzlwk1D7p1qes8hxo1_500_thumb.jpg
2012-06-07 13:51 - 2012-06-07 13:51 - 00000604 ____A C:\Users\Ahmad\Desktop\ESET SCAN 2.txt
2012-06-07 11:42 - 2012-06-07 11:42 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qtkqcqpl.sys
2012-06-07 11:41 - 2012-06-07 11:41 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wxghsdmu.sys
2012-06-07 08:36 - 2012-06-07 08:36 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-07 06:40 - 2012-06-07 06:35 - 39685888 ____A C:\Users\Ahmad\Desktop\ISHQ HUA REMIX [ AKON ] - 2011 - XTREME REMIXES [DJ MASHUP] .mp4
2012-06-06 14:48 - 2009-07-13 21:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-06 12:09 - 2011-09-23 00:41 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001Core.job
2012-06-06 09:44 - 2012-05-30 13:09 - 01682186 ____A C:\Windows\ntbtlog.txt
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 05:00 - 2012-06-06 04:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-06 04:59 - 2012-06-06 04:59 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-06 04:59 - 2012-06-06 04:59 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-06 03:41 - 2012-06-06 03:41 - 00051481 ____A C:\Users\Ahmad\Desktop\bathroom-interio-light-design.jpg
2012-06-05 13:39 - 2011-09-24 07:51 - 00000000 ____D C:\Users\Ahmad\Downloads\Compressed
2012-06-05 12:57 - 2011-08-25 08:44 - 00070110 ____A C:\Windows\PFRO.log
2012-06-05 12:40 - 2012-06-05 12:40 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-05 12:40 - 2012-06-05 12:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-05 12:40 - 2012-06-05 12:40 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\Malwarebytes
2012-06-05 12:40 - 2012-06-05 12:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 11:16 - 2012-06-05 10:07 - 00000000 ____D C:\Users\test account\AppData\Local\blekkotb
2012-06-05 10:29 - 2012-06-05 10:29 - 00000000 ____D C:\Users\test account\AppData\Roaming\TOSHIBA Online Product Information
2012-06-05 10:29 - 2012-06-05 10:06 - 00000000 ____D C:\Users\test account\AppData\Local\TOSHIBA
2012-06-05 10:08 - 2012-06-05 10:08 - 00000000 ____D C:\Users\test account\AppData\Roaming\Toshiba
2012-06-05 10:07 - 2012-06-05 10:07 - 00000000 ____D C:\Users\test account\Documents\Bluetooth
2012-06-05 10:06 - 2012-06-05 10:06 - 00108840 ____A C:\Users\test account\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-05 10:05 - 2012-06-05 10:05 - 00000000 ____D C:\Users\test account\AppData\Local\VirtualStore
2012-06-05 10:05 - 2012-06-05 10:04 - 00000000 ____D C:\Users\test account\AppData\LocalLow
2012-06-05 10:04 - 2012-06-05 10:04 - 00000020 __ASH C:\Users\test account\ntuser.ini
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Templates
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Start Menu
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\PrintHood
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\NetHood
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\My Documents
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Documents\My Videos
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Documents\My Pictures
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\Documents\My Music
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\AppData\Local\Temporary Internet Files
2012-06-05 10:04 - 2012-06-05 10:04 - 00000000 __SHD C:\Users\test account\AppData\Local\History
2012-06-05 08:41 - 2012-06-05 08:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-05 08:41 - 2012-06-05 08:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-05 08:41 - 2011-08-15 05:04 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-05 08:41 - 2011-08-15 05:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-05 04:18 - 2012-06-04 10:51 - 00081984 ____A C:\Windows\System32\bdod.bin
2012-06-05 04:18 - 2012-06-04 09:53 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2012-06-04 10:17 - 2012-06-04 09:53 - 00000000 ____D C:\Users\All Users\BitDefender
2012-06-04 09:57 - 2012-06-04 09:57 - 00000850 ____A C:\Windows\System32\ProductTweaks.xml
2012-06-04 09:57 - 2012-06-04 09:57 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-06-04 09:54 - 2012-06-04 09:54 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\BitDefender
2012-06-04 09:53 - 2012-06-04 09:53 - 00000000 ____D C:\Program Files\BitDefender
2012-06-04 07:27 - 2011-10-02 02:26 - 00000000 ____D C:\Users\Ahmad\Desktop\MISC
2012-06-03 16:45 - 2012-03-12 16:03 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001Core.job
2012-06-03 04:55 - 2012-06-01 12:35 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-03 02:54 - 2011-05-04 09:19 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-03 02:51 - 2011-08-15 08:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-02 12:59 - 2012-06-02 11:39 - 653448071 ____A C:\Users\Ahmad\Downloads\Safe (2012) BluRay 720p.mkv
2012-06-02 02:16 - 2012-06-02 02:15 - 00138470 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_15.15.06_log.txt
2012-06-02 00:08 - 2012-05-31 13:38 - 00000000 ___SD C:\32788R22FWJFW
2012-06-01 19:07 - 2012-06-02 13:03 - 00068722 ____A C:\Users\Ahmad\Downloads\Safe (2012) BluRay 720p.srt
2012-06-01 12:36 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini
2012-05-31 13:25 - 2012-05-31 13:24 - 00132730 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_02.24.04_log.txt
2012-05-31 13:21 - 2012-05-31 13:13 - 00404014 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_02.13.32_log.txt
2012-05-31 13:21 - 2011-09-15 07:14 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-05-31 13:20 - 2012-05-31 13:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-05-31 10:48 - 2011-09-24 07:51 - 00000000 ____D C:\Users\Ahmad\Downloads\Video
2012-05-30 13:13 - 2012-04-24 14:44 - 00001144 ____A C:\Users\Public\Desktop\RAR Password Unlocker.lnk
2012-05-30 11:20 - 2012-05-30 11:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\tango
2012-05-30 11:14 - 2011-09-01 10:24 - 00000000 ____D C:\Users\Ahmad\Tracing
2012-05-30 10:42 - 2011-08-17 05:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\Windows Live
2012-05-30 10:41 - 2012-05-30 10:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FA5AAEC4-551A-4F57-9B2A-422AF72599DF}
2012-05-30 10:41 - 2012-05-30 10:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0256E61C-AECD-4366-BA83-829A126CB5A8}
2012-05-29 22:20 - 2012-05-29 22:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2B7E3ADF-C86D-43F2-BCD7-89DAAE48FA52}
2012-05-29 22:20 - 2012-05-29 22:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8BD46DD5-56C8-4AC0-A27F-4B8CF15490F6}
2012-05-29 10:14 - 2012-05-29 10:14 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9B991D10-D6CD-44A5-9FEB-B8E8C9E2B2EA}
2012-05-29 10:14 - 2012-05-29 10:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{96351AAC-5633-47BB-A128-ABD0C8CF6BEC}
2012-05-29 09:56 - 2011-05-04 09:11 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-29 09:09 - 2012-05-29 09:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3D56F2E0-D2F4-43C9-AFAB-F0044B639B78}
2012-05-28 15:20 - 2012-05-28 15:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{575673B6-91B1-46C9-AD37-3261053D4A92}
2012-05-28 15:19 - 2012-05-28 15:18 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A115B651-CAC2-47A6-9075-77913913806F}
2012-05-28 13:22 - 2012-05-28 13:22 - 00017408 ____A C:\Users\Ahmad\AppData\Local\WebpageIcons.db
2012-05-28 09:56 - 2012-05-28 09:56 - 00001071 ____A C:\Users\Public\Desktop\Google Books Downloader.lnk
2012-05-28 09:56 - 2012-05-28 09:56 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader
2012-05-27 15:59 - 2012-05-27 15:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F83D48A5-31D2-4C8D-812C-4217E76A426B}
2012-05-27 14:49 - 2011-12-16 04:55 - 00000000 ____D C:\Users\Ahmad\AppData\Local\Samsung
2012-05-27 13:07 - 2012-05-27 13:07 - 00001924 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-05-27 13:04 - 2011-12-16 04:55 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\Samsung
2012-05-27 13:04 - 2011-12-16 04:50 - 00000000 ____D C:\Users\All Users\Samsung
2012-05-27 13:03 - 2011-12-16 04:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\Downloaded Installations
2012-05-27 12:30 - 2012-05-27 12:30 - 00000000 ____D C:\Program Files\SAMSUNG
2012-05-27 02:23 - 2012-05-27 02:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B41334FF-682A-4CD8-AAC2-5E7288695488}
2012-05-27 02:23 - 2012-05-27 02:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{157683B7-DFF7-4D86-94F0-C4F5762CA031}
2012-05-26 23:13 - 2012-05-26 23:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9B592670-D139-4E8A-9FA6-D166C37AF093}
2012-05-26 03:47 - 2012-05-26 03:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E3694000-D0D9-41F3-89E5-9DE04880ECFF}
2012-05-26 03:46 - 2012-05-26 03:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{918E2F09-066C-4B4E-AB18-F8E7329A8A91}
2012-05-25 09:00 - 2012-05-25 09:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F2266A29-E38D-4FE3-964C-DC6A0DCC1ABA}
2012-05-25 09:00 - 2012-05-25 09:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DBC51AF1-21CF-47A4-9C3D-3CD135343FB7}
2012-05-25 04:40 - 2012-05-25 04:40 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{72D3345A-2F2C-4C92-ACB1-7B736F71FF20}
2012-05-25 02:20 - 2012-05-25 02:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5083EFA5-6B5C-4CB0-8304-09C71CBE50D1}
2012-05-24 15:17 - 2012-05-24 15:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E4A547D8-F0A3-4252-8A69-78E6F502D924}
2012-05-24 01:32 - 2012-05-24 01:32 - 00027585 ____A C:\Users\Ahmad\Desktop\[kat.ph]sleepers.1996.eng.dvdrip.neroz.rar
2012-05-24 01:31 - 2012-05-24 01:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{CE61EBE8-6C56-4E64-A7FC-626A66970BCB}
2012-05-23 23:33 - 2012-05-23 23:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1F5755B7-281F-49EE-8787-7B633A143ABD}
2012-05-23 23:33 - 2012-05-23 23:32 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{46546268-E89F-4915-BC9E-04CE12F1E4BF}
2012-05-23 09:52 - 2012-05-23 09:52 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DCEA130A-6A3F-4260-AD77-7F9593269667}
2012-05-23 02:08 - 2012-05-23 02:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{EF22ACFA-E372-4C31-8B03-1F2987BD68A6}
2012-05-22 11:51 - 2012-05-22 11:51 - 00001037 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-22 11:46 - 2011-08-15 09:21 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-22 10:20 - 2012-05-22 10:19 - 00000000 ____D C:\Users\Ahmad\Downloads\samsung
2012-05-22 04:13 - 2012-05-22 04:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4F3EE8E3-3075-4C09-B651-088F2D8B17F3}
2012-05-22 04:13 - 2012-05-22 04:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0B615593-2765-422E-A61F-DD7B26642B47}
2012-05-22 03:10 - 2012-05-22 03:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D73FCE79-3BB0-47CC-BCE6-C54D37C4E294}
2012-05-21 15:27 - 2011-08-17 14:04 - 00000000 ____D C:\Users\Ahmad\AppData\Local\Nero
2012-05-21 15:11 - 2011-08-15 08:23 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\Mozilla
2012-05-21 12:25 - 2012-05-21 12:24 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A6C3533B-797A-428F-AAB2-650BBCB790C0}
2012-05-21 12:24 - 2012-05-21 12:24 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3A784C77-47C8-4B51-8727-FCA5302FD78F}
2012-05-21 12:20 - 2012-05-21 12:20 - 00000000 ____D C:\Windows\en
2012-05-21 12:19 - 2012-05-21 12:19 - 00000000 ____D C:\Windows\tr
2012-05-21 12:19 - 2012-05-21 12:19 - 00000000 ____D C:\Windows\fr
2012-05-21 12:19 - 2012-05-21 12:19 - 00000000 ____D C:\Windows\ar
2012-05-21 12:19 - 2011-02-11 08:51 - 00000000 ____D C:\Windows\pt-PT
2012-05-21 12:15 - 2011-05-04 09:27 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-05-21 12:15 - 2011-05-04 09:26 - 00000000 ____D C:\Program Files\Windows Live
2012-05-21 12:14 - 2011-08-17 05:21 - 00248569 ____A C:\Windows\DirectX.log
2012-05-21 11:48 - 2012-05-21 11:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B60295BA-2E94-4885-8F24-469D0ED3AE61}
2012-05-21 11:48 - 2012-05-21 11:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8D85EFC4-1A23-4A34-9B61-88DACCC9F3E0}
2012-05-21 11:42 - 2011-06-02 12:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-21 11:40 - 2012-04-28 07:01 - 00000000 ____D C:\NVIDIA
2012-05-21 09:42 - 2012-05-21 09:42 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A54DF82D-4E0C-47BE-8DEA-A215F7587766}
2012-05-21 09:42 - 2012-05-21 09:42 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3BF0F7F1-CA50-48CC-A603-8DDC500AFEFC}
2012-05-21 09:40 - 2012-05-15 14:20 - 00000000 ____D C:\Program Files\DivX
2012-05-21 09:40 - 2012-05-15 14:13 - 00000000 ____D C:\Program Files (x86)\DivX
2012-05-21 09:40 - 2012-05-15 13:49 - 00000000 ____D C:\Users\All Users\DivX
2012-05-21 09:36 - 2012-05-21 09:36 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F275F29A-D69B-4C65-9022-6A8F779C5C4B}
2012-05-21 09:36 - 2012-05-21 09:36 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3B0D070E-D978-4D13-AC2B-CD9786AAC481}
2012-05-21 09:28 - 2012-05-21 09:28 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0F75DFBF-397F-4DE8-A69B-D1336124C60A}
2012-05-21 09:28 - 2012-05-21 09:27 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4127F0F5-AFBD-4259-A428-1ACF910A2EB1}
2012-05-21 06:59 - 2012-05-21 06:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5C3CCCA3-7997-4284-94BE-77E50EBCD4A2}
2012-05-21 05:02 - 2012-05-21 05:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9EA2C08F-CE57-4620-BFAA-72F747C81306}
2012-05-21 05:02 - 2012-05-21 05:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{86F98C2D-DBFA-49BC-8D57-11B6384F3D4F}
2012-05-21 02:10 - 2012-05-21 02:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{6DDAE96D-15D6-4C27-97FD-C2AFD2E087B0}
2012-05-20 01:39 - 2012-05-20 01:39 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FAFD9F33-9851-4027-B737-94988036AAB7}
2012-05-20 01:39 - 2012-05-20 01:39 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{CA696DD8-E780-45EF-BA7F-72B013C26D2E}
2012-05-19 11:01 - 2012-05-19 11:01 - 00000962 ____A C:\Users\Ahmad\Desktop\SopCast.lnk
2012-05-19 11:01 - 2012-05-19 11:01 - 00000000 ____D C:\Program Files (x86)\SopCast
2012-05-19 10:37 - 2012-05-19 10:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{EAD5A7E0-4B41-4AA1-B6EB-A641B1F6CF6A}
2012-05-19 10:37 - 2012-05-19 10:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{38197482-38F2-447D-91E8-0B0792B1F1BB}
2012-05-19 07:19 - 2012-05-19 07:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{09E0BD91-DEC2-4133-9915-A5EF4D9F7D61}
2012-05-19 05:09 - 2012-05-19 05:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2BB90B8E-DCAF-4CC8-ACE6-AAB984313A13}
2012-05-18 09:58 - 2012-05-18 09:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4EAA8B4A-2203-4771-9B0C-2447223F98A1}
2012-05-18 09:57 - 2012-05-18 09:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{27739177-5FAA-4B29-AF5B-A1D74A9D6270}
2012-05-17 11:03 - 2012-05-17 11:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{713BCD11-064F-44BF-9737-F9C2E47D1A77}
2012-05-17 11:03 - 2012-05-17 11:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0075E1E0-9EDD-41FD-A62B-1A216891E96F}
2012-05-17 09:28 - 2012-05-17 09:27 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8B06194C-969F-4E02-903D-5EB2ED2B9AFB}
2012-05-17 09:27 - 2012-05-17 09:27 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1CCA061D-5ED1-47E5-8FE9-3910057E325C}
2012-05-17 05:41 - 2012-05-17 05:41 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D3FB5B3A-04DD-4D80-A60D-5FDB9AECFEF2}
2012-05-17 05:41 - 2012-05-17 05:40 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B53BBFF1-1320-41D3-BCB4-9F479C6173E5}
2012-05-17 05:18 - 2012-05-17 05:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{88AE7C2B-16FE-4F7D-8E7D-5AD095665EF3}
2012-05-17 05:17 - 2012-05-17 05:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{12913D1F-BEC1-4411-A189-FEA2482B268D}
2012-05-17 05:08 - 2012-05-17 05:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FAA6F11E-9EAE-4234-B774-0EA295CD3955}
2012-05-17 05:08 - 2012-05-17 05:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F92D119E-0C2D-4D9A-8149-550C5B4066E6}
2012-05-17 04:46 - 2012-05-17 04:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8262268E-480C-4FA6-AE7A-15937F44F016}
2012-05-17 04:45 - 2012-05-17 04:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0B180ED5-7873-4A93-AC84-1990E6A686D0}
2012-05-16 08:23 - 2012-05-16 08:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1359D708-308B-4232-87C1-A92B1BED56D3}
2012-05-16 07:27 - 2012-05-16 07:27 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{59496808-6B21-4BD0-95AD-6381AE967619}
2012-05-15 23:57 - 2012-05-15 23:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{72A23814-4A50-4859-8182-9B7AC83E2629}
2012-05-15 16:46 - 2012-05-15 16:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E7A8A90A-9A43-4A62-9D03-C13E7BF68DA8}
2012-05-15 16:46 - 2012-05-15 16:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B9A26233-1DCA-4075-A2C4-277D04FFE359}
2012-05-15 16:03 - 2012-05-15 16:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{493CBC0C-C175-44F9-9F1E-328A230150A8}
2012-05-15 16:02 - 2012-05-15 16:01 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{45918773-CF55-43CC-8017-32B7AD7E4CB5}
2012-05-15 15:25 - 2012-05-15 14:21 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\DivX
2012-05-15 15:25 - 2011-09-02 13:21 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\NVIDIA
2012-05-15 15:12 - 2012-05-15 15:11 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E55E07BA-6B19-42A5-B372-C3AF79BA80B0}
2012-05-15 15:11 - 2012-05-15 15:11 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{22C0B399-077A-42B4-ABFF-F3C6E48DECBC}
2012-05-15 14:22 - 2011-08-15 04:43 - 00000000 ____D C:\Users\Ahmad\AppData\LocalLow
2012-05-15 14:21 - 2012-05-15 14:21 - 00001623 ____A C:\Users\Ahmad\Desktop\DivX Movies.lnk
2012-05-15 11:53 - 2012-05-15 11:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C770F101-B919-41E6-B172-6D8A337AFABA}
2012-05-15 11:53 - 2012-05-15 11:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{79A1FA1E-4ED6-4790-87D9-53FE2528623C}
2012-05-15 09:13 - 2012-05-15 09:13 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F4BF143E-56FD-4018-8B8B-C4FF6672CECE}
2012-05-15 09:13 - 2012-05-15 09:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9B273528-B42F-4BAC-BB17-96842ABC1FD7}
2012-05-15 08:20 - 2012-05-15 08:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-15 08:20 - 2012-05-15 08:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 01:37 - 2012-05-15 01:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{66D77951-F650-4645-B3A0-F4E60B637BAC}
2012-05-15 01:37 - 2012-05-15 01:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0AC74E8A-BEA5-457E-A321-CB15CFB5226D}
2012-05-14 23:17 - 2012-05-14 23:16 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{AB08B110-5E85-4758-BFF8-AFE480C2FD6A}
2012-05-14 23:16 - 2012-05-14 23:16 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{EF4A8132-8BAE-4269-A817-0D6C186E327B}
2012-05-14 07:49 - 2012-05-14 07:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B2BAA3F2-D86B-4A90-822E-76C35FC5F6C1}
2012-05-14 07:09 - 2012-05-14 07:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{34C23B66-8732-4CBD-B041-172A7FAA9393}
2012-05-14 07:08 - 2012-05-14 07:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2134A3EA-7BE0-4FBB-BC8B-FB4DB20AC1F2}
2012-05-14 05:25 - 2012-05-14 05:24 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B9122488-DFF5-4369-8747-345242A25993}
2012-05-14 05:24 - 2012-05-14 05:24 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{09F91A1A-A0B3-4E35-BDAC-AF16FDAAF5E1}
2012-05-14 03:47 - 2012-05-14 03:47 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{66F0C41B-FE90-4239-BCE9-1EACA4CC90D1}
2012-05-14 03:31 - 2012-05-14 03:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E7C0FBAD-4A9E-4893-844A-BA6592E0D232}
2012-05-14 03:31 - 2012-05-14 03:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D4D2C820-C6FE-4708-AD3F-FD937B64BD4D}
2012-05-13 15:07 - 2012-05-13 15:07 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C2CDA5A1-49B6-4D37-88A4-78B69475C64D}
2012-05-13 15:07 - 2012-05-13 15:07 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{56B17AA1-550B-47F5-904B-90813F7E585B}
2012-05-13 04:43 - 2012-05-13 04:43 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2C633810-BF52-481D-AF2B-FB8D0D5D66C0}
2012-05-13 03:46 - 2012-05-13 03:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{68E070B2-CDDE-45AA-B01C-F28A1C5B4514}
2012-05-13 02:25 - 2012-05-13 02:25 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{CE7EDE99-497D-4EBB-80DB-1A180560A8CC}
2012-05-12 13:22 - 2012-05-12 13:22 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7B3A19B4-D368-4F68-BBE1-A73BF3C303EC}
2012-05-12 08:31 - 2012-05-12 08:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5A31FBC5-A955-4B08-8DF8-264D4CDD5C01}
2012-05-12 08:31 - 2012-05-12 08:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{01F0717F-B6F4-4A28-94E9-086F6E779A12}
2012-05-12 08:30 - 2009-07-13 20:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 17:30 - 2012-05-11 17:29 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{6E5196ED-070C-44A1-A7C0-D05285E002B4}
2012-05-11 16:19 - 2012-05-11 16:19 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DAB82794-D0E8-4BB6-8F19-0D5C26785998}
2012-05-11 14:34 - 2011-08-21 03:21 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 14:34 - 2011-08-15 07:11 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 14:07 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 14:03 - 2012-05-11 14:03 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BEA77EC5-AE15-4F1E-9A67-60DA4B97BA50}
2012-05-11 11:21 - 2012-05-11 11:21 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BAA742C1-E6BB-4B0E-9ECE-6C815AD6A438}
2012-05-11 08:21 - 2012-05-11 08:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7DC2F8A7-10F5-4103-819B-6F51DAD105B6}
2012-05-11 08:20 - 2012-05-11 08:20 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{831B4F78-592C-4A32-AAF7-4EA49E8022B6}
2012-05-11 06:40 - 2012-05-11 06:40 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D68B5507-D4E8-4677-9A18-8C97EF6D7D3F}
2012-05-11 04:48 - 2012-05-11 04:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{52A2815C-39B2-401E-AB0E-101B0CD8E069}
2012-05-10 20:58 - 2012-05-10 20:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{458949CD-12AA-4EAB-A973-8A743DAB062F}
2012-05-10 19:55 - 2012-06-08 04:06 - 00107632 ____N () C:\Windows\System32\Drivers\Shield.sys
2012-05-10 14:07 - 2012-05-10 14:07 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BCFF42D2-FAF5-47C3-B2F4-ED7A928C7294}
2012-05-10 13:22 - 2012-05-10 13:22 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A338B71E-08F2-418B-843F-F60D094CB916}
2012-05-10 11:10 - 2012-05-10 11:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{6906DD03-9133-417D-82D3-113585B9E133}
2012-05-10 11:09 - 2012-05-10 11:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5BA6CB97-E151-4B2E-8B78-6BBC1204FE13}
2012-05-10 09:18 - 2012-05-10 09:18 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{840A8F8C-6F33-45AC-A968-8AAEB8F10D38}
2012-05-10 08:51 - 2012-05-10 08:51 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{93167BCD-0817-4221-940C-4EB7E113B952}
2012-05-09 18:37 - 2012-05-09 18:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{17AF4747-0325-4C6E-BFE9-F318B64DF940}
2012-05-09 15:28 - 2012-05-09 15:28 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C9E4F703-2778-42F1-A837-DEC60F676257}
2012-05-09 15:28 - 2012-05-09 15:28 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A4B34ADF-D785-467B-A26A-4D408AAAB770}
2012-05-09 15:22 - 2012-05-09 15:22 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A7372FB3-B613-418E-B07D-31676E3F6C03}
2012-05-09 15:10 - 2012-05-09 15:09 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{13B0A3AA-D09C-4A26-AC6F-4910EB0F33BA}
2012-05-08 13:35 - 2012-05-08 13:34 - 00000000 ____D C:\Users\Ahmad\Desktop\Irum
2012-05-08 12:32 - 2012-04-28 06:30 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-08 12:32 - 2012-04-28 06:30 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-08 12:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-08 05:23 - 2012-05-08 05:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{6F80D73E-CA66-4B48-B8F9-9B07C21E86ED}
2012-05-08 05:23 - 2012-05-08 05:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4AC5C826-4C49-4525-805F-474518E3C885}
2012-05-08 05:22 - 2012-05-08 05:22 - 00826568 ____A C:\Users\Ahmad\Desktop\2012-05-06 16.12.41.jpg
2012-05-08 04:12 - 2012-05-08 04:12 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FB047A22-74A4-4049-ABC2-3BBF85BC587A}
2012-05-06 16:49 - 2012-05-06 16:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5F630B30-9D2C-4EB7-853B-3637AF7BD6B7}
2012-05-06 16:48 - 2012-05-06 16:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DAD301AF-B922-4400-A9B5-2A2981D477D0}
2012-05-06 16:48 - 2012-05-06 16:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D9299F98-BEA3-4AB6-84A9-7007E7F52D1B}
2012-05-05 14:58 - 2012-05-05 14:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3597AF7A-2BC0-4B8D-A5FE-3B8C98A04F08}
2012-05-05 14:58 - 2012-05-05 14:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{184CFFAE-F6BD-47D7-8385-6F5E99D3ECD7}
2012-05-05 14:43 - 2012-05-05 14:43 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5F2B5987-E33A-4F90-A675-B4FB9BDC5A65}
2012-05-05 14:35 - 2012-05-05 14:35 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0403062D-2E8C-49EE-A33A-B26E7C8F8B57}
2012-05-05 14:16 - 2012-05-05 14:16 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2835337B-9998-495E-8EA0-155610C9E2B0}
2012-05-05 14:15 - 2012-05-05 14:15 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E60B3E29-E0A3-41EB-B5B9-D2A83F72C98A}
2012-05-05 14:15 - 2012-05-05 14:15 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{027DEB69-E412-45A6-B13B-81589DFDE8F8}
2012-05-04 13:04 - 2012-04-24 13:09 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 10:43 - 2012-05-04 10:43 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DEDF50E7-723D-4124-9426-42731D5A1983}
2012-05-04 10:43 - 2012-05-04 10:43 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C2F9F449-0804-4DB7-8223-AAC1602C8956}
2012-05-04 05:57 - 2012-05-04 05:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E3E19354-734C-4CB8-A731-35BAB880E342}
2012-05-03 07:58 - 2011-05-04 08:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-03 07:07 - 2012-05-03 07:07 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5642459B-A1BF-4C94-B7D2-57C9831D2B17}
2012-05-03 03:00 - 2012-05-03 03:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{520B2DCD-C2AA-4397-811D-E14F12D09F0E}
2012-05-03 00:03 - 2012-05-03 00:03 - 00000000 ____D C:\Users\Ahmad\Documents\EA SPORTS™ Cricket 07
2012-05-02 10:10 - 2012-05-02 10:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{800ECB37-F63D-4802-AA0D-65C3BDB861EF}
2012-05-01 12:01 - 2012-05-01 12:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4C3FDC33-92B3-40EE-82B5-DA6C87B88A7B}
2012-05-01 11:59 - 2012-05-01 11:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B9F11F53-9D50-40A6-83D1-16370A088138}
2012-05-01 09:34 - 2011-10-09 12:29 - 00000000 ____D C:\Users\Ahmad\Desktop\Munich[2005]DvDrip[Eng]-aXXo
2012-04-30 08:14 - 2012-04-30 08:13 - 00010240 __ASH C:\Users\Ahmad\Desktop\Thumbs.db
2012-04-29 18:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-04-28 07:13 - 2011-08-16 09:23 - 00001986 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-28 07:03 - 2011-06-02 12:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-28 03:31 - 2012-04-28 03:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B373CDB8-46AB-46A8-838F-89986FF281AF}
2012-04-28 03:30 - 2012-04-28 03:30 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7B21B1CE-1A92-4D74-A493-A5EB49439501}
2012-04-27 00:55 - 2012-04-27 00:55 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{53630D9E-6D65-4151-B3EA-1AB05E066618}
2012-04-27 00:55 - 2012-04-27 00:55 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2ECDF0B9-12CC-489D-99B1-20CC9A253700}
2012-04-27 00:54 - 2012-04-27 00:54 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F000C92C-EEAC-4BD5-AA55-E4B431CD517D}
2012-04-27 00:53 - 2012-04-27 00:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C6732578-8D36-455E-91B7-17CEEB17898A}
2012-04-26 03:45 - 2012-04-26 03:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E9B172CE-A140-40C5-9A0A-A1B20EEB1077}
2012-04-26 03:45 - 2012-04-26 03:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B8FB15E4-B1D4-44F3-B08B-D8D4D2AEEAD4}
2012-04-25 12:06 - 2012-04-25 12:06 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-25 12:06 - 2012-04-25 12:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 11:58 - 2012-04-25 11:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9F872699-0E16-4230-86BB-63E34EF85295}
2012-04-25 11:58 - 2012-04-25 11:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C5EF561B-04D7-4400-ABF9-A0E3EA604400}
2012-04-25 10:38 - 2012-04-25 10:38 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{409795BA-5B3B-47C0-80DA-47A7D7F09276}
2012-04-25 10:37 - 2012-04-25 10:37 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DB0934C7-6905-4F92-8EC2-D465C5C7A28B}
2012-04-25 10:33 - 2012-04-25 10:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F06A0A5A-6063-4551-8E4B-245ABB93F74B}
2012-04-25 09:47 - 2012-04-25 09:47 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{90DA512B-0F41-4DF3-9E3E-BF403B73881A}
2012-04-25 09:47 - 2012-04-25 09:47 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{874B00D5-40E9-4FFF-8227-CE2B74479C0A}
2012-04-24 14:55 - 2012-04-24 14:55 - 00000000 ____D C:\Users\Ahmad\AppData\Local\blekkotb
2012-04-24 14:55 - 2012-04-24 14:55 - 00000000 ____D C:\Program Files (x86)\RAR Password Cracker
2012-04-24 14:54 - 2012-04-24 14:54 - 00205889 ____A C:\Users\Ahmad\Downloads\rpc412.zip
2012-04-24 14:54 - 2012-04-24 14:54 - 00000000 ____D C:\Program Files (x86)\blekkotb
2012-04-24 14:46 - 2012-04-24 14:44 - 00000000 ____D C:\Program Files\RAR Password Unlocker
2012-04-24 09:30 - 2012-04-24 09:30 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-24 09:30 - 2012-04-24 09:30 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-24 09:30 - 2012-04-24 09:30 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-24 09:30 - 2012-04-24 09:30 - 00000000 ____D C:\Program Files (x86)\Java
2012-04-24 09:30 - 2011-05-04 10:05 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-24 09:26 - 2012-04-24 09:25 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Ahmad\Desktop\jxpiinstall.exe
2012-04-22 01:52 - 2012-04-22 01:52 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{617629DC-1D33-431C-B289-B38029D4CAEA}
2012-04-21 05:53 - 2012-04-21 05:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8A6226BF-5682-4DEF-9119-7D115D510BB2}
2012-04-21 03:50 - 2012-04-21 03:50 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E086D039-8454-43D0-84A7-345702EA3FEB}
2012-04-21 02:51 - 2012-04-21 02:51 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3765D7B8-2E0B-40AB-AFCD-B3F25114FF3F}
2012-04-21 02:49 - 2012-04-21 02:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BEB20349-9850-4567-8F6C-AEE968ED826F}
2012-04-21 02:46 - 2012-04-21 02:46 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9E657BEA-7454-4D81-8943-97143BD66149}
2012-04-21 02:45 - 2012-04-21 02:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1BC5A701-38E5-4F52-B6DD-EEAC424B99A7}
2012-04-21 02:42 - 2012-04-21 02:42 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{07DF41D7-BA48-4E6A-A215-2E7D3FA9C015}
2012-04-21 02:38 - 2012-04-21 02:38 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9C2C18CB-25D5-4715-BE11-2ADEB354A785}
2012-04-21 02:36 - 2012-04-21 02:36 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8B801821-8FD0-463A-BEC3-11E873C05CCA}
2012-04-21 02:35 - 2012-04-21 02:35 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BC4A6798-5557-4111-8D16-9C86F17DB73A}
2012-04-21 02:35 - 2012-04-21 02:35 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4859190B-91F6-44C3-89F9-DF7A11ABB799}
2012-04-21 02:31 - 2012-04-21 02:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1B2554F1-EDF6-4E4D-8F91-895D5CA68295}
2012-04-20 15:31 - 2012-04-20 15:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{126C65C8-C696-46FF-B472-2399FED2E992}
2012-04-18 01:34 - 2012-04-18 01:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4A026ECE-48ED-4012-9959-9FFD905C1B13}
2012-04-15 10:04 - 2012-04-15 10:04 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{81713B8B-C3CB-45B5-8453-FDDFB1DFE973}
2012-04-15 10:04 - 2012-04-15 10:04 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{05851CEE-0B0B-4969-8D27-60D83F059319}
2012-04-15 10:02 - 2012-04-15 10:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F5C503CD-527F-4CC9-86A3-CAB8B8FCED9E}
2012-04-15 10:01 - 2012-04-15 10:01 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A21A75C9-D227-491B-BF14-EDC8FD76F44F}
2012-04-15 05:45 - 2012-04-15 05:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0323E0EA-2951-437A-BCFC-3CEE158CF804}
2012-04-15 05:45 - 2012-04-15 05:44 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0390A33C-236C-48BD-929C-A7A56690FE41}
2012-04-15 05:44 - 2012-04-15 05:44 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{09361284-3F5B-40D0-BD27-32FF132E7514}
2012-04-15 05:31 - 2012-04-15 05:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{68D06EDC-C353-4A8E-B302-1E66BD7B4D72}
2012-04-15 05:31 - 2012-04-15 05:31 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{58BB9AC2-93A8-4298-B3B2-2A3009B9D43D}
2012-04-15 04:08 - 2012-04-15 04:08 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{091C3E0A-E12E-4EFA-9D80-0288C8024802}
2012-04-14 08:00 - 2012-04-14 08:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FC554210-5EBE-42F9-83D1-158E8A0DD935}
2012-04-14 08:00 - 2012-04-14 08:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C69A453C-4B4E-45C7-A083-07647C888AF9}
2012-04-14 08:00 - 2012-04-14 08:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{8C178517-FA85-4429-A566-73DCB53BCF70}
2012-04-14 07:59 - 2012-04-14 07:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{660C10E8-806D-412C-8841-DF56C9355102}
2012-04-14 07:59 - 2012-04-14 07:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{53D141EE-CCEC-4816-9B38-1FD57346737F}
2012-04-14 07:57 - 2012-04-14 07:57 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0069A65F-E05F-491D-8E1D-48EC9B15DF0D}
2012-04-14 07:45 - 2012-04-14 07:45 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{59EF94C7-859F-4B87-BF26-2CB892D7A9AC}
2012-04-14 07:44 - 2012-04-14 07:44 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{370E00AB-9AF1-4990-8876-331F8BF6C19A}
2012-04-14 07:44 - 2012-04-14 07:44 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{102DB6FC-9496-44E6-9B09-7510011A7967}
2012-04-13 07:54 - 2012-04-13 07:54 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4A2F8294-A273-4FCE-8D29-01E8A8D91793}
2012-04-13 07:54 - 2012-04-13 07:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3CBD94CF-4CE1-4186-A324-C7EDB1132AAA}
2012-04-13 07:17 - 2012-04-13 07:16 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{53C4409B-CE61-4CFE-ACFB-34A73F0DB40D}
2012-04-12 13:18 - 2012-04-12 13:07 - 00000000 ____D C:\Program Files (x86)\WorldOfGoo
2012-04-12 13:08 - 2012-04-12 13:08 - 00000000 ____D C:\Users\All Users\2DBoy
2012-04-12 13:07 - 2012-04-12 13:07 - 00001888 ____A C:\Users\Public\Desktop\World of Goo.lnk
2012-04-07 17:51 - 2012-04-07 17:51 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{84ACE5E4-C090-447C-BE97-5B2F0E061036}
2012-04-07 17:17 - 2012-04-07 17:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{DFC5A146-2EDE-4858-AB72-F964064E2078}
2012-04-07 09:30 - 2012-04-07 09:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-04-07 01:48 - 2012-04-07 01:48 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{37F6DB64-65DB-4909-912A-B606FF98ABD7}
2012-04-05 23:53 - 2012-04-05 23:53 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{56AD1C9C-2C80-4728-8A6C-E4875E37DBB1}
2012-04-04 02:56 - 2012-06-05 12:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 01:34 - 2012-04-04 01:34 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D99DC427-A5BF-4A21-A90F-B2CC29BD7127}
2012-03-30 22:05 - 2012-05-11 05:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 05:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 05:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 05:36 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-11 05:27 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 18:56 - 2012-03-29 18:56 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{95D75008-A32C-4D54-A796-F2C29A5F668E}
2012-03-29 18:56 - 2012-03-29 18:56 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{486FAAC4-D31F-4F21-A062-940A1FF59798}
2012-03-29 04:02 - 2012-03-29 04:02 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FEADDFB4-813A-4203-8231-053DA7FDEF63}
2012-03-29 04:01 - 2012-03-29 04:01 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{007E96E5-F3DD-4EDD-ACB1-C69DB1036E67}
2012-03-29 04:00 - 2012-03-29 04:00 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1C672FEA-1347-4E69-8DF4-0E82666F456F}
2012-03-28 06:33 - 2012-03-28 06:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{E7F9ED04-BA4B-4EE9-9BD0-54DDC825CE57}
2012-03-28 06:33 - 2012-03-28 06:33 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BE41DDAD-F8A2-40DF-902C-936BAA2276FF}
2012-03-27 18:59 - 2012-03-27 18:59 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{B858AB8B-999D-4720-ACF8-19C3EF9ADA2C}
2012-03-27 03:50 - 2012-03-27 03:50 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7619A9B5-C846-4642-AEBD-27C3024F0F88}
2012-03-26 11:49 - 2012-03-26 11:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{BECB472E-FF27-4299-B712-C831F8B3B978}
2012-03-26 11:49 - 2012-03-26 11:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{1C24081A-A4A9-46D2-83A3-23BDCF46D683}
2012-03-24 04:49 - 2012-03-24 04:49 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{67B50473-2BCC-4F83-8D89-D436E43DF6CB}
2012-03-24 04:36 - 2012-03-24 04:36 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FFBD824F-206F-4E44-8E70-884536DC33C6}
2012-03-22 08:18 - 2012-03-22 08:18 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0E694CA5-BF7E-42CA-AC81-95C91D95EDE2}
2012-03-22 08:18 - 2012-03-22 08:17 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5B122B24-2A6E-4E44-BFB3-F6A51D9D6694}
2012-03-21 11:11 - 2012-03-21 11:11 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{5FE0C831-BAD2-4947-A87A-7AA428006037}
2012-03-21 11:11 - 2012-03-21 11:10 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FE971B5F-569E-4A7D-B9EB-B52DC4C3612C}
2012-03-20 12:58 - 2012-03-20 12:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FF567B62-2834-4FA4-B922-8D2C74A87DF3}
2012-03-20 12:58 - 2012-03-20 12:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{A7C52500-F410-45FB-8792-ED845A887D36}
2012-03-20 07:44 - 2012-03-20 07:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 07:44 - 2012-03-20 07:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-19 13:56 - 2012-03-19 13:55 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4063F82D-30E5-476E-A014-B579D7EFADD8}
2012-03-19 13:55 - 2012-03-19 13:55 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C8494A25-DEF0-4D55-A94D-863C5EFCC54C}
2012-03-19 02:58 - 2012-03-19 02:58 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{C4A15790-CC7C-439C-BB34-EBF5749DE473}
2012-03-18 02:23 - 2012-03-18 02:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{9045057C-9954-4838-9BC6-CC5917478AE4}
2012-03-18 02:23 - 2012-03-18 02:23 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{0443BD5A-62C2-41E7-B18B-1A3797527DBF}
2012-03-17 11:30 - 2012-03-17 11:30 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{642A1A6E-A697-4963-A66B-699110129480}
2012-03-17 11:30 - 2012-03-17 11:30 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{3ECBA564-E2F6-4C41-B450-596F3B5BCD40}
2012-03-16 23:58 - 2012-05-11 05:30 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 14:23 - 2012-03-16 14:22 - 00000000 ____D C:\Users\Ahmad\AppData\Roaming\GetRightToGo
2012-03-16 14:22 - 2012-03-16 14:13 - 00000000 ____D C:\WiFi-Tracker
2012-03-16 06:09 - 2011-08-21 03:21 - 00000000 ____D C:\Users\Ahmad\AppData\Local\Microsoft Help
2012-03-14 15:19 - 2012-03-14 15:18 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{F2AB6484-C37C-4342-9915-8BE723946EF4}
2012-03-14 15:18 - 2012-03-14 15:18 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{D2A81866-5115-46CC-9513-2CF568525FA5}
2012-03-14 15:12 - 2012-03-14 15:12 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{FAB79DA6-9CFC-4D0E-BE42-71BA66BE02FA}
2012-03-14 15:12 - 2012-03-14 15:12 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{7D8F1000-964D-4421-94D5-F0EA2CAFE1C4}
2012-03-14 15:11 - 2012-03-14 15:11 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{4D31FFCD-9426-4B8F-8757-85B225AA3352}
2012-03-14 15:11 - 2012-03-14 15:11 - 00000000 ____D C:\Users\Ahmad\AppData\Local\{2602BD84-BEBA-4C4C-9AD8-1F74EEE4A811}

ZeroAccess:
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\@
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\L
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\U
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\L\00000004.@
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\U\00000004.@
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\U\00000008.@
C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\U\000000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-05-04 08:45] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-05-04 08:45] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-05-04 08:44] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4077.86 MB
Available physical RAM: 3447.33 MB
Total Pagefile: 4076.06 MB
Available Pagefile: 3437.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (WINDOWS) (Fixed) (Total:232.34 GB) (Free:51.19 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:233.03 GB) (Free:36.92 GB) NTFS
3 Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:5.64 GB) (Free:1.39 GB) FAT32
6 Drive h: () (Removable) (Total:3.74 GB) (Free:1.44 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 5775 MB 0 B
Disk 2 Online 3836 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 399 MB 1024 KB
Partition 2 Primary 232 GB 400 MB
Partition 3 Primary 233 GB 232 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SYSTEM NTFS Partition 399 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C WINDOWS NTFS Partition 232 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 233 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 5775 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3836 MB 0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-28 11:42

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 10 June 2012 - 10:58 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 10 June 2012 - 02:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-11 00:44:02 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{38b16380-2bdc-f8b2-1260-d60c706fc0eb} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 10 June 2012 - 03:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 10 June 2012 - 05:23 PM

Combofix ran smoothly without any errors but computer was once rebooted before log creation. Windows Firewall, which wasn't working earlier, has started to work as well. Also, so far Microsoft security essential has not reported any malware detection since yesterday, which it did earlier. Overall better performance, I think. But I will be analyzing and posting about the performance constantly.

COMBO FIX LOG IS GIVEN BELOW:


ComboFix 12-06-10.01 - Ahmad 06/11/2012 2:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2565 [GMT 5:00]
Running from: c:\users\Ahmad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps.html
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\messaging.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\push.html
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Public\sdelevURL.tmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-11 01:37 . 2012-06-11 01:38 -------- d-----w- C:\FRST
2012-06-10 21:36 . 2012-06-10 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 12:59 . 2012-05-14 20:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0E69204-8005-4C11-97E4-1F1DAFF0D6B8}\mpengine.dll
2012-06-10 08:52 . 2012-05-14 20:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-09 19:00 . 2012-06-10 21:34 -------- d-----w- c:\users\Ahmad\AppData\Roaming\WildTangent
2012-06-08 12:06 . 2012-05-11 03:55 107632 ------w- c:\windows\system32\drivers\Shield.sys
2012-06-08 12:05 . 2012-06-08 12:19 -------- d-----w- c:\program files (x86)\Shield
2012-06-07 19:42 . 2012-06-07 19:42 50000 ----a-w- c:\windows\system32\drivers\qtkqcqpl.sys
2012-06-07 19:41 . 2012-06-07 19:41 50000 ----a-w- c:\windows\system32\drivers\wxghsdmu.sys
2012-06-07 16:36 . 2012-06-07 16:36 -------- d-----w- c:\program files (x86)\ESET
2012-06-06 13:00 . 2012-06-06 13:00 -------- d-----w- c:\users\Ahmad\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 12:59 . 2012-06-06 13:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-06 12:59 . 2012-06-06 12:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-05 20:40 . 2012-06-05 20:40 -------- d-----w- c:\users\Ahmad\AppData\Roaming\Malwarebytes
2012-06-05 20:40 . 2012-06-05 20:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-05 20:40 . 2012-06-05 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-05 20:40 . 2012-04-04 10:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 18:04 . 2012-06-10 21:34 -------- d-----w- c:\users\test account
2012-06-05 16:51 . 2012-02-09 08:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CBAADBB-4759-4EF8-9F6D-B335955C7AD8}\gapaengine.dll
2012-06-05 16:41 . 2012-06-05 16:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-05 16:41 . 2012-06-05 16:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-04 18:51 . 2012-06-05 12:18 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-04 17:54 . 2012-06-04 17:54 -------- d-----w- c:\users\Ahmad\AppData\Roaming\BitDefender
2012-06-04 17:53 . 2012-06-05 12:18 -------- d-----w- c:\program files\Common Files\BitDefender
2012-06-04 17:53 . 2012-06-04 18:17 -------- d-----w- c:\programdata\BitDefender
2012-06-04 17:53 . 2012-06-04 17:53 -------- d-----w- c:\program files\BitDefender
2012-06-04 17:43 . 2012-06-04 17:43 -------- d-----w- c:\program files (x86)\Common Files\BitDefender
2012-06-01 20:35 . 2010-01-05 13:04 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2012-06-01 20:35 . 2012-06-03 12:55 -------- d-----w- c:\program files (x86)\McAfee
2012-05-31 21:20 . 2012-05-31 21:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-30 19:20 . 2012-05-30 19:20 -------- d-----w- c:\users\Ahmad\AppData\Local\tango
2012-05-28 17:56 . 2012-05-28 17:56 -------- d-----w- c:\program files (x86)\Google Books Downloader
2012-05-27 21:06 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-05-27 21:06 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-05-27 21:05 . 2011-03-02 02:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-05-27 20:30 . 2012-05-27 20:30 -------- d-----w- c:\program files\SAMSUNG
2012-05-22 19:52 . 2012-06-10 21:34 -------- d-----w- c:\users\Ahmad\AppData\Roaming\vlc
2012-05-21 20:20 . 2012-05-21 20:20 -------- d-----w- c:\windows\en
2012-05-21 20:19 . 2012-05-21 20:19 -------- d-----w- c:\windows\ar
2012-05-21 20:19 . 2012-05-21 20:19 -------- d-----w- c:\windows\fr
2012-05-21 20:19 . 2012-05-21 20:19 -------- d-----w- c:\windows\tr
2012-05-21 20:15 . 2012-03-08 13:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-21 17:37 . 2012-05-21 17:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\DSETUP.dll
2012-05-21 17:37 . 2012-05-21 17:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\DXSETUP.exe
2012-05-21 17:37 . 2012-05-21 17:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\dsetup32.dll
2012-05-21 17:37 . 2012-05-21 17:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fd43ff11cd377802\MeshBetaRemover.exe
2012-05-19 19:01 . 2012-05-19 19:01 -------- d-----w- c:\program files (x86)\SopCast
2012-05-15 22:21 . 2012-05-15 23:25 -------- d-----w- c:\users\Ahmad\AppData\Roaming\DivX
2012-05-15 22:21 . 2012-05-21 17:40 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-05-15 22:20 . 2012-05-21 17:40 -------- d-----w- c:\program files\DivX
2012-05-15 22:13 . 2012-05-21 17:40 -------- d-----w- c:\program files (x86)\DivX
2012-05-15 21:49 . 2012-05-21 17:40 -------- d-----w- c:\programdata\DivX
2012-05-15 16:20 . 2012-05-15 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 16:20 . 2012-05-15 16:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 20:32 . 2012-04-28 14:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 20:32 . 2012-04-28 14:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:04 . 2012-04-24 21:09 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 17:30 . 2011-05-04 18:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-31 06:05 . 2012-05-11 13:36 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 13:36 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 13:36 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 13:36 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 13:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 15:44 . 2012-03-20 15:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 15:44 . 2012-03-20 15:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-11 13:30 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-26 955280]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-27 21416]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-29 3417496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-27 165160]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-26 3521424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\test account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-1-13 2749856]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 eevlncve;eevlncve;c:\windows\system32\drivers\eevlncve.sys [x]
R1 ltvayien;ltvayien;c:\windows\system32\drivers\ltvayien.sys [x]
R1 mbwgdadz;mbwgdadz;c:\windows\system32\drivers\mbwgdadz.sys [x]
R1 nruqthgp;nruqthgp;c:\windows\system32\drivers\nruqthgp.sys [x]
R1 zneurfta;zneurfta;c:\windows\system32\drivers\zneurfta.sys [x]
R1 zvelaryf;zvelaryf;c:\windows\system32\drivers\zvelaryf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-27 2027840]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001Core.job
- c:\users\Ahmad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 00:03]
.
2012-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001UA.job
- c:\users\Ahmad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 00:03]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 18:33]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 18:33]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001Core.job
- c:\users\Ahmad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:41]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001UA.job
- c:\users\Ahmad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ergative.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 10.0.0.20:80
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 8.8.8.8 4.2.2.4
TCP: Interfaces\{0E48238E-9059-4F85-8064-49AB379EEDA2}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pk/
FF - prefs.js: network.proxy.ftp - 10.0.0.20
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.0.0.20
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.0.0.20
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100994
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 12c9c3990000000000000aa3c4e05352
FF - user.js: extensions.BabylonToolbar_i.hardId - 12c9c3990000000000000aa3c4e05352
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-11896023.sys
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3297002415-1721246258-2725423794-1001_Classes\Wow6432Node\CLSID\{786f5c6f-c2ae-4469-a88e-6a96fdf04ba3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000051
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3297002415-1721246258-2725423794-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):60,df,99,67,c4,a1,dc,7e,d7,ca,b0,bf,1f,ba,28,8b,cd,91,0b,5f,6f,
7f,75,2f,c8,62,8d,94,3d,53,17,8e,08,cb,fd,4d,46,28,36,42,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-11 02:54:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 21:54
.
Pre-Run: 54,386,933,760 bytes free
Post-Run: 54,115,221,504 bytes free
.
- - End Of File - - 8C200966399E5768BCB010D156A5EEFE

Edited by ahmadpu, 10 June 2012 - 05:26 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 10 June 2012 - 05:28 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 11 June 2012 - 12:58 AM

TDSSkiller >> No threats were detected:

04:34:01.0306 5928 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
04:34:02.0431 5928 ============================================================
04:34:02.0431 5928 Current date / time: 2012/06/11 04:34:02.0431
04:34:02.0431 5928 SystemInfo:
04:34:02.0431 5928
04:34:02.0431 5928 OS Version: 6.1.7601 ServicePack: 1.0
04:34:02.0431 5928 Product type: Workstation
04:34:02.0431 5928 ComputerName: AHMAD-TOSH
04:34:02.0436 5928 UserName: Ahmad
04:34:02.0436 5928 Windows directory: C:\Windows
04:34:02.0436 5928 System windows directory: C:\Windows
04:34:02.0436 5928 Running under WOW64
04:34:02.0436 5928 Processor architecture: Intel x64
04:34:02.0436 5928 Number of processors: 4
04:34:02.0436 5928 Page size: 0x1000
04:34:02.0436 5928 Boot type: Normal boot
04:34:02.0436 5928 ============================================================
04:34:03.0326 5928 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:34:03.0351 5928 ============================================================
04:34:03.0351 5928 \Device\Harddisk0\DR0:
04:34:03.0351 5928 MBR partitions:
04:34:03.0351 5928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8000, BlocksNum 0x1D0AE800
04:34:03.0351 5928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D176800, BlocksNum 0x1D20F800
04:34:03.0351 5928 ============================================================
04:34:03.0376 5928 C: <-> \Device\Harddisk0\DR0\Partition0
04:34:03.0426 5928 D: <-> \Device\Harddisk0\DR0\Partition1
04:34:03.0426 5928 ============================================================
04:34:03.0426 5928 Initialize success
04:34:03.0426 5928 ============================================================
04:34:43.0617 4800 ============================================================
04:34:43.0617 4800 Scan started
04:34:43.0617 4800 Mode: Manual;
04:34:43.0617 4800 ============================================================
04:34:43.0897 4800 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
04:34:43.0902 4800 !SASCORE - ok
04:34:44.0177 4800 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:34:44.0182 4800 1394ohci - ok
04:34:44.0247 4800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:34:44.0257 4800 ACPI - ok
04:34:44.0307 4800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:34:44.0312 4800 AcpiPmi - ok
04:34:44.0437 4800 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:34:44.0437 4800 AdobeARMservice - ok
04:34:44.0517 4800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
04:34:44.0527 4800 adp94xx - ok
04:34:44.0622 4800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
04:34:44.0632 4800 adpahci - ok
04:34:44.0657 4800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
04:34:44.0662 4800 adpu320 - ok
04:34:44.0697 4800 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:34:44.0702 4800 AeLookupSvc - ok
04:34:44.0787 4800 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:34:44.0797 4800 AFD - ok
04:34:44.0867 4800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:34:44.0872 4800 agp440 - ok
04:34:44.0947 4800 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:34:44.0952 4800 ALG - ok
04:34:44.0997 4800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:34:44.0997 4800 aliide - ok
04:34:45.0007 4800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:34:45.0007 4800 amdide - ok
04:34:45.0017 4800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
04:34:45.0022 4800 AmdK8 - ok
04:34:45.0032 4800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
04:34:45.0032 4800 AmdPPM - ok
04:34:45.0092 4800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:34:45.0092 4800 amdsata - ok
04:34:45.0167 4800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
04:34:45.0172 4800 amdsbs - ok
04:34:45.0197 4800 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:34:45.0197 4800 amdxata - ok
04:34:45.0257 4800 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:34:45.0257 4800 AppID - ok
04:34:45.0287 4800 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:34:45.0292 4800 AppIDSvc - ok
04:34:45.0312 4800 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:34:45.0312 4800 Appinfo - ok
04:34:45.0392 4800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
04:34:45.0392 4800 arc - ok
04:34:45.0437 4800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
04:34:45.0442 4800 arcsas - ok
04:34:45.0497 4800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:34:45.0502 4800 AsyncMac - ok
04:34:45.0562 4800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:34:45.0562 4800 atapi - ok
04:34:45.0762 4800 athr (b2931c83cfb12a3223a47b180473ae1a) C:\Windows\system32\DRIVERS\athrx.sys
04:34:45.0817 4800 athr - ok
04:34:46.0012 4800 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:34:46.0032 4800 AudioEndpointBuilder - ok
04:34:46.0047 4800 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:34:46.0057 4800 AudioSrv - ok
04:34:46.0122 4800 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:34:46.0127 4800 AxInstSV - ok
04:34:46.0227 4800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
04:34:46.0237 4800 b06bdrv - ok
04:34:46.0307 4800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:34:46.0312 4800 b57nd60a - ok
04:34:46.0447 4800 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
04:34:46.0452 4800 BBSvc - ok
04:34:46.0477 4800 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:34:46.0482 4800 BDESVC - ok
04:34:46.0502 4800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:34:46.0502 4800 Beep - ok
04:34:46.0607 4800 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:34:46.0622 4800 BFE - ok
04:34:46.0737 4800 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:34:46.0772 4800 BITS - ok
04:34:46.0867 4800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
04:34:46.0867 4800 blbdrive - ok
04:34:47.0002 4800 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:34:47.0012 4800 Bonjour Service - ok
04:34:47.0077 4800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:34:47.0082 4800 bowser - ok
04:34:47.0097 4800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
04:34:47.0097 4800 BrFiltLo - ok
04:34:47.0122 4800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
04:34:47.0127 4800 BrFiltUp - ok
04:34:47.0187 4800 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:34:47.0192 4800 BridgeMP - ok
04:34:47.0232 4800 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:34:47.0237 4800 Browser - ok
04:34:47.0307 4800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:34:47.0317 4800 Brserid - ok
04:34:47.0367 4800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:34:47.0372 4800 BrSerWdm - ok
04:34:47.0417 4800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:34:47.0417 4800 BrUsbMdm - ok
04:34:47.0427 4800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:34:47.0432 4800 BrUsbSer - ok
04:34:47.0537 4800 BtFilter (2347abbd13bada65826fdab4caafe357) C:\Windows\system32\DRIVERS\btfilter.sys
04:34:47.0542 4800 BtFilter - ok
04:34:47.0617 4800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
04:34:47.0622 4800 BTHMODEM - ok
04:34:47.0702 4800 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:34:47.0707 4800 bthserv - ok
04:34:47.0732 4800 catchme - ok
04:34:47.0787 4800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:34:47.0787 4800 cdfs - ok
04:34:47.0852 4800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:34:47.0857 4800 cdrom - ok
04:34:47.0922 4800 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:34:47.0927 4800 CertPropSvc - ok
04:34:48.0092 4800 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
04:34:48.0097 4800 cfWiMAXService - ok
04:34:48.0157 4800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
04:34:48.0157 4800 circlass - ok
04:34:48.0242 4800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:34:48.0247 4800 CLFS - ok
04:34:48.0307 4800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:34:48.0312 4800 clr_optimization_v2.0.50727_32 - ok
04:34:48.0352 4800 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:34:48.0357 4800 clr_optimization_v2.0.50727_64 - ok
04:34:48.0427 4800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:34:48.0427 4800 clr_optimization_v4.0.30319_32 - ok
04:34:48.0462 4800 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:34:48.0467 4800 clr_optimization_v4.0.30319_64 - ok
04:34:48.0532 4800 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
04:34:48.0532 4800 clwvd - ok
04:34:48.0597 4800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
04:34:48.0597 4800 CmBatt - ok
04:34:48.0617 4800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:34:48.0622 4800 cmdide - ok
04:34:48.0717 4800 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:34:48.0732 4800 CNG - ok
04:34:48.0882 4800 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\Windows\system32\drivers\CHDRT64.sys
04:34:48.0917 4800 CnxtHdAudService - ok
04:34:49.0092 4800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
04:34:49.0092 4800 Compbatt - ok
04:34:49.0162 4800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:34:49.0162 4800 CompositeBus - ok
04:34:49.0197 4800 COMSysApp - ok
04:34:49.0342 4800 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
04:34:49.0347 4800 ConfigFree Service - ok
04:34:49.0407 4800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
04:34:49.0412 4800 crcdisk - ok
04:34:49.0492 4800 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:34:49.0497 4800 CryptSvc - ok
04:34:49.0607 4800 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:34:49.0622 4800 DcomLaunch - ok
04:34:49.0712 4800 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:34:49.0722 4800 defragsvc - ok
04:34:49.0772 4800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:34:49.0777 4800 DfsC - ok
04:34:49.0867 4800 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:34:49.0877 4800 Dhcp - ok
04:34:49.0912 4800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:34:49.0912 4800 discache - ok
04:34:50.0007 4800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
04:34:50.0007 4800 Disk - ok
04:34:50.0082 4800 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:34:50.0087 4800 Dnscache - ok
04:34:50.0117 4800 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:34:50.0127 4800 dot3svc - ok
04:34:50.0187 4800 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:34:50.0192 4800 DPS - ok
04:34:50.0247 4800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:34:50.0252 4800 drmkaud - ok
04:34:50.0317 4800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:34:50.0342 4800 DXGKrnl - ok
04:34:50.0422 4800 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:34:50.0427 4800 EapHost - ok
04:34:50.0612 4800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
04:34:50.0682 4800 ebdrv - ok
04:34:50.0807 4800 eevlncve - ok
04:34:50.0867 4800 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:34:50.0872 4800 EFS - ok
04:34:50.0952 4800 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:34:50.0967 4800 ehRecvr - ok
04:34:50.0997 4800 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:34:50.0997 4800 ehSched - ok
04:34:51.0127 4800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
04:34:51.0137 4800 elxstor - ok
04:34:51.0162 4800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:34:51.0162 4800 ErrDev - ok
04:34:51.0227 4800 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:34:51.0237 4800 EventSystem - ok
04:34:51.0327 4800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:34:51.0332 4800 exfat - ok
04:34:51.0367 4800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:34:51.0372 4800 fastfat - ok
04:34:51.0462 4800 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:34:51.0477 4800 Fax - ok
04:34:51.0497 4800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
04:34:51.0497 4800 fdc - ok
04:34:51.0527 4800 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:34:51.0527 4800 fdPHost - ok
04:34:51.0552 4800 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:34:51.0557 4800 FDResPub - ok
04:34:51.0617 4800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:34:51.0617 4800 FileInfo - ok
04:34:51.0637 4800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:34:51.0642 4800 Filetrace - ok
04:34:51.0652 4800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
04:34:51.0652 4800 flpydisk - ok
04:34:51.0677 4800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:34:51.0687 4800 FltMgr - ok
04:34:51.0772 4800 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:34:51.0797 4800 FontCache - ok
04:34:51.0857 4800 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:34:51.0862 4800 FontCache3.0.0.0 - ok
04:34:51.0907 4800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:34:51.0912 4800 FsDepends - ok
04:34:51.0952 4800 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
04:34:51.0957 4800 fssfltr - ok
04:34:52.0122 4800 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
04:34:52.0152 4800 fsssvc - ok
04:34:52.0307 4800 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
04:34:52.0312 4800 Fs_Rec - ok
04:34:52.0382 4800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:34:52.0387 4800 fvevol - ok
04:34:52.0452 4800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
04:34:52.0457 4800 gagp30kx - ok
04:34:52.0612 4800 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
04:34:52.0621 4800 GamesAppService - ok
04:34:52.0705 4800 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:34:52.0707 4800 GEARAspiWDM - ok
04:34:52.0777 4800 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:34:52.0799 4800 gpsvc - ok
04:34:52.0948 4800 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:34:52.0953 4800 gupdate - ok
04:34:52.0988 4800 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:34:52.0988 4800 gupdatem - ok
04:34:53.0073 4800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:34:53.0073 4800 hcw85cir - ok
04:34:53.0153 4800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:34:53.0163 4800 HdAudAddService - ok
04:34:53.0193 4800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:34:53.0198 4800 HDAudBus - ok
04:34:53.0223 4800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
04:34:53.0223 4800 HidBatt - ok
04:34:53.0243 4800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
04:34:53.0248 4800 HidBth - ok
04:34:53.0298 4800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
04:34:53.0303 4800 HidIr - ok
04:34:53.0323 4800 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:34:53.0328 4800 hidserv - ok
04:34:53.0408 4800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:34:53.0408 4800 HidUsb - ok
04:34:53.0443 4800 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:34:53.0448 4800 hkmsvc - ok
04:34:53.0473 4800 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:34:53.0483 4800 HomeGroupListener - ok
04:34:53.0523 4800 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:34:53.0528 4800 HomeGroupProvider - ok
04:34:53.0548 4800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:34:53.0553 4800 HpSAMD - ok
04:34:53.0653 4800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:34:53.0673 4800 HTTP - ok
04:34:53.0718 4800 hwdatacard - ok
04:34:53.0763 4800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:34:53.0763 4800 hwpolicy - ok
04:34:53.0863 4800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:34:53.0868 4800 i8042prt - ok
04:34:53.0913 4800 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
04:34:53.0923 4800 iaStor - ok
04:34:54.0018 4800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:34:54.0028 4800 iaStorV - ok
04:34:54.0143 4800 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
04:34:54.0148 4800 IDMWFP - ok
04:34:54.0258 4800 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:34:54.0278 4800 idsvc - ok
04:34:54.0338 4800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
04:34:54.0338 4800 iirsp - ok
04:34:54.0458 4800 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:34:54.0608 4800 IKEEXT - ok
04:34:54.0633 4800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:34:54.0638 4800 intelide - ok
04:34:54.0783 4800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:34:54.0788 4800 intelppm - ok
04:34:54.0823 4800 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:34:54.0828 4800 IPBusEnum - ok
04:34:54.0888 4800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:34:54.0893 4800 IpFilterDriver - ok
04:34:55.0003 4800 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:34:55.0028 4800 iphlpsvc - ok
04:34:55.0053 4800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:34:55.0058 4800 IPMIDRV - ok
04:34:55.0123 4800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:34:55.0128 4800 IPNAT - ok
04:34:55.0273 4800 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
04:34:55.0298 4800 iPod Service - ok
04:34:55.0348 4800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:34:55.0348 4800 IRENUM - ok
04:34:55.0423 4800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:34:55.0423 4800 isapnp - ok
04:34:55.0463 4800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:34:55.0483 4800 iScsiPrt - ok
04:34:55.0528 4800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:34:55.0533 4800 kbdclass - ok
04:34:55.0563 4800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
04:34:55.0563 4800 kbdhid - ok
04:34:55.0618 4800 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:34:55.0623 4800 KeyIso - ok
04:34:55.0638 4800 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:34:55.0663 4800 KSecDD - ok
04:34:55.0703 4800 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:34:55.0708 4800 KSecPkg - ok
04:34:55.0743 4800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:34:55.0748 4800 ksthunk - ok
04:34:55.0833 4800 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:34:55.0848 4800 KtmRm - ok
04:34:55.0883 4800 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
04:34:55.0888 4800 L1C - ok
04:34:55.0978 4800 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:34:55.0983 4800 LanmanServer - ok
04:34:56.0013 4800 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:34:56.0018 4800 LanmanWorkstation - ok
04:34:56.0088 4800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:34:56.0093 4800 lltdio - ok
04:34:56.0183 4800 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:34:56.0193 4800 lltdsvc - ok
04:34:56.0213 4800 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:34:56.0218 4800 lmhosts - ok
04:34:56.0378 4800 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
04:34:56.0383 4800 LMS - ok
04:34:56.0453 4800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
04:34:56.0458 4800 LSI_FC - ok
04:34:56.0493 4800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
04:34:56.0498 4800 LSI_SAS - ok
04:34:56.0513 4800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
04:34:56.0513 4800 LSI_SAS2 - ok
04:34:56.0548 4800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
04:34:56.0548 4800 LSI_SCSI - ok
04:34:56.0583 4800 ltvayien - ok
04:34:56.0618 4800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:34:56.0623 4800 luafv - ok
04:34:56.0668 4800 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
04:34:56.0673 4800 MBAMProtector - ok
04:34:56.0738 4800 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:34:56.0753 4800 MBAMService - ok
04:34:56.0808 4800 mbwgdadz - ok
04:34:56.0883 4800 McAfee SiteAdvisor Service - ok
04:34:56.0923 4800 mcmscsvc - ok
04:34:56.0938 4800 McNaiAnn - ok
04:34:56.0953 4800 McNASvc - ok
04:34:56.0958 4800 McODS - ok
04:34:57.0003 4800 McProxy - ok
04:34:57.0063 4800 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:34:57.0068 4800 Mcx2Svc - ok
04:34:57.0098 4800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
04:34:57.0103 4800 megasas - ok
04:34:57.0163 4800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
04:34:57.0168 4800 MegaSR - ok
04:34:57.0248 4800 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
04:34:57.0253 4800 MEIx64 - ok
04:34:57.0288 4800 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:34:57.0293 4800 MMCSS - ok
04:34:57.0318 4800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:34:57.0323 4800 Modem - ok
04:34:57.0393 4800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:34:57.0393 4800 monitor - ok
04:34:57.0468 4800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:34:57.0473 4800 mouclass - ok
04:34:57.0533 4800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:34:57.0538 4800 mouhid - ok
04:34:57.0618 4800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:34:57.0623 4800 mountmgr - ok
04:34:57.0723 4800 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:34:57.0723 4800 MozillaMaintenance - ok
04:34:57.0838 4800 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
04:34:57.0843 4800 MpFilter - ok
04:34:57.0888 4800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:34:57.0893 4800 mpio - ok
04:34:57.0923 4800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:34:57.0928 4800 mpsdrv - ok
04:34:58.0028 4800 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
04:34:58.0053 4800 MpsSvc - ok
04:34:58.0083 4800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:34:58.0088 4800 MRxDAV - ok
04:34:58.0123 4800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:34:58.0128 4800 mrxsmb - ok
04:34:58.0163 4800 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:34:58.0173 4800 mrxsmb10 - ok
04:34:58.0193 4800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:34:58.0198 4800 mrxsmb20 - ok
04:34:58.0223 4800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
04:34:58.0223 4800 msahci - ok
04:34:58.0248 4800 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:34:58.0253 4800 msdsm - ok
04:34:58.0293 4800 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:34:58.0298 4800 MSDTC - ok
04:34:58.0318 4800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:34:58.0323 4800 Msfs - ok
04:34:58.0368 4800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:34:58.0373 4800 mshidkmdf - ok
04:34:58.0378 4800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:34:58.0383 4800 msisadrv - ok
04:34:58.0423 4800 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:34:58.0433 4800 MSiSCSI - ok
04:34:58.0438 4800 msiserver - ok
04:34:58.0518 4800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:34:58.0518 4800 MSKSSRV - ok
04:34:58.0638 4800 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
04:34:58.0643 4800 MsMpSvc - ok
04:34:58.0693 4800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:34:58.0698 4800 MSPCLOCK - ok
04:34:58.0728 4800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:34:58.0733 4800 MSPQM - ok
04:34:58.0768 4800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:34:58.0778 4800 MsRPC - ok
04:34:58.0798 4800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:34:58.0798 4800 mssmbios - ok
04:34:58.0808 4800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:34:58.0813 4800 MSTEE - ok
04:34:58.0838 4800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
04:34:58.0838 4800 MTConfig - ok
04:34:58.0863 4800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:34:58.0863 4800 Mup - ok
04:34:58.0908 4800 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:34:58.0923 4800 napagent - ok
04:34:59.0028 4800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:34:59.0038 4800 NativeWifiP - ok
04:34:59.0178 4800 NAUpdate (7f79da9e719d0774bdbc3622abd3afd9) c:\Program Files (x86)\Nero\Update\NASvc.exe
04:34:59.0193 4800 NAUpdate - ok
04:34:59.0313 4800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:34:59.0333 4800 NDIS - ok
04:34:59.0388 4800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:34:59.0388 4800 NdisCap - ok
04:34:59.0453 4800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:34:59.0458 4800 NdisTapi - ok
04:34:59.0523 4800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:34:59.0523 4800 Ndisuio - ok
04:34:59.0548 4800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:34:59.0553 4800 NdisWan - ok
04:34:59.0608 4800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:34:59.0613 4800 NDProxy - ok
04:34:59.0668 4800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:34:59.0673 4800 NetBIOS - ok
04:34:59.0718 4800 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:34:59.0728 4800 NetBT - ok
04:34:59.0788 4800 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:34:59.0788 4800 Netlogon - ok
04:34:59.0838 4800 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:34:59.0848 4800 Netman - ok
04:34:59.0888 4800 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:34:59.0903 4800 netprofm - ok
04:34:59.0983 4800 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:34:59.0988 4800 NetTcpPortSharing - ok
04:35:00.0058 4800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
04:35:00.0058 4800 nfrd960 - ok
04:35:00.0168 4800 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:35:00.0173 4800 NisDrv - ok
04:35:00.0273 4800 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
04:35:00.0283 4800 NisSrv - ok
04:35:00.0378 4800 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:35:00.0383 4800 NlaSvc - ok
04:35:00.0458 4800 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
04:35:00.0493 4800 nmwcd - ok
04:35:00.0523 4800 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
04:35:00.0528 4800 nmwcdc - ok
04:35:00.0553 4800 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
04:35:00.0553 4800 nmwcdnsucx64 - ok
04:35:00.0583 4800 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
04:35:00.0588 4800 nmwcdnsux64 - ok
04:35:00.0603 4800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:35:00.0608 4800 Npfs - ok
04:35:00.0638 4800 nruqthgp - ok
04:35:00.0698 4800 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:35:00.0698 4800 nsi - ok
04:35:00.0728 4800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:35:00.0733 4800 nsiproxy - ok
04:35:00.0863 4800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:35:00.0913 4800 Ntfs - ok
04:35:01.0058 4800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:35:01.0058 4800 Null - ok
04:35:01.0148 4800 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
04:35:01.0153 4800 nusb3hub - ok
04:35:01.0183 4800 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
04:35:01.0188 4800 nusb3xhc - ok
04:35:01.0273 4800 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
04:35:01.0278 4800 NVHDA - ok
04:35:02.0158 4800 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:35:02.0593 4800 nvlddmkm - ok
04:35:02.0763 4800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:35:02.0768 4800 nvraid - ok
04:35:02.0838 4800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:35:02.0843 4800 nvstor - ok
04:35:03.0003 4800 NVSvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
04:35:03.0028 4800 NVSvc - ok
04:35:03.0118 4800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:35:03.0123 4800 nv_agp - ok
04:35:03.0278 4800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:35:03.0288 4800 odserv - ok
04:35:03.0323 4800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:35:03.0323 4800 ohci1394 - ok
04:35:03.0418 4800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:35:03.0423 4800 ose - ok
04:35:03.0478 4800 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:35:03.0488 4800 p2pimsvc - ok
04:35:03.0548 4800 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:35:03.0563 4800 p2psvc - ok
04:35:03.0598 4800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
04:35:03.0603 4800 Parport - ok
04:35:03.0658 4800 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
04:35:03.0663 4800 partmgr - ok
04:35:03.0713 4800 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:35:03.0718 4800 PcaSvc - ok
04:35:03.0778 4800 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
04:35:03.0783 4800 pccsmcfd - ok
04:35:03.0818 4800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:35:03.0823 4800 pci - ok
04:35:03.0833 4800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
04:35:03.0838 4800 pciide - ok
04:35:03.0878 4800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
04:35:03.0883 4800 pcmcia - ok
04:35:03.0893 4800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:35:03.0898 4800 pcw - ok
04:35:03.0953 4800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:35:03.0968 4800 PEAUTH - ok
04:35:04.0033 4800 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:35:04.0038 4800 PerfHost - ok
04:35:04.0123 4800 PGEffect (91111cebbde8015e822c46120ed9537c) C:\Windows\system32\DRIVERS\pgeffect.sys
04:35:04.0123 4800 PGEffect - ok
04:35:04.0228 4800 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:35:04.0263 4800 pla - ok
04:35:04.0348 4800 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:35:04.0358 4800 PlugPlay - ok
04:35:04.0388 4800 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:35:04.0393 4800 PNRPAutoReg - ok
04:35:04.0433 4800 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:35:04.0438 4800 PNRPsvc - ok
04:35:04.0503 4800 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:35:04.0518 4800 PolicyAgent - ok
04:35:04.0563 4800 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:35:04.0568 4800 Power - ok
04:35:04.0663 4800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:35:04.0668 4800 PptpMiniport - ok
04:35:04.0693 4800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
04:35:04.0698 4800 Processor - ok
04:35:04.0743 4800 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:35:04.0753 4800 ProfSvc - ok
04:35:04.0808 4800 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:35:04.0813 4800 ProtectedStorage - ok
04:35:04.0863 4800 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:35:04.0868 4800 Psched - ok
04:35:04.0933 4800 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\Windows\system32\drivers\QIOMem.sys
04:35:04.0933 4800 QIOMem - ok
04:35:05.0053 4800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
04:35:05.0088 4800 ql2300 - ok
04:35:05.0213 4800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
04:35:05.0218 4800 ql40xx - ok
04:35:05.0258 4800 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:35:05.0273 4800 QWAVE - ok
04:35:05.0293 4800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:35:05.0298 4800 QWAVEdrv - ok
04:35:05.0308 4800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:35:05.0313 4800 RasAcd - ok
04:35:05.0388 4800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:35:05.0393 4800 RasAgileVpn - ok
04:35:05.0413 4800 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:35:05.0418 4800 RasAuto - ok
04:35:05.0448 4800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:35:05.0453 4800 Rasl2tp - ok
04:35:05.0528 4800 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:35:05.0538 4800 RasMan - ok
04:35:05.0558 4800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:35:05.0558 4800 RasPppoe - ok
04:35:05.0588 4800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:35:05.0588 4800 RasSstp - ok
04:35:05.0628 4800 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:35:05.0633 4800 rdbss - ok
04:35:05.0663 4800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
04:35:05.0663 4800 rdpbus - ok
04:35:05.0713 4800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:35:05.0718 4800 RDPCDD - ok
04:35:05.0728 4800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:35:05.0733 4800 RDPENCDD - ok
04:35:05.0753 4800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:35:05.0753 4800 RDPREFMP - ok
04:35:05.0808 4800 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:35:05.0813 4800 RDPWD - ok
04:35:05.0878 4800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:35:05.0883 4800 rdyboost - ok
04:35:05.0963 4800 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:35:05.0968 4800 RemoteAccess - ok
04:35:06.0013 4800 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:35:06.0018 4800 RemoteRegistry - ok
04:35:06.0088 4800 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
04:35:06.0088 4800 ROOTMODEM - ok
04:35:06.0113 4800 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:35:06.0123 4800 RpcEptMapper - ok
04:35:06.0138 4800 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:35:06.0143 4800 RpcLocator - ok
04:35:06.0188 4800 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:35:06.0198 4800 RpcSs - ok
04:35:06.0263 4800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:35:06.0263 4800 rspndr - ok
04:35:06.0383 4800 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
04:35:06.0393 4800 RSUSBSTOR - ok
04:35:06.0458 4800 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\Windows\system32\Drivers\RTSUVSTOR.sys
04:35:06.0468 4800 RSUSBVSTOR - ok
04:35:06.0518 4800 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:35:06.0523 4800 SamSs - ok
04:35:06.0653 4800 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
04:35:06.0653 4800 SASDIFSV - ok
04:35:06.0678 4800 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
04:35:06.0678 4800 SASKUTIL - ok
04:35:06.0698 4800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:35:06.0703 4800 sbp2port - ok
04:35:06.0733 4800 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:35:06.0743 4800 SCardSvr - ok
04:35:06.0778 4800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:35:06.0783 4800 scfilter - ok
04:35:06.0863 4800 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:35:06.0893 4800 Schedule - ok
04:35:06.0933 4800 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:35:06.0938 4800 SCPolicySvc - ok
04:35:06.0968 4800 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:35:06.0978 4800 SDRSVC - ok
04:35:07.0103 4800 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
04:35:07.0108 4800 SeaPort - ok
04:35:07.0203 4800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:35:07.0203 4800 secdrv - ok
04:35:07.0238 4800 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:35:07.0243 4800 seclogon - ok
04:35:07.0258 4800 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:35:07.0268 4800 SENS - ok
04:35:07.0318 4800 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:35:07.0323 4800 SensrSvc - ok
04:35:07.0343 4800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
04:35:07.0343 4800 Serenum - ok
04:35:07.0363 4800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
04:35:07.0368 4800 Serial - ok
04:35:07.0388 4800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
04:35:07.0388 4800 sermouse - ok
04:35:07.0428 4800 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:35:07.0433 4800 SessionEnv - ok
04:35:07.0468 4800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:35:07.0473 4800 sffdisk - ok
04:35:07.0488 4800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:35:07.0488 4800 sffp_mmc - ok
04:35:07.0508 4800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:35:07.0508 4800 sffp_sd - ok
04:35:07.0533 4800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
04:35:07.0533 4800 sfloppy - ok
04:35:07.0633 4800 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:35:07.0643 4800 SharedAccess - ok
04:35:07.0688 4800 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:35:07.0703 4800 ShellHWDetection - ok
04:35:07.0763 4800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
04:35:07.0768 4800 SiSRaid2 - ok
04:35:07.0783 4800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
04:35:07.0788 4800 SiSRaid4 - ok
04:35:07.0948 4800 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
04:35:07.0953 4800 SkypeUpdate - ok
04:35:08.0023 4800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:35:08.0028 4800 Smb - ok
04:35:08.0113 4800 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:35:08.0118 4800 SNMPTRAP - ok
04:35:08.0138 4800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:35:08.0138 4800 spldr - ok
04:35:08.0178 4800 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:35:08.0193 4800 Spooler - ok
04:35:08.0403 4800 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:35:08.0478 4800 sppsvc - ok
04:35:08.0588 4800 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:35:08.0593 4800 sppuinotify - ok
04:35:08.0653 4800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:35:08.0663 4800 srv - ok
04:35:08.0693 4800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:35:08.0703 4800 srv2 - ok
04:35:08.0723 4800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:35:08.0728 4800 srvnet - ok
04:35:08.0808 4800 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:35:08.0813 4800 SSDPSRV - ok
04:35:08.0838 4800 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:35:08.0843 4800 SstpSvc - ok
04:35:08.0983 4800 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
04:35:08.0993 4800 Stereo Service - ok
04:35:09.0023 4800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
04:35:09.0028 4800 stexstor - ok
04:35:09.0133 4800 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:35:09.0153 4800 stisvc - ok
04:35:09.0178 4800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:35:09.0178 4800 swenum - ok
04:35:09.0238 4800 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:35:09.0253 4800 swprv - ok
04:35:09.0528 4800 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
04:35:09.0563 4800 SynTP - ok
04:35:09.0753 4800 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:35:09.0798 4800 SysMain - ok
04:35:09.0898 4800 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:35:09.0908 4800 TabletInputService - ok
04:35:09.0953 4800 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:35:09.0963 4800 TapiSrv - ok
04:35:10.0013 4800 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:35:10.0018 4800 TBS - ok
04:35:10.0183 4800 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
04:35:10.0223 4800 Tcpip - ok
04:35:10.0498 4800 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
04:35:10.0528 4800 TCPIP6 - ok
04:35:10.0643 4800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:35:10.0648 4800 tcpipreg - ok
04:35:10.0693 4800 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
04:35:10.0693 4800 tdcmdpst - ok
04:35:10.0718 4800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:35:10.0723 4800 TDPIPE - ok
04:35:10.0763 4800 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:35:10.0763 4800 TDTCP - ok
04:35:10.0788 4800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:35:10.0793 4800 tdx - ok
04:35:10.0918 4800 TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
04:35:10.0993 4800 TemproMonitoringService - ok
04:35:11.0053 4800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:35:11.0058 4800 TermDD - ok
04:35:11.0128 4800 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:35:11.0148 4800 TermService - ok
04:35:11.0168 4800 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:35:11.0173 4800 Themes - ok
04:35:11.0213 4800 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:35:11.0213 4800 THREADORDER - ok
04:35:11.0338 4800 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
04:35:11.0338 4800 TMachInfo - ok
04:35:11.0373 4800 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
04:35:11.0383 4800 TODDSrv - ok
04:35:11.0538 4800 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
04:35:11.0553 4800 TosCoSrv - ok
04:35:11.0638 4800 TOSHIBA Bluetooth Service (8f099be5db17d025e19652851399b9f1) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
04:35:11.0643 4800 TOSHIBA Bluetooth Service - ok
04:35:11.0728 4800 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
04:35:11.0738 4800 TOSHIBA eco Utility Service - ok
04:35:11.0793 4800 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
04:35:11.0798 4800 TOSHIBA HDD SSD Alert Service - ok
04:35:11.0888 4800 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
04:35:11.0888 4800 tosporte - ok
04:35:11.0928 4800 tosrfbd (d15cfd7de375b33042cf1f6e34dee198) C:\Windows\system32\DRIVERS\tosrfbd.sys
04:35:11.0933 4800 tosrfbd - ok
04:35:11.0958 4800 tosrfbnp (90f0b1745abf13f44c2a6ed79f7ce9fb) C:\Windows\system32\Drivers\tosrfbnp.sys
04:35:11.0963 4800 tosrfbnp - ok
04:35:11.0988 4800 Tosrfcom (9e4e65ea51e34647340bd6007467ac54) C:\Windows\system32\Drivers\tosrfcom.sys
04:35:11.0993 4800 Tosrfcom - ok
04:35:12.0068 4800 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\Windows\system32\DRIVERS\tosrfec.sys
04:35:12.0068 4800 tosrfec - ok
04:35:12.0128 4800 Tosrfhid (7d2467d3eb9baa4b69ae4a28c83de57a) C:\Windows\system32\DRIVERS\Tosrfhid.sys
04:35:12.0128 4800 Tosrfhid - ok
04:35:12.0153 4800 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys
04:35:12.0158 4800 tosrfnds - ok
04:35:12.0168 4800 TosRfSnd (7052b10e54b48af12bd5606596a8e039) C:\Windows\system32\drivers\tosrfsnd.sys
04:35:12.0168 4800 TosRfSnd - ok
04:35:12.0188 4800 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\Windows\system32\DRIVERS\tosrfusb.sys
04:35:12.0193 4800 Tosrfusb - ok
04:35:12.0278 4800 TPCHSrv (d65c6b0c070534336b72005391b6168a) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
04:35:12.0283 4800 TPCHSrv - ok
04:35:12.0308 4800 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:35:12.0313 4800 TrkWks - ok
04:35:12.0378 4800 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:35:12.0378 4800 TrustedInstaller - ok
04:35:12.0403 4800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:35:12.0403 4800 tssecsrv - ok
04:35:12.0463 4800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:35:12.0463 4800 TsUsbFlt - ok
04:35:12.0478 4800 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
04:35:12.0483 4800 TsUsbGD - ok
04:35:12.0698 4800 TuneUp.UtilitiesSvc (ab2c1366a60dd123d0f6ed5f279e8a9a) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
04:35:12.0708 4800 TuneUp.UtilitiesSvc - ok
04:35:12.0818 4800 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
04:35:12.0818 4800 TuneUpUtilitiesDrv - ok
04:35:13.0003 4800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:35:13.0008 4800 tunnel - ok
04:35:13.0073 4800 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
04:35:13.0078 4800 TVALZ - ok
04:35:13.0123 4800 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
04:35:13.0123 4800 TVALZFL - ok
04:35:13.0143 4800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
04:35:13.0143 4800 uagp35 - ok
04:35:13.0163 4800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:35:13.0168 4800 udfs - ok
04:35:13.0198 4800 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:35:13.0203 4800 UI0Detect - ok
04:35:13.0233 4800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:35:13.0233 4800 uliagpkx - ok
04:35:13.0288 4800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
04:35:13.0288 4800 umbus - ok
04:35:13.0318 4800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
04:35:13.0323 4800 UmPass - ok
04:35:13.0533 4800 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
04:35:13.0548 4800 UNS - ok
04:35:13.0653 4800 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:35:13.0658 4800 upnphost - ok
04:35:13.0728 4800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:35:13.0728 4800 usbccgp - ok
04:35:13.0793 4800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:35:13.0798 4800 usbcir - ok
04:35:13.0813 4800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
04:35:13.0818 4800 usbehci - ok
04:35:13.0888 4800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:35:13.0893 4800 usbhub - ok
04:35:13.0908 4800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:35:13.0913 4800 usbohci - ok
04:35:13.0923 4800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
04:35:13.0923 4800 usbprint - ok
04:35:13.0963 4800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:35:13.0973 4800 USBSTOR - ok
04:35:14.0023 4800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:35:14.0023 4800 usbuhci - ok
04:35:14.0093 4800 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
04:35:14.0093 4800 usbvideo - ok
04:35:14.0123 4800 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:35:14.0123 4800 UxSms - ok
04:35:14.0208 4800 UxTuneUp (496c90bf5916cf5a26c6688db304ebdf) C:\Windows\System32\uxtuneup.dll
04:35:14.0208 4800 UxTuneUp - ok
04:35:14.0253 4800 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:35:14.0253 4800 VaultSvc - ok
04:35:14.0308 4800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:35:14.0308 4800 vdrvroot - ok
04:35:14.0353 4800 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:35:14.0363 4800 vds - ok
04:35:14.0388 4800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:35:14.0393 4800 vga - ok
04:35:14.0403 4800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:35:14.0403 4800 VgaSave - ok
04:35:14.0428 4800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:35:14.0428 4800 vhdmp - ok
04:35:14.0448 4800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:35:14.0448 4800 viaide - ok
04:35:14.0498 4800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:35:14.0503 4800 volmgr - ok
04:35:14.0518 4800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:35:14.0523 4800 volmgrx - ok
04:35:14.0563 4800 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
04:35:14.0568 4800 volsnap - ok
04:35:14.0638 4800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
04:35:14.0638 4800 vsmraid - ok
04:35:14.0738 4800 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:35:14.0753 4800 VSS - ok
04:35:14.0858 4800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:35:14.0858 4800 vwifibus - ok
04:35:14.0918 4800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:35:14.0918 4800 vwififlt - ok
04:35:14.0978 4800 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
04:35:14.0978 4800 vwifimp - ok
04:35:15.0058 4800 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:35:15.0063 4800 W32Time - ok
04:35:15.0083 4800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
04:35:15.0083 4800 WacomPen - ok
04:35:15.0148 4800 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:35:15.0148 4800 WANARP - ok
04:35:15.0153 4800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:35:15.0153 4800 Wanarpv6 - ok
04:35:15.0313 4800 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:35:15.0328 4800 WatAdminSvc - ok
04:35:15.0413 4800 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:35:15.0433 4800 wbengine - ok
04:35:15.0583 4800 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:35:15.0588 4800 WbioSrvc - ok
04:35:15.0613 4800 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:35:15.0618 4800 wcncsvc - ok
04:35:15.0633 4800 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:35:15.0638 4800 WcsPlugInService - ok
04:35:15.0673 4800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
04:35:15.0673 4800 Wd - ok
04:35:15.0708 4800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:35:15.0718 4800 Wdf01000 - ok
04:35:15.0733 4800 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:35:15.0733 4800 WdiServiceHost - ok
04:35:15.0738 4800 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:35:15.0743 4800 WdiSystemHost - ok
04:35:15.0773 4800 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:35:15.0778 4800 WebClient - ok
04:35:15.0798 4800 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:35:15.0803 4800 Wecsvc - ok
04:35:15.0823 4800 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:35:15.0828 4800 wercplsupport - ok
04:35:15.0893 4800 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:35:15.0893 4800 WerSvc - ok
04:35:15.0968 4800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:35:15.0973 4800 WfpLwf - ok
04:35:15.0988 4800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:35:15.0988 4800 WIMMount - ok
04:35:16.0068 4800 WinDefend - ok
04:35:16.0093 4800 WinHttpAutoProxySvc - ok
04:35:16.0143 4800 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:35:16.0148 4800 Winmgmt - ok
04:35:16.0243 4800 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:35:16.0268 4800 WinRM - ok
04:35:16.0463 4800 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
04:35:16.0463 4800 WinUsb - ok
04:35:16.0523 4800 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:35:16.0533 4800 Wlansvc - ok
04:35:16.0638 4800 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:35:16.0638 4800 wlcrasvc - ok
04:35:16.0778 4800 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:35:16.0803 4800 wlidsvc - ok
04:35:16.0913 4800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:35:16.0913 4800 WmiAcpi - ok
04:35:16.0978 4800 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:35:16.0983 4800 wmiApSrv - ok
04:35:17.0068 4800 WMPNetworkSvc - ok
04:35:17.0108 4800 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:35:17.0108 4800 WPCSvc - ok
04:35:17.0148 4800 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:35:17.0148 4800 WPDBusEnum - ok
04:35:17.0203 4800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:35:17.0203 4800 ws2ifsl - ok
04:35:17.0253 4800 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:35:17.0258 4800 wscsvc - ok
04:35:17.0263 4800 WSearch - ok
04:35:17.0368 4800 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:35:17.0393 4800 wuauserv - ok
04:35:17.0508 4800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:35:17.0508 4800 WudfPf - ok
04:35:17.0553 4800 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:35:17.0553 4800 WUDFRd - ok
04:35:17.0583 4800 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:35:17.0588 4800 wudfsvc - ok
04:35:17.0613 4800 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:35:17.0618 4800 WwanSvc - ok
04:35:17.0653 4800 zneurfta - ok
04:35:17.0658 4800 zvelaryf - ok
04:35:17.0698 4800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:35:18.0003 4800 \Device\Harddisk0\DR0 - ok
04:35:18.0018 4800 Boot (0x1200) (4368ac3a65aedc00b5a3292ef15b5add) \Device\Harddisk0\DR0\Partition0
04:35:18.0018 4800 \Device\Harddisk0\DR0\Partition0 - ok
04:35:18.0048 4800 Boot (0x1200) (0cd5336a784b1730883b78f893fccffd) \Device\Harddisk0\DR0\Partition1
04:35:18.0048 4800 \Device\Harddisk0\DR0\Partition1 - ok
04:35:18.0048 4800 ============================================================
04:35:18.0048 4800 Scan finished
04:35:18.0048 4800 ============================================================
04:35:18.0063 1224 Detected object count: 0
04:35:18.0063 1224 Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 04:46:36
-----------------------------
04:46:36.663 OS Version: Windows x64 6.1.7601 Service Pack 1
04:46:36.663 Number of processors: 4 586 0x2A07
04:46:36.663 ComputerName: AHMAD-TOSH UserName: Ahmad
04:46:37.603 Initialize success
04:51:06.043 AVAST engine defs: 12061001
04:51:34.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:51:34.546 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
04:51:34.556 Disk 0 MBR read successfully
04:51:34.566 Disk 0 MBR scan
04:51:34.571 Disk 0 Windows 7 default MBR code
04:51:34.591 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 399 MB offset 2048
04:51:34.646 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237917 MB offset 819200
04:51:34.696 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238623 MB offset 488073216
04:51:34.776 Disk 0 scanning C:\Windows\system32\drivers
04:51:48.024 Service scanning
04:52:27.284 Modules scanning
04:52:27.299 Disk 0 trace - called modules:
04:52:27.339 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:52:27.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006916060]
04:52:27.349 3 CLASSPNP.SYS[fffff88001b9343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e14050]
04:52:28.004 AVAST engine scan C:\Windows
04:52:35.229 AVAST engine scan C:\Windows\system32
04:56:31.372 AVAST engine scan C:\Windows\system32\drivers
04:56:45.752 AVAST engine scan C:\Users\Ahmad
05:18:33.755 AVAST engine scan C:\ProgramData
05:25:52.099 Scan finished successfully
10:52:17.435 Disk 0 MBR has been saved successfully to "C:\Users\Ahmad\Desktop\MBR.dat"
10:52:17.529 The log file has been saved successfully to "C:\Users\Ahmad\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 11 June 2012 - 08:36 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100994
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 12c9c3990000000000000aa3c4e05352
FF - user.js: extensions.BabylonToolbar_i.hardId - 12c9c3990000000000000aa3c4e05352
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Driver::
eevlncve
ltvayien
mbwgdadz
nruqthgp
zneurfta
zvelaryf

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 11 June 2012 - 11:29 AM

ComboFix 12-06-10.01 - Ahmad 06/11/2012 21:03:33.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2642 [GMT 5:00]
Running from: c:\users\Ahmad\Desktop\ComboFix.exe
Command switches used :: c:\users\Ahmad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_eevlncve
-------\Service_ltvayien
-------\Service_mbwgdadz
-------\Service_nruqthgp
-------\Service_zneurfta
-------\Service_zvelaryf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 16:11 . 2012-06-11 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 14:25 . 2012-06-11 14:25 -------- d-----w- c:\program files (x86)\MapsGalaxy_39
2012-06-11 01:37 . 2012-06-11 01:38 -------- d-----w- C:\FRST
2012-06-09 19:00 . 2012-06-10 21:34 -------- d-----w- c:\users\Ahmad\AppData\Roaming\WildTangent
2012-06-08 12:06 . 2012-05-11 03:55 107632 ------w- c:\windows\system32\drivers\Shield.sys
2012-06-08 12:05 . 2012-06-08 12:19 -------- d-----w- c:\program files (x86)\Shield
2012-06-07 19:42 . 2012-06-07 19:42 50000 ----a-w- c:\windows\system32\drivers\qtkqcqpl.sys
2012-06-07 19:41 . 2012-06-07 19:41 50000 ----a-w- c:\windows\system32\drivers\wxghsdmu.sys
2012-06-07 16:36 . 2012-06-07 16:36 -------- d-----w- c:\program files (x86)\ESET
2012-06-06 13:00 . 2012-06-06 13:00 -------- d-----w- c:\users\Ahmad\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 12:59 . 2012-06-06 13:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-06 12:59 . 2012-06-06 12:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-05 20:40 . 2012-06-05 20:40 -------- d-----w- c:\users\Ahmad\AppData\Roaming\Malwarebytes
2012-06-05 20:40 . 2012-06-05 20:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-05 20:40 . 2012-06-05 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-05 20:40 . 2012-04-04 10:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 18:04 . 2012-06-10 21:34 -------- d-----w- c:\users\test account
2012-06-05 16:41 . 2012-06-05 16:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-05 16:41 . 2012-06-05 16:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-04 18:51 . 2012-06-05 12:18 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-04 17:54 . 2012-06-04 17:54 -------- d-----w- c:\users\Ahmad\AppData\Roaming\BitDefender
2012-06-04 17:53 . 2012-06-05 12:18 -------- d-----w- c:\program files\Common Files\BitDefender
2012-06-04 17:53 . 2012-06-04 18:17 -------- d-----w- c:\programdata\BitDefender
2012-06-04 17:53 . 2012-06-04 17:53 -------- d-----w- c:\program files\BitDefender
2012-06-04 17:43 . 2012-06-04 17:43 -------- d-----w- c:\program files (x86)\Common Files\BitDefender
2012-06-01 20:35 . 2010-01-05 13:04 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2012-06-01 20:35 . 2012-06-03 12:55 -------- d-----w- c:\program files (x86)\McAfee
2012-05-31 21:20 . 2012-05-31 21:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-30 19:20 . 2012-05-30 19:20 -------- d-----w- c:\users\Ahmad\AppData\Local\tango
2012-05-28 17:56 . 2012-05-28 17:56 -------- d-----w- c:\program files (x86)\Google Books Downloader
2012-05-27 21:06 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-05-27 21:06 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-05-27 21:05 . 2011-03-02 02:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-05-27 20:30 . 2012-05-27 20:30 -------- d-----w- c:\program files\SAMSUNG
2012-05-22 19:52 . 2012-06-10 21:34 -------- d-----w- c:\users\Ahmad\AppData\Roaming\vlc
2012-05-21 20:20 . 2012-05-21 20:20 -------- d-----w- c:\windows\en
2012-05-21 20:19 . 2012-05-21 20:19 -------- d-----w- c:\windows\ar
2012-05-21 20:19 . 2012-05-21 20:19 -------- d-----w- c:\windows\fr
2012-05-21 20:19 . 2012-05-21 20:19 -------- d-----w- c:\windows\tr
2012-05-21 20:15 . 2012-03-08 13:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-21 17:37 . 2012-05-21 17:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\DSETUP.dll
2012-05-21 17:37 . 2012-05-21 17:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\DXSETUP.exe
2012-05-21 17:37 . 2012-05-21 17:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5f9b1eea1cd377801\dsetup32.dll
2012-05-21 17:37 . 2012-05-21 17:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fd43ff11cd377802\MeshBetaRemover.exe
2012-05-19 19:01 . 2012-05-19 19:01 -------- d-----w- c:\program files (x86)\SopCast
2012-05-15 22:21 . 2012-05-15 23:25 -------- d-----w- c:\users\Ahmad\AppData\Roaming\DivX
2012-05-15 22:21 . 2012-05-21 17:40 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-05-15 22:20 . 2012-05-21 17:40 -------- d-----w- c:\program files\DivX
2012-05-15 22:13 . 2012-05-21 17:40 -------- d-----w- c:\program files (x86)\DivX
2012-05-15 21:49 . 2012-05-21 17:40 -------- d-----w- c:\programdata\DivX
2012-05-15 16:20 . 2012-05-15 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 16:20 . 2012-05-15 16:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 20:41 . 2012-06-11 09:40 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CA99584-D718-41AD-B1FF-D5D86AFA378B}\mpengine.dll
2012-05-14 20:41 . 2012-06-10 22:00 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-14 20:41 . 2012-06-10 21:58 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F0959D-6576-484C-99D3-4F2CC8C6C53C}\mpengine.dll
2012-05-08 20:32 . 2012-04-28 14:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 20:32 . 2012-04-28 14:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:04 . 2012-04-24 21:09 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 17:30 . 2011-05-04 18:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-31 06:05 . 2012-05-11 13:36 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 13:36 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 13:36 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 13:36 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 13:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 15:44 . 2012-03-20 15:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 15:44 . 2012-03-20 15:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-11 13:30 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-10_21.38.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-11 15:34 81518 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-11 15:34 50470 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-15 12:51 . 2012-06-11 15:34 22902 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3297002415-1721246258-2725423794-1001_UserData.bin
+ 2011-08-15 15:30 . 2012-06-10 21:56 6656 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-11 16:14 . 2012-06-11 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-10 21:37 . 2012-06-10 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 16:14 . 2012-06-11 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-10 21:37 . 2012-06-10 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-10 21:37 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-11 16:13 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-15 12:48 . 2012-06-10 21:37 4258448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-15 12:48 . 2012-06-11 16:13 4258448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-15 12:48 . 2012-06-11 16:13 38327728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3297002415-1721246258-2725423794-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-26 955280]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-27 21416]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-29 3417496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-27 165160]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-26 3521424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MapsGalaxy Search Scope Monitor"="c:\progra~2\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-06-11 42536]
"MapsGalaxy_39 Browser Plugin Loader"="c:\progra~2\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-06-11 30096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\test account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-1-13 2749856]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2012-06-11 42504]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-27 2027840]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001Core.job
- c:\users\Ahmad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 00:03]
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001UA.job
- c:\users\Ahmad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 00:03]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 18:33]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 18:33]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001Core.job
- c:\users\Ahmad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:41]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297002415-1721246258-2725423794-1001UA.job
- c:\users\Ahmad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF12830.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=UXxdm036YYpk&ptb=A48DFF65-566E-422E-AB62-03F83B650493&si=maps4pc
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 10.0.0.20:80
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 8.8.8.8 4.2.2.4
TCP: Interfaces\{0E48238E-9059-4F85-8064-49AB379EEDA2}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\mzu0ah1s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pk/
FF - prefs.js: network.proxy.ftp - 10.0.0.20
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.0.0.20
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.0.0.20
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3297002415-1721246258-2725423794-1001_Classes\Wow6432Node\CLSID\{786f5c6f-c2ae-4469-a88e-6a96fdf04ba3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000051
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3297002415-1721246258-2725423794-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):60,df,99,67,c4,a1,dc,7e,d7,ca,b0,bf,1f,ba,28,8b,cd,91,0b,5f,6f,
7f,75,2f,c8,62,8d,94,3d,53,17,8e,08,cb,fd,4d,46,28,36,42,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-11 21:24:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 16:24
ComboFix2.txt 2012-06-10 21:54
.
Pre-Run: 51,460,894,720 bytes free
Post-Run: 51,139,956,736 bytes free
.
- - End Of File - - 856A07C6E8C5B15A9CEB22A2D3FD1BC5

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 11 June 2012 - 12:10 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 11 June 2012 - 03:26 PM

Revo Uninstaller: Bing Bar was uninstalled but no leftovers were found.

Java was downloaded / installed successfully.

MBAM threats were detected and cleaned after restart.. Log file given below:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ahmad :: AHMAD-TOSH [administrator]

Protection: Enabled

6/12/2012 12:09:11 AM
mbam-log-2012-06-12 (00-09-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235282
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.MyWebSearch) -> 4180 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:55 AM, on 6/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=UXxdm036YYpk&ptb=A48DFF65-566E-422E-AB62-03F83B650493&si=maps4pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E48238E-9059-4F85-8064-49AB379EEDA2}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E48238E-9059-4F85-8064-49AB379EEDA2}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E48238E-9059-4F85-8064-49AB379EEDA2}: NameServer = 8.8.8.8
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16255 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 11 June 2012 - 04:56 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
      O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
      O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
      O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
      O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
      O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ahmadpu

ahmadpu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 12 June 2012 - 03:37 PM

ESET online scanner results:

C:\FRST\Quarantine\{38b16380-2bdc-f8b2-1260-d60c706fc0eb}\U\00000008.@ Win64/Agent.BA trojan
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Users\Ahmad\Downloads\Programs\MapsGalaxy.exe Win32/AdInstaller application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users