Jump to content

sp.dll infection


Recommended Posts

There seems to be something wrong with C:\Windows\SysWOW64\rundll32.exe. I keep getting popups from avast (my main antivirus) that are, apparently, indicating that it's trying to contact a remote computer. It's also redirected some Google searches and at one point even stopped avast from doing a scan (I got a message that there were no more endpoints available from the endpoint mapper). I've scanned with avast, both with the computer on and at boot time, I ran Kaspersky's TDSSkiller but it did not detect TDSS, and I ran Malwarebytes, which removed several infections, including, apparently, something in the registry referencing rundll32.exe, but I am still getting the alerts from avast.

In fact, I originally started getting the alerts from a file in C:\user\%user%\AppData\Local\Temp - a file I couldn't actually find when I went to look for it. An avast scan removed something (though I don't think it was even the same file) from that folder, after which the infection apparently "migrated" to the SysWOW64 rundll32.exe.

If I go into Task Manager and terminate the rundll32.exe process from SysWOW64 (there is also one running from System32 which I leave alone), the alerts stop and Google searches are not redirected. I have half a mind, therefore, to just shred that copy of rundll32.exe, but somehow, that sounds like a rather bad idea on the whole.

Attached are the DDS logs as instructed. Thank you in advance for your help; my family and I are in a situation where we really cannot afford to be without this computer.

-kosmic94

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello kosmic94,

These steps are for kosmic94 only. If you are a casual viewer, do NOT try this on your system!

If you are not kosmic94 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other System !

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do NOT do any websurfing of any kind while this topic is open & I am helping you.

Do NOT run any tools of any sort on your own. Follow my guidance. If you have questions, then STOP, and put into reply in this topic.

The base issue is sp.dll which is a highly suspect driver. Not rundll32 ! What do you know about "Minecraft" ??

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Turn OFF Avast anti-virus otherwise it will interfere with cleanup of malware !

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

DDS::

uRun: [sp]

Driver::

sp

File::

C:\Users\Flood\AppData\Roaming\.minecraft\sp.DLL

Folder::

C:\Users\Flood\AppData\Roaming\.minecraft\

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4

Now, re-enable the Avast antivirus.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 5

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 6

Copy & Paste contents of C:\Combofix.txt, & Log.txt & Info.txt & Checkup.txt.

Use separate replies as needed if logs do not fit into one reply box.

There will be more to do later.

Edited by Maurice Naggar
Link to post
Share on other sites

All done. I thought I should provide you with some extra info, just in case it will be helpful. It's probably going to be extraneous, but I figure, with computers, too much information is far better than too little.

First off, I've attached the original log from Malwarebytes when I scanned my computer, in case that will help.

Second, you should know I had the rundll32.exe process (from SysWOW64) shut down when I was running ComboFix, in case that needed to be running for ComboFix to detect it or something.

Third, after ComboFix ran, it restarted the computer. I wasn't sure if that was ComboFix or not (should have told me to expect that ;)), so I canceled the shutdown initially and looked for the logfile. At C:\ I found "ComboFix," but it had the computer icon, and clicking on it just took me apparently back to My Computer, but it was indeed shown at C:\Computer\ComboFix. I renamed it to ComboFix.txt and it became an openable folder with a bunch of files inside it - including the as-yet incomplete ComboFix.txt logfile. I then renamed it back to just ComboFix (but it remained a folder and did not return to the computer icon), and restarted my computer. There was also some computer file with numbers as its name, but it's gone now; presumably it was a ComboFix file or folder.

Fourth, after I restarted and ComboFix was preparing its report, I noted it said not to run any programs. Java requested to update while it was doing that, which I denied, clicked the "x" in its system tray popup, and then clicked inside the ComboFix window. I doubt this matters, but, like I said, better too much info than too little.

Fifth - and I really think this is completely irrelevant but I'll say it anyway just because I got the idea into my head - I haven't been shutting down and restarting my computer, but keeping it "off" in standby mode instead. This is to circumvent a crashing issue that seems to be exacerbated by restarts.

I think that's all. Next post will have the copy/pasted log files from everything. See Malwarebytes log attachment in this one.

-kosmic94

mbam-log-2012-03-25 (22-09-55).txt

Link to post
Share on other sites

ComboFix 12-03-27.02 - Flood 03/27/2012 9:52.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1033.18.3838.2412 [GMT -4:00]

Running from: c:\downloads\MalwareStuff\ComboFix.exe

Command switches used :: c:\downloads\MalwareStuff\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Flood\AppData\Roaming\.minecraft\sp.DLL"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

C:\Install.exe

c:\program files (x86)\Mail.Ru\Agent\Mra\dll\newmrasearch.dll

c:\users\Flood\AppData\Roaming\.minecraft

c:\users\Flood\AppData\Roaming\.minecraft\backup\bin\Minecraft.jar.1325537237112

c:\users\Flood\AppData\Roaming\.minecraft\backup\saves\Dinamite\Dinamite.1325537242665.zip

c:\users\Flood\AppData\Roaming\.minecraft\backup\saves\New World\New World.1325537243478.zip

c:\users\Flood\AppData\Roaming\.minecraft\backup\saves\Tech World\Tech World.1325537244515.zip

c:\users\Flood\AppData\Roaming\.minecraft\bin\jinput.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\lwjgl.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\lwjgl_util.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\md5s

c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft-1.0.0.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft-1.7.3.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft - Copy.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft.bak

c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft.jar

c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft.jar.backup

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll

c:\users\Flood\AppData\Roaming\.minecraft\bin\version

c:\users\Flood\AppData\Roaming\.minecraft\bin\WorldEdit.jar

c:\users\Flood\AppData\Roaming\.minecraft\config\ModLoader.cfg

c:\users\Flood\AppData\Roaming\.minecraft\data_dump.xml

c:\users\Flood\AppData\Roaming\.minecraft\default_reference.xml

c:\users\Flood\AppData\Roaming\.minecraft\hs_err_pid6324.log

c:\users\Flood\AppData\Roaming\.minecraft\lastlogin

c:\users\Flood\AppData\Roaming\.minecraft\mcpatcher.xml

c:\users\Flood\AppData\Roaming\.minecraft\mcyu.jar

c:\users\Flood\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe

c:\users\Flood\AppData\Roaming\.minecraft\Minecraft Cracked.exe

c:\users\Flood\AppData\Roaming\.minecraft\Minecraft Updater.exe

c:\users\Flood\AppData\Roaming\.minecraft\Minecraft.exe

c:\users\Flood\AppData\Roaming\.minecraft\MinecraftInstall.net.url

c:\users\Flood\AppData\Roaming\.minecraft\ModLoader.txt

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\alias.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\bindings.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\itemnames.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spc.settings

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113624938.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113629190.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113689243.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113697789.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113703638.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113705944.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113708141.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113711042.log

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\sppcommands.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\worldedit.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\alias.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\bindings.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\itemnames.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\spc.settings

c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\sppcommands.properties

c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\worldedit.properties

c:\users\Flood\AppData\Roaming\.minecraft\optifog.log

c:\users\Flood\AppData\Roaming\.minecraft\options.txt

c:\users\Flood\AppData\Roaming\.minecraft\resources\music\calm1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\music\calm2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\music\calm3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\nuance1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\nuance2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\piano1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\piano2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\piano3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave10.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave11.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave12.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave13.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave6.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave7.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave8.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave9.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\thunder1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\thunder2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\thunder3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\fallbig1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\fallbig2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\fallsmall.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\hurtflesh1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\hurtflesh2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\hurtflesh3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\fire\fire.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\fire\ignite.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\lava.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\lavapop.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\splash.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\water.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\death.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hiss1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hiss2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hiss3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hitt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hitt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hitt3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purr1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purr2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purr3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purreow1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purreow2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chicken1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chicken2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chicken3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chickenhurt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chickenhurt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chickenplop.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cowhurt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cowhurt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cowhurt3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeperdeath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\death.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\portal.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\portal2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\stare.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\affectionate scream.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\charge.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\death.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\fireball4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan6.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan7.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pig1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pig2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pig3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pigdeath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\sheep1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\sheep2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\sheep3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\hit1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\hit2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\hit3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\kill.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeleton1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeleton2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeleton3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletondeath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slimeattack1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slimeattack2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spiderdeath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\bark1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\bark2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\bark3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\death.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\growl1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\growl2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\growl3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\howl1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\howl2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\hurt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\hurt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\hurt3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\panting.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\shake.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\whine.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\metal1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\metal2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\metal3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\woodbreak.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiedeath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiehurt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiehurt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigdeath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpighurt1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpighurt2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\bass.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\bassattack.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\bd.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\harp.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\hat.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\pling.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\snare.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\portal\portal.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\portal\travel.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\portal\trigger.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bow.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\break.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\breath.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\burp.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\chestclosed.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\chestopen.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\click.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\door_close.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\door_open.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\drink.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\drr.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\eat1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\eat2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\eat3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\fizz.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\fuse.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\glass1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\glass2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\glass3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\hurt.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\levelup.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\old_explode.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\orb.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\pop.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\splash.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\wood click.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\tile\piston\in.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\tile\piston\out.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart5.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart6.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart7.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart8.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\pe\humble.png

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood1.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood2.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood3.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood4.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\11.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\13.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\13.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\blocks.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\cat.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\cat.ogg

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\chirp.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\far.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\mall.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\mellohi.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\stal.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\strad.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\ward.mus

c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\where are we now.mus

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\level.dat

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\level.dat_old

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.-1.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.0.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.0.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.1.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.1.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\session.lock

c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\spc.settings

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\level.dat

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\level.dat_old

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.-1.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.-1.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.0.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.0.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\session.lock

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\level.dat

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\level.dat_old

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.-1.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.-1.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.0.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.0.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\session.lock

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\spc.settings

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\waypoints.dat

c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\waypoints.dat_old

c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\level.dat

c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\level.dat_old

c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\region\r.-1.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\region\r.0.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\session.lock

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\level.dat

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\level.dat_old

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.-1.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.0.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.0.-2.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.0.0.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.1.-1.mcr

c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\session.lock

c:\users\Flood\AppData\Roaming\.minecraft\servers.dat

c:\users\Flood\AppData\Roaming\.minecraft\sp.DLL

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_dave_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_dave_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_futhark74_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_futhark74_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker2_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker2_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_mcfalson_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_mcfalson_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_player_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_player_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_ryan_unsent.dat

c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_ryan_unsent.old

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\ChaosKiller.zip

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\CUBE Inc. Texture Pack copy.zip

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\CustomPainterly.Griz2.zip

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\Misa210.zip

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\Misa301.zip

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\PainterlyCustomTexPack.zip

c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\The Way - Texturepack 1.7.zip

c:\users\Flood\AppData\Roaming\.minecraft\TooManyItems.txt

c:\users\Flood\AppData\Roaming\.minecraft\Uninstall.exe

c:\users\Flood\AppData\Roaming\.minecraft\Uninstall.ini

c:\users\Flood\AppData\Roaming\Local

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(4).ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(5).ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(6).ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(7).ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4)

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\Flood\xobglu32.dll

c:\windows\iun6002.exe

c:\windows\PFRO.log

.

.

((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))

.

.

2012-03-27 14:24 . 2012-03-27 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-27 13:43 . 2012-03-27 13:43 -------- d-----w- c:\program files (x86)\ERUNT

2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\users\Flood\AppData\Roaming\Malwarebytes

2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\programdata\Malwarebytes

2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-26 02:08 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 22:32 . 2012-03-16 22:32 -------- d-----w- c:\programdata\id Software

2012-03-10 22:45 . 2012-03-10 22:45 -------- d-----w- c:\program files (x86)\AnvSoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 23:15 . 2010-06-29 17:07 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2009-06-13 19:12 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-03-06 23:15 . 2011-01-16 15:52 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:04 . 2011-03-06 00:13 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:04 . 2009-06-13 19:12 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2009-06-13 19:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2009-06-13 19:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2009-06-13 19:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-06 23:01 . 2009-06-13 19:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2011-03-03 4620288]

"Akamai NetSession Interface"="c:\users\Flood\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]

"LedKey"="CNYHKey.exe" [2008-04-24 339968]

"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"MAgent"="c:\program files (x86)\Mail.Ru\Agent\MAgent.exe" [2009-12-24 8746680]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

.

c:\users\Flood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

RCA Detective.lnk - c:\users\Flood\Documents\RCA Detective\RCADetective.exe [2010-12-25 804352]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA1100 Мастер установки.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-7-18 4545024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]

"Skytel"="Skytel.exe" [2008-09-18 1833504]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.juno.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0409&m=dx4200-09

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings' date='ProxyOverride = 127.0.0.1:9421;<local>

IE: Display All Images with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/227"

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files (x86)\Mail.Ru\Agent\magent.exe

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: netzero.com

Trusted Zone: netzero.net

Trusted Zone: soe.com

Trusted Zone: sony.com

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Flood\AppData\Roaming\Mozilla\Firefox\Profiles\360vmvb8.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com

FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Performance Cache: gcyvknqexv@gcyvknqexv.org - %profile%\extensions\gcyvknqexv@gcyvknqexv.org

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://operations.section31rp.co.uk/ppt

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Easy Dock - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Civil War Generals II Demo - c:\sierra\Cwg2Demo\Uninst.isu

AddRemove-Digalo 2000 Russian - c:\program files (x86)\Digalo\Digalo 2000 Russian\Uninst.isu

AddRemove-Elite Force Engine Patch1.37 - c:\windows\iun6002.exe

AddRemove-Elite Force Player Maps - c:\program files (x86)\Raven\Star Trek Voyager Elite Force\EFPM.isu

AddRemove-Minecraft Beta Cracked - c:\users\Flood\AppData\Roaming\.minecraft\Uninstall.exe

AddRemove-PunkBusterSvc - c:\downloads\ПОБЕДИМ\APB RELOADED\Binaries\pbsvc_apb.exe

AddRemove-Geotag - c:\windows\system32\javaws.exe

AddRemove-Wurm Online 3.0.1 - c:\windows\system32\javaws.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai']

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]

"ImagePath"="\??\c:\users\Flood\AppData\Local\Temp\005A29D.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\MHotKey.exe

c:\windows\ChiFuncExt.exe

c:\windows\SysWOW64\atashost.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe

c:\windows\CNYHKey.exe

c:\windows\ModLedKey.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-03-27 10:45:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-27 14:45

.

Pre-Run: 243,155,763,200 bytes free

Post-Run: 244,682,305,536 bytes free

.

- - End Of File - - CF50324089B178FDAB833FBB468DE185

Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Flood at 2012-03-27 10:48:45

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 233 GB (39%) free of 600 GB

Total RAM: 3838 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:48:55 AM, on 3/27/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19120)

Boot mode: Normal

Running processes:

C:\Windows\MHotKey.exe

C:\Windows\ChiFuncExt.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe

C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe

C:\Windows\CNYHKey.exe

C:\Users\Flood\Documents\RCA Detective\RCADetective.exe

C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe

C:\Windows\ModLedKey.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\PROGRA~2\FREEDO~1\fdm.exe

C:\Program Files\trend micro\Flood.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0409&m=dx4200-09

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\JNAccelerator\qsacc\x1IEBHO.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe

O4 - HKLM\..\Run: [LedKey] CNYHKey.exe

O4 - HKLM\..\Run: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [MAgent] "C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe" -LM

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [VueMinder] "C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe" 1

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: RCA Detective.lnk = C:\Users\Flood\Documents\RCA Detective\RCADetective.exe

O4 - Global Startup: NETGEAR WNA1100 Мастер установки.lnk = ?

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files (x86)\JNAccelerator\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files (x86)\JNAccelerator\qsacc\appres.dll/227"

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe

O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.netzero.com

O15 - Trusted Zone: *.netzero.net

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.support.gateway.com/support/serialharvest/gwCID.CAB

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\SysWOW64\atashost.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 15923 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

wininit.exe

C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Windows\system32\Dwm.exe"

taskeng.exe {37DDFE69-FDBE-4111-ADE4-B7D8CFA0FF7B}

C:\Windows\Explorer.EXE

taskeng.exe {EBCEEE99-9906-4C34-8BAB-CFC8C9D33D63}

taskeng.exe {392C2C18-B08A-4521-97A3-3A4ADE1E50C9}

C:\Windows\MHotKey.exe

C:\Windows\ChiFuncExt.exe

C:\Windows\system32\agr64svc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService

"C:\Windows\SysWOW64\atashost.exe"

"C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe"

"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s

"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"

"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"

C:\Windows\System32\svchost.exe -k WerSvcGroup

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4451abcc-c2e6-4808-9974-f323599c37b4 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d8f919ea-14d5-4537-8767-37f1f3d706b3 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-44d07c60-5b3d-4c21-9154-03bf64dc4789 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d0bedf9c-0fcb-406c-bc80-8a37ffd844f8

"C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe"

RUNDLL32.EXE ykx64coinst,serviceStartProc

WLIDSvcM.exe 1284

C:\Windows\system32\conime.exe

"C:\Windows\RAVCpl64.exe"

"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon

"C:\Windows\ehome\ehtray.exe"

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\ehome\ehmsas.exe -Embedding

"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

"C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe" 1

"C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe"

"C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe"

"C:/Users/Flood/AppData/Local/Akamai/netsession_win.exe" --client

"C:\Windows\CNYHKey.exe"

"C:\Users\Flood\Documents\RCA Detective\RCADetective.exe"

"C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

C:\Windows\ModLedKey.exe

"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe"

"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"

"C:\Windows\system32\wuauclt.exe"

C:\Windows\servicing\TrustedInstaller.exe

taskeng.exe {26C14A7E-524E-4850-82B4-02C362872773}

notepad.exe "C:\Users\Flood\AppData\Local\Temp\log.txt"

"C:\Program Files\Alwil Software\Avast5\AvastUI.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Windows\system32\SearchFilterHost.exe" 0 680 684 692 65536 688

C:\PROGRA~2\FREEDO~1\fdm.exe -Embedding

"C:\Users\Flood\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-05-27 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]

Pop-up Blocker - C:\Program Files (x86)\JNAccelerator\qsacc\x1IEBHO.dll [2006-12-06 211456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]

DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]

Babylon IE plugin - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

Free Download Manager - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2010-03-10 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-09-18 6495264]

"Skytel"=C:\Windows\Skytel.exe [2008-09-18 1833504]

"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]

"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1840720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]

"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

"VueMinder"=C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [2011-03-02 4620288]

"Akamai NetSession Interface"=C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe [2012-03-13 3331872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"LchDrvKey"=C:\Windows\LchDrvKey.exe [2007-03-28 36864]

"LedKey"=C:\Windows\CNYHKey.exe [2008-04-23 339968]

"Smart Copy"=C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [2008-05-21 53248]

"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"MAgent"=C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe [2009-12-24 8746680]

"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-12-09 1226608]

"DivX Download Manager"=C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-05-27 40368]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-25 343168]

"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

NETGEAR WNA1100 Мастер установки.lnk - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

C:\Users\Flood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

RCA Detective.lnk - C:\Users\Flood\Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.FPS1"=frapsv64.dll

"VIDC.XFR1"=xfcodec64.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-03-27 10:48:45 ----D---- C:\rsit

2012-03-27 10:48:45 ----D---- C:\Program Files\trend micro

2012-03-27 10:45:10 ----A---- C:\ComboFix.txt

2012-03-27 10:36:02 ----SHD---- C:\$RECYCLE.BIN

2012-03-27 09:48:49 ----A---- C:\Windows\zip.exe

2012-03-27 09:48:49 ----A---- C:\Windows\SWSC.exe

2012-03-27 09:48:49 ----A---- C:\Windows\SWREG.exe

2012-03-27 09:48:49 ----A---- C:\Windows\sed.exe

2012-03-27 09:48:49 ----A---- C:\Windows\PEV.exe

2012-03-27 09:48:49 ----A---- C:\Windows\NIRCMD.exe

2012-03-27 09:48:49 ----A---- C:\Windows\MBR.exe

2012-03-27 09:48:49 ----A---- C:\Windows\grep.exe

2012-03-27 09:48:33 ----D---- C:\Qoobox

2012-03-27 09:43:51 ----D---- C:\Windows\ERDNT

2012-03-27 09:43:17 ----D---- C:\Program Files (x86)\ERUNT

2012-03-25 22:08:58 ----D---- C:\Users\Flood\AppData\Roaming\Malwarebytes

2012-03-25 22:08:50 ----D---- C:\ProgramData\Malwarebytes

2012-03-25 22:08:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-25 22:08:48 ----A---- C:\Windows\system32\drivers\mbam.sys

2012-03-25 22:03:27 ----A---- C:\TDSSKiller.2.7.22.0_25.03.2012_22.03.27_log.txt

2012-03-25 21:45:32 ----ASH---- C:\hiberfil.sys

2012-03-16 18:32:43 ----D---- C:\ProgramData\id Software

2012-03-10 18:45:55 ----D---- C:\Program Files (x86)\AnvSoft

======List of files/folders modified in the last 1 month======

2012-03-27 10:48:45 ----RD---- C:\Program Files

2012-03-27 10:48:28 ----D---- C:\Windows\Temp

2012-03-27 10:45:22 ----D---- C:\Windows\system32\drivers

2012-03-27 10:42:58 ----D---- C:\Windows\System32

2012-03-27 10:42:58 ----D---- C:\Windows\inf

2012-03-27 10:42:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-03-27 10:37:19 ----D---- C:\Windows

2012-03-27 10:37:08 ----A---- C:\Windows\system.ini

2012-03-27 10:36:47 ----D---- C:\Windows\system32\WDI

2012-03-27 10:35:46 ----D---- C:\Windows\system32\drivers\etc

2012-03-27 10:09:58 ----D---- C:\Windows\SYSWOW64\drivers

2012-03-27 10:09:58 ----D---- C:\Windows\SysWOW64

2012-03-27 10:09:58 ----D---- C:\Windows\AppPatch

2012-03-27 10:09:54 ----D---- C:\Program Files\Common Files

2012-03-27 10:09:54 ----D---- C:\Program Files (x86)\Common Files

2012-03-27 09:48:17 ----D---- C:\Windows\Prefetch

2012-03-27 09:46:17 ----D---- C:\Users\Flood\AppData\Roaming\Free Download Manager

2012-03-27 09:43:17 ----RD---- C:\Program Files (x86)

2012-03-27 09:41:58 ----RD---- C:\Downloads

2012-03-27 09:26:43 ----SHD---- C:\Windows\Installer

2012-03-26 21:14:59 ----D---- C:\Users\Flood\AppData\Roaming\Skype

2012-03-26 01:24:38 ----SHD---- C:\System Volume Information

2012-03-25 22:08:50 ----D---- C:\ProgramData

2012-03-25 20:43:55 ----A---- C:\Windows\ntbtlog.txt

2012-03-25 15:40:25 ----D---- C:\Users\Flood\AppData\Roaming\codeblocks

2012-03-25 11:48:49 ----D---- C:\Program Files (x86)\Cain

2012-03-22 18:01:24 ----D---- C:\Users\Flood\AppData\Roaming\CyberLink

2012-03-20 09:47:38 ----D---- C:\Windows\system32\catroot2

2012-03-14 21:54:20 ----D---- C:\Windows\Minidump

2012-03-14 21:25:49 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-03-13 19:59:15 ----D---- C:\Users\Flood\AppData\Roaming\gtk-2.0

2012-03-06 19:15:14 ----A---- C:\Windows\SYSWOW64\aswBoot.exe

2012-03-06 19:15:03 ----A---- C:\Windows\system32\aswBoot.exe

2012-03-04 16:30:11 ----RSD---- C:\Windows\assembly

2012-03-04 16:29:08 ----D---- C:\Windows\Microsoft.NET

2012-03-04 16:27:27 ----RSD---- C:\Windows\Fonts

2012-03-04 16:21:27 ----D---- C:\Program Files (x86)\TurboTax

2012-03-02 17:00:16 ----D---- C:\ProgramData\CanonIJPLM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-27 16400]

R0 SCMNdisP;General NDIS Protocol Driver; C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-05 834544]

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-03-06 43864]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-06 819032]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-06 337240]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-06 59224]

R1 JSWPSLWF;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-06-15 93240]

R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-07-14 294232]

R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-06 24408]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]

R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]

R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2008-10-29 1253376]

R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10496512]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-10-25 326656]

R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-09-18 1497112]

R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2008-08-12 181024]

R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS [2008-06-05 66048]

R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 98944]

R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 108544]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2008-08-05 392192]

S2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-06-11 17952]

S3 aib0rg7m;aib0rg7m; C:\Windows\system32\drivers\aib0rg7m.sys []

S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-10-10 1724416]

S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10496512]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]

S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-08-02 900608]

S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-01 4682]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 616448]

S3 vtany;vtany; \??\C:\Windows\vtany.sys []

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]

S3 X6va005;X6va005; \??\C:\Users\Flood\AppData\Local\Temp\005A29D.tmp []

S3 xspirit;xspirit; \??\C:\Users\Flood\AppData\Local\Temp\xspirit.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe [2007-12-10 15872]

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 27648]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-10-25 204288]

R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]

R2 atashost;WebEx Service Host for Support Center; C:\Windows\SysWOW64\atashost.exe [2009-03-06 20376]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-06 44768]

R2 ETService;Empowering Technology Service; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]

R2 IntuitUpdateService;Intuit Update Service; C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]

R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-08-04 75136]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2008-08-19 244904]

R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R2 WSWNA1100;WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]

R2 yksvc;Marvell Yukon Service; ykx64coinst,serviceStartProc []

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 136176]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 136176]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-22 960992]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-06-06 4005936]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-07-28 411432]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Link to post
Share on other sites

info.txt logfile of random's system information tool 1.09 2012-03-27 10:48:58

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\FATE\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Polar Pool\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"

-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"

-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly

-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}

A.V.A-->"C:\Program Files (x86)\InstallShield Installation Information\{93712806-272D-485E-8D8E-C08E861CF3E0}\setup.exe" -runfromtemp -l0x0409 -removeonly

Adobe Digital Editions-->"C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -maintain plugin

Adobe Reader 8.3.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A83000000003}

Agere Systems PCI-SV92PP Soft Modem-->C:\Windows\agrsmdel

Akamai NetSession Interface Service-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe

Alcatraz Prison Escape-->C:\Windows\IsUninst.exe -f"C:\GAMES\TRIADA\Alcatraz Prison Escape\Uninst.isu"

Allods Online 2.0.04.49-->C:\Downloads\Allods\uninst.exe

Alt MP3 Bitrate Converter 7.3-->"C:\Program Files (x86)\Alt MP3 Bitrate Converter\unins000.exe"

AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}

AMD Catalyst Install Manager-->msiexec /q/x{52FB2985-F3AD-DAA7-7645-4E38A5B96E17} REBOOT=ReallySuppress

Any Flv Converter 2.0.0-->"C:\Program Files (x86)\Any Flv Converter\unins000.exe"

Any Video Converter 3.2.5-->"C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe"

Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ArmA 2 Free Uninstall-->C:\Downloads\Arma2Free\UnInstall.exe

Armagetron Advanced 0.2.8.3.1.gcc-->C:\Program Files (x86)\Armagetron Advanced\uninst.exe

AssaultCube v1.0-->"C:\Program Files (x86)\ACube\uninstall.exe"

AssaultCube v1.1.0.4-->"C:\Program Files (x86)\ACube\uninstall.exe"

Atomic RAR Password Recovery 1.20-->"C:\Program Files (x86)\Atomic RAR Password Recovery\unins000.exe"

Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"

AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~2\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~2\AVVCS6~1.0DI\INSTALL.LOG

avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup

Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"

Battlefield 1942 Multiplayer Demo-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5ED20FB0-678F-41EE-9211-DC9C670FD193}\Setup.exe" -l0x9

Battlefield 2 Demo-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}\setup.exe" -l0x9 -removeonly

Battlefield Heroes-->"C:\Program Files (x86)\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstall.xml"

Battlefield Play4Free-->"C:\Program Files (x86)\EA Games\Battlefield Play4Free\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Play4Free\Uninstall.xml"

BEYOND ATLANTIS 2-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\DreamCatcher\BEYOND ATLANTIS 2\Uninst.isu"

Black Shades (remove only)-->"C:\Program Files (x86)\Black Shades\uninstall.exe"

BOS-->C:\Windows\ST5UNST.EXE -n "C:\Downloads\bos\ST5UNST.LOG"

Byki Express-->"C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe" REMOVE=TRUE MODIFY=FALSE

Byki-->C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe

Cabela's 4x4 Off-road Adventure 1.2-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Activision Value\Cabela's 4x4 Off-road Adventure\Uninst.isu"

Cain & Abel v4.9.42-->C:\PROGRA~2\Cain\UNINSTAL.EXE C:\PROGRA~2\Cain\Install.log

CamStudio-->C:\Program Files (x86)\CamStudio\uninstall.exe

Canon iP2600 series User Registration-->C:\Program Files (x86)\Canon\IJEREG\iP2600 series\UNINST.EXE

Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009

Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini

Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}

Civil War Generals II Demo-->C:\Windows\IsUninst.exe -fC:\SIERRA\Cwg2Demo\Uninst.isu

Clive Barker's Undying-->C:\Windows\IsUninst.exe -fC:\Downloads\Games\Clive\Uninst.isu

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Cosmic Supremacy-->MsiExec.exe /I{9DD2509C-8479-4A92-8FF3-9A412A5B1877}

Counter Strike 1.6 FULL v42-->C:\Downloads\CS-1.6-2\Uninstall.exe

Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9

Counter-Strike 2D 0.1.1.9-->"C:\Downloads\CS2D\unins000.exe"

Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"

CPUID CPU-Z 1.58-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"

CPUID HWMonitor Pro 1.12-->"C:\Program Files\CPUID\HWMonitorPro\unins000.exe"

Crash Demo-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Mattel Media\Hot Wheels\Crash Demo\Uninst.isu"

Cross Fire En-->"C:\Downloads\cf\unins000.exe"

Custom locale tlh-pIqaD-US-->MsiExec.exe /I{314AE83A-B29E-4D5C-8A0D-8ADAAA3E0FB4}

CyberLink LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall

CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall

CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Deus Ex Game Of The Year-->C:\Games\DEUSEX~1\UNWISE.EXE C:\Games\DEUSEX~1\INSTALL.LOG

Digalo 2000 Russian-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Digalo\Digalo 2000 Russian\Uninst.isu"

Digital Camera-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}\setup.exe"

Disney's 102 Dalmatians Puppies to the Rescue-->C:\Windows\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\102DAL~1\DeIsL1.isu

DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com

Elder Futhark Keyboard-->MsiExec.exe /I{7CC89A11-E357-4243-9235-99B8B9C0CA58}

Elite Force Engine Patch-->C:\Windows\iun6002.exe "C:\Program Files (x86)\raven\Star Trek Voyager Elite Force\irunin.ini"

Elite Force Player Maps-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Raven\Star Trek Voyager Elite Force\EFPM.isu"

Elite Force RPG-X v2.0-->"C:\Program Files (x86)\Raven\Star Trek Voyager Elite Force\RPG-X2\extras\uninstall\unins000.exe"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

FileZilla Client 3.3.5.1-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe

FLV to MP4 Converter 2009.2.20-->"C:\Program Files (x86)\FLV to MP4 Converter\unins000.exe"

Foxit Reader 5.0-->"C:\Downloads\fx\unins000.exe"

Fraps (remove only)-->"C:\Fraps\uninstall.exe"

Free Allegiance - Application Compatibility Database-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{64fb7ce2-21dd-464d-a6a5-a21ca54f173f}.sdb"

Free Allegiance-->C:\Downloads\Allegiance\uninst.exe

Free Audio CD Burner version 1.4.7-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"

Free Download Manager 3.4 ALPHA-->"C:\Program Files (x86)\Free Download Manager\unins000.exe"

Free WMA to MP3 Converter 1.16-->"C:\Program Files (x86)\Free WMA to MP3 Converter\unins000.exe"

Free YouTube Download version 3.0.13.815-->C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe

Free YouTube to MP3 Converter version 3.9.35.324-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"

Frogger2-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Hasbro Interactive\Frogger2\Uninst.isu"

Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"

Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly

GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"

Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GSC 2.00-->"C:\Program Files (x86)\GSC 2.00\gsc-uninst.exe"

GtkRadiant 1.5.0-->MsiExec.exe /I{EC2F741D-308C-42B4-BD04-9A4853F2E402}

Guitar Pro 6-->"C:\Program Files (x86)\Guitar Pro 6\unins000.exe"

Hard Truck 18 Wheels of Steel-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1096C4FA-CC07-4BE1-B73F-77BDFF4916B8}

Harry Potter and the Order of the Phoenix™-->C:\Program Files (x86)\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe

Hirc-->"C:\Program Files (x86)\Hirc\unins000.exe"

Hot Wheels Crash-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Mattel Media\Hot Wheels\CRASH\Data\UninstallCrash.isu"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

ioquake3-->"C:\Program Files (x86)\ioquake3\uninstall.exe"

iWisoft Free Video Converter 1.2-->"C:\Program Files (x86)\iWisoft Free Video Converter\unins000.exe"

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}

Java 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

JFK Reloaded 1.1-->C:\Downloads\j\uninst.exe

Juno 5.1.83-->C:\Program Files (x86)\Juno\bin\Uninstall.exe

Juno SpeedBand (remove only)-->"C:\Program Files (x86)\JNAccelerator\uninstacc.exe"

Just BASIC v1.01-->C:\Program Files (x86)\Just BASIC v1.01\uninstall.exe

KB0817 Keyboard Driver-->C:\Program Files (x86)\InstallShield Installation Information\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}\setup.exe -runfromtemp -l0x0009 -removeonly

L&H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSGED.inf, Uninstall

L&H TTS3000 Russian-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSRUR.inf, Uninstall

LAME v3.98.2 for Audacity-->"C:\Program Files (x86)\Lame for Audacity\unins000.exe"

League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly

Livestream Procaster-->MsiExec.exe /I{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}

LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {8BBB5E4C-3F5E-4C07-BFBE-33B34600783A} REMOVE=ALL

LogMeIn Hamachi-->MsiExec.exe /I{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}

Lords of Magic Special Edition-->C:\Windows\IsUninst.exe -fC:\SIERRA\LOMSE\Uninst.isu

Lords of Magic-->C:\Windows\IsUninst.exe -fC:\SIERRA\LOM\Uninst.isu

Mail.Ru Agent 5.6 (build 3278, for all users)-->C:\Program Files (x86)\Mail.Ru\Agent\magentsetup.exe -uninstalllm

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe

Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}

Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}

Microsoft Midtown Madness-->"C:\Program Files (x86)\Microsoft Games\Midtown Madness\UNINSTAL.EXE" /runtemp /uninstall

Microsoft Money Essentials-->"C:\Program Files (x86)\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120

Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}

Microsoft Motocross Madness 2-->"C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\UNINSTAL.EXE" /runtemp /addremove

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}

Minecraft Beta Cracked-->C:\Users\Flood\AppData\Roaming\.minecraft\Uninstall.exe

Mozilla Firefox (3.6.28)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MUSHclient (remove only)-->C:\Program Files (x86)\MUSHclient\uninstall.exe

My Game Long Name-->C:\Program Files (x86)\WHITE\Binaries\UnSetup.exe /uninstall

NCC1701 (remove only)-->"C:\Program Files (x86)\NCC1701\uninst-NCC1701.exe"

NETGEAR WNA1100 N150 Wireless USB Adapter-->"C:\Program Files (x86)\InstallShield Installation Information\{A2AE9709-283B-4B48-AA34-729C070A62FB}\setup.exe" -runfromtemp -l0x0419 -removeonly

Nmap 5.51-->"C:\Program Files (x86)\Nmap\uninstall.exe"

Noah's Jungle-->C:\UDK\Noah's Jungle\Binaries\UnSetup.exe /uninstall

NSIS Example2 (remove only)-->"C:\Program Files (x86)\Flamewar\uninstall.exe"

NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}

OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}

Opera 10.61-->MsiExec.exe /X{70858C67-8761-4444-895A-0A8B2E9E144E}

ophcrack 3.3.1-->C:\Program Files (x86)\ophcrack\uninst.exe

Paintball2 Alpha build 32 update-->C:\Games\Paintball2\uninst.exe

Paltalk Messenger-->"C:\Windows\PaltalkScene\uninstall.exe" "/U:C:\Program Files (x86)\Paltalk Messenger\irunin.xml"

Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe

Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}

Pirates! Gold-->C:\Windows\unvise32.exe c:\downloads\pg\uninstal.log

PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R

Plasma Fusion Server Files Setup version 1.0-->"C:\Program Files\Raven\Star Trek Voyager Elite Force\Plasma Fusion Server Files Setup\unins000.exe"

PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"

Project Blackout-->C:\Downloads\pbk\uninst.exe

PunkBuster Services-->C:\DOWNLOADS\ПОБЕДИМ\APB RELOADED\Binaries\pbsvc_apb.exe -u

Python 2.6.4-->MsiExec.exe /I{E7394A0F-3F80-45B1-87FC-ABCD51893246}

Quake 3 Arena Demo-->C:\Windows\unvise32.exe c:\Q3Ademo\uninstal.log

Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe C:\Program Files (x86)\Quake III Arena\uninstal5.log

Quake Live Mozilla Plugin-->MsiExec.exe /I{B42A6552-1A83-4D79-9137-AB0C9036249A}

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

RAR Password Cracker 4.12-->C:\Downloads\Cracker1\uninstall.exe

RCA Detective™ 3.0.1.1-->"C:\Users\Flood\Documents\RCA Detective\unins000.exe"

RCA easyRip 2.4.9.0-->"C:\Users\Flood\Documents\RCA easyRip\unins000.exe"

RCA Updater 2.0.5.0-->"C:\Users\Flood\Documents\RCA Updater\unins000.exe"

Rcon Unlimited 1.0-->C:\Windows\iun506.exe C:\Program Files (x86)\Rcon Unlimited\irunin.ini

REACTOR-->"C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Realms Online version 1.7.2-->"C:\Downloads\Realms\unins000.exe"

Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m -nrg2709

Realtek USB 2.0 Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly

Resonation-->C:\Program Files (x86)\Resonation\Uninstal.exe

Revo Uninstaller 1.92-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe

Savage 2 - A Tortured Soul-->C:\Downloads\SV\uninstall.exe

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB2553074)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5729F1AE-5895-468F-9165-BAD161C9E982}

Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}

Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}

Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended

Security Update for Microsoft Office Excel 2007 (KB2553073)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {65EA4836-B5A3-4C1D-8883-0C35E471003A}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

Sierra Utilities-->C:\Program Files (x86)\Sierra On-Line\sutil32.exe uninstall

Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}

Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}

Smart Copy 3.1.1.1-->C:\Program Files (x86)\IOI\Smart Copy\uninst.exe

SMRecorder 1.2.0-->C:\Program Files (x86)\SMRecorder\uninst.exe

Soldat 1.6.2-->"C:\Soldat\unins000.exe"

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Star Trek Bridge Commander-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Activision\Bridge Commander\stbc.isu"

Star Trek Elite Force II Single Player Demo-->C:\PROGRA~2\ACTIVI~1\STARTR~1\Uninstall\Unwise.exe /u C:\PROGRA~2\ACTIVI~1\STARTR~1\Uninstall\Install.log

Star Trek Elite Force II-->C:\PROGRA~2\ACTIVI~1\EF2\Uninstall\Unwise.exe /u C:\PROGRA~2\ACTIVI~1\EF2\Uninstall\Install.log

Star Trek Online-->C:\Downloads\Games\STO1\Uninstall Star Trek Online.exe

Star Trek Voyager Elite Force-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Raven\Star Trek Voyager Elite Force\Ef.isu"

Starport GE v1.0-->"C:\Downloads\Starport\unins000.exe"

SuddenAttackNA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{732799C0-7785-43C5-8496-71546A062992}\setup.exe" -l0x9 -removeonly

Sweet Little Piano 32 (remove only)-->"C:\Program Files (x86)\Roni Music\Sweet Little Piano 32\uninstall.exe"

System Requirements Lab CYRI-->MsiExec.exe /I{943A8D28-80D6-41DC-AE94-81FEB42041BF}

System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}

tazti 2.0.2-->MsiExec.exe /I{213AC470-5576-495F-B6AB-705EF12C826E}

TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"

TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe

TeamViewer 7-->C:\Program Files (x86)\TeamViewer\Version7\uninstall.exe

theHunter (remove only)-->"C:\Downloads\ht\theHunter-uninstall.exe"

Thief 2-->C:\Windows\IsUninst.exe -fC:\games\Thief2\lglass.u

Tremulous 1.1.0-->"C:\Program Files (x86)\Tremulous\uninstall.exe"

Tribes 2-->C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG

TubeTillaFree-->MsiExec.exe /I{9C3C151F-75E5-4375-AD85-76645A1A001F}

Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic

TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}

TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}

TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}

TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}

TurboTax 2009 wvaiper-->MsiExec.exe /I{3D29DFC0-EAA2-012B-AED3-000000000000}

TurboTax 2009-->C:\Program Files (x86)\TurboTax\Basic 2009\Installer\TurboTax 2009 Installer.exe /u /t /a

TurboTax 2011 WinPerFedFormset-->MsiExec.exe /I{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}

TurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789}

TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA}

TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}

TurboTax 2011-->C:\Program Files (x86)\TurboTax\Basic 2011\Installer\TurboTax 2011 Installer.exe /u /t /a

Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"

Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

VueMinder Calendar Lite-->MsiExec.exe /X{F296E6A5-78D9-4EAA-BFE7-95D079476153}

Wav to Mp3 Converter-->"C:\Windows\unins000.exe"

WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}

WHITE 1.0-->"C:\Program Files (x86)\WHITE\unins000.exe"

Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinImage-->"C:\Program Files\WinImage\winimage.exe" /uninstall

WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinX Free FLV to MP4 Converter 4.1.9-->"C:\Program Files (x86)\Digiarty\WinX_Free_FLV_to_MP4_Converter\unins000.exe"

WinZip 15.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}

Wolfenstein - Enemy Territory-->C:\DOWNLO~1\Wolfen\Uninstall\Unwise.exe /u C:\DOWNLO~1\Wolfen\Uninstall\Install.log

WolfTeam-->C:\Downloads\wt\Uninst.exe

World of Padman 1.5-->C:\Downloads\wop\UnWoP.exe

World of Tanks v.0.6.5-->"C:\Downloads\WoT\unins000.exe"

Xfire (remove only)-->"C:\Downloads\Xfire\uninst.exe"

Zoo Tycoon: Complete Collection-->"C:\Program Files (x86)\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

Горыныч ПРОФ 5.0 CommandLight-->C:\Program Files (x86)\Gor\uninst.exe

Диктограф 4-->C:\Program Files (x86)\Dictograph\uninst.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Flood-PC

Event Code: 8003

Message: The master browser has received a server announcement from the computer HOME-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.

Record Number: 490126

Source Name: bowser

Time Written: 20110829022522.604988-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 7000

Message: The NPPTNT2 service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 490114

Source Name: Service Control Manager

Time Written: 20110829021231.000000-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 8003

Message: The master browser has received a server announcement from the computer S230E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.

Record Number: 489886

Source Name: bowser

Time Written: 20110829013111.260988-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 8003

Message: The master browser has received a server announcement from the computer S230E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.

Record Number: 489607

Source Name: bowser

Time Written: 20110829005514.850588-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 8003

Message: The master browser has received a server announcement from the computer S230E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.

Record Number: 489409

Source Name: bowser

Time Written: 20110829004312.753588-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Flood-PC

Event Code: 33

Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 51750

Source Name: SideBySide

Time Written: 20101031220540.000000-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 33

Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 51749

Source Name: SideBySide

Time Written: 20101031220540.000000-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 33

Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Record Number: 51748

Source Name: SideBySide

Time Written: 20101031220540.000000-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 11

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 51727

Source Name: Microsoft-Windows-CAPI2

Time Written: 20101031181149.000000-000

Event Type: Error

User:

Computer Name: Flood-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 51715

Source Name: Microsoft-Windows-WMI

Time Written: 20101031171416.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Flood-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: FLOOD-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x2c4

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 57683

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110315104917.709761-000

Event Type: Audit Success

User:

Computer Name: Flood-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: FLOOD-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2c4

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 57682

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110315104917.709761-000

Event Type: Audit Success

User:

Computer Name: Flood-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Privileges: SeAssignPrimaryTokenPrivilege

SeAuditPrivilege

SeImpersonatePrivilege

Record Number: 57681

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110315104917.553760-000

Event Type: Audit Success

User:

Computer Name: Flood-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: FLOOD-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x2c4

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 57680

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110315104917.553760-000

Event Type: Audit Success

User:

Computer Name: Flood-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 57679

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110315104917.382159-000

Event Type: Audit Success

User:

======Environment variables======

"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"ComSpec"=%SystemRoot%\system32\cmd.exe

"DFSTRACINGON"=FALSE

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=4

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Downloads\Games\BC3K;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Pinnacle\Shared Files;C:\Program Files (x86)\Pinnacle\Shared Files\Filter;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD

"PROCESSOR_LEVEL"=16

"PROCESSOR_REVISION"=0203

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

-----------------EOF-----------------

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.32

Windows Vista x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 26

Java 6 Update 22

Java 6 Update 5

Java version out of date!

Adobe Flash Player 10.3.183.10 Flash Player out of Date!

Adobe Reader 8 Adobe Reader out of date!

Mozilla Firefox (3.6.28) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

Kosmic94,

Be very aware that the tools I'll have you use may require a Restart and you have to allow them to do that. Often, a cleanup is done as part of a restart.

Please only do as I ask and follow my notes. If you have an issue or question, STOP & post the question.

Make sure you do NO websurfing or online transactions of any kind.

Just the websites I guide you to and this forum.

It appears you got lucky and Combofix worked, but we will need a new run.

Rundll32 is a normal component of Windows, just so you know.

I want you to do a Logoff and Restart.

If there is any "crash" then STOP, and post details in this topic and await my reply.

Do NOT run any other tools or programs on your own. Follow my guidance while I am helping you and this topic is open.

Do not make any changes, or adds, or removals on your own. E.g. do not tweak or change your system by yourself.

If you have an issue or question, STOP & post the question, and await my reply.

Step 1

Logoff and Restart system fresh.

Step 2 new MBAM run after update

Turn off your antivirus program so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not turn off the firewall.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

IF it asks for a Reboot/Restart allow it :excl:

Step 3

Recheck & be sure your antivirus is OFF

Turn off your antivirus program so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not turn off the firewall.

Next a new run of Combofix. This may require a restart/reboot. Allow it to do so.

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Step 4

Reply with a copy of the latest MBAM scan log

and C:\Combofix.txt log

There will be more to do after this

Link to post
Share on other sites

I have two questions before I do this:

1) You said do not browse the internet. I thought you just meant while I was working with this malware removal. Did you mean I should not browse at all? Because I have been; does that mean I need to change passwords on the sites I've been to?

2) When you say to run ComboFix again, do you mean I should just go directly to the ComboFix file and run that, or should I drag that other script you provided me into it again and run it that way?

-kosmic94

Link to post
Share on other sites

1) NO websurfing of any kind at all .....consider your system as in Quarantine ....until we close this case.

Do not use "this system" to change passwords. You need to do that from a clean pc.

2)Just go directly to the combofix program and run it like I have in my last note. And no, not with the script. No drag. no drop.

3) This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a trojan. I do not know the severity of it.

This "may" have allowed hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Link to post
Share on other sites

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.27.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 8.0.6001.19120

Flood :: FLOOD-PC [administrator]

3/27/2012 12:47:38 PM

mbam-log-2012-03-27 (12-47-38).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 624844

Time elapsed: 2 hour(s), 5 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.

C:\Downloads\mskmsact\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Cain\Abel.exe (HackTool.Cain) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Cain\Abel64.exe (HackTool.Cain) -> Quarantined and deleted successfully.

(end)

ComboFix log:

ComboFix 12-03-27.02 - Flood 03/27/2012 15:07:18.2.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1033.18.3838.1901 [GMT -4:00]

Running from: c:\users\Flood\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))

.

.

2012-03-27 19:35 . 2012-03-27 19:35 -------- d-----w- c:\users\Flood\AppData\Local\temp

2012-03-27 19:35 . 2012-03-27 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-27 14:48 . 2012-03-27 14:48 -------- d-----w- C:\rsit

2012-03-27 14:48 . 2012-03-27 14:48 -------- d-----w- c:\program files\trend micro

2012-03-27 13:43 . 2012-03-27 13:43 -------- d-----w- c:\program files (x86)\ERUNT

2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\users\Flood\AppData\Roaming\Malwarebytes

2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\programdata\Malwarebytes

2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-26 02:08 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 22:32 . 2012-03-16 22:32 -------- d-----w- c:\programdata\id Software

2012-03-10 22:45 . 2012-03-10 22:45 -------- d-----w- c:\program files (x86)\AnvSoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 23:15 . 2010-06-29 17:07 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2009-06-13 19:12 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-03-06 23:15 . 2011-01-16 15:52 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:04 . 2011-03-06 00:13 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:04 . 2009-06-13 19:12 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2009-06-13 19:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2009-06-13 19:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2009-06-13 19:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-06 23:01 . 2009-06-13 19:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-27_14.36.51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2012-03-27 14:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-03-27 18:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2012-03-27 14:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-03-27 18:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-03-27 18:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2012-03-27 14:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2012-03-27 18:59 73426 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-06-11 23:15 . 2012-03-27 18:59 16156 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3000704899-2802138994-1906717886-1000_UserData.bin

- 2009-06-11 23:15 . 2012-03-27 14:36 16156 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3000704899-2802138994-1906717886-1000_UserData.bin

+ 2009-06-14 00:07 . 2012-03-27 18:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-06-14 00:07 . 2012-03-26 11:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-14 00:07 . 2012-03-27 18:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-06-14 00:07 . 2012-03-26 11:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-06-14 05:16 . 2012-03-27 16:19 4952 c:\windows\system32\WDI\ERCQueuedResolutions.dat

- 2012-03-27 14:33 . 2012-03-27 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-27 18:56 . 2012-03-27 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-27 14:33 . 2012-03-27 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-27 18:56 . 2012-03-27 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 15:45 . 2012-03-27 18:59 149026 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2006-11-02 12:46 . 2012-03-27 12:54 647232 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2012-03-27 19:05 647232 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2012-03-27 12:54 128820 c:\windows\system32\perfc009.dat

+ 2006-11-02 12:46 . 2012-03-27 19:05 128820 c:\windows\system32\perfc009.dat

- 2011-07-15 01:41 . 2012-03-27 14:32 483384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-15 01:41 . 2012-03-27 18:55 483384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-10-22 04:12 . 2012-03-27 18:55 5353752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-10-22 04:12 . 2012-03-27 14:32 5353752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2011-03-03 4620288]

"Akamai NetSession Interface"="c:\users\Flood\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]

"LedKey"="CNYHKey.exe" [2008-04-24 339968]

"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"MAgent"="c:\program files (x86)\Mail.Ru\Agent\MAgent.exe" [2009-12-24 8746680]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

.

c:\users\Flood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

RCA Detective.lnk - c:\users\Flood\Documents\RCA Detective\RCADetective.exe [2010-12-25 804352]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA1100 Мастер установки.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-7-18 4545024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]

"Skytel"="Skytel.exe" [2008-09-18 1833504]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.juno.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0409&m=dx4200-09

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: Display All Images with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/227"

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files (x86)\Mail.Ru\Agent\magent.exe

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: netzero.com

Trusted Zone: netzero.net

Trusted Zone: soe.com

Trusted Zone: sony.com

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Flood\AppData\Roaming\Mozilla\Firefox\Profiles\360vmvb8.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com

FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Performance Cache: gcyvknqexv@gcyvknqexv.org - %profile%\extensions\gcyvknqexv@gcyvknqexv.org

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://operations.section31rp.co.uk/ppt

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]

"ImagePath"="\??\c:\users\Flood\AppData\Local\Temp\005A29D.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2012-03-27 15:40:10

ComboFix-quarantined-files.txt 2012-03-27 19:40

.

Pre-Run: 244,064,673,792 bytes free

Post-Run: 244,048,519,168 bytes free

.

- - End Of File - - 1E86BC218FCF1A20DBA8033E45836D04

-kosmic94

Link to post
Share on other sites

Kindly do NOT enclose the log-contents within code or quote boxes.

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

DELETE the prior copy of TDSSKILLER.exe :excl:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Reply with copy of aswMBR log & TDSSKILLER log

Link to post
Share on other sites

aswMBR Fix button was not enabled.

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-28 09:44:25

-----------------------------

09:44:25.543 OS Version: Windows x64 6.0.6002 Service Pack 2

09:44:25.543 Number of processors: 4 586 0x203

09:44:25.543 ComputerName: FLOOD-PC UserName: Flood

09:44:29.895 Initialize success

09:44:33.873 AVAST engine defs: 12032801

09:45:01.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

09:45:01.719 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3

09:45:01.875 Disk 0 MBR read successfully

09:45:01.875 Disk 0 MBR scan

09:45:01.875 Disk 0 unknown MBR code

09:45:01.891 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63

09:45:01.922 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096

09:45:01.953 Disk 0 scanning C:\Windows\system32\drivers

09:45:12.203 Service scanning

09:45:27.132 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

09:45:32.077 Modules scanning

09:45:32.093 Scan finished successfully

09:45:47.178 Disk 0 MBR has been saved successfully to "C:\Users\Flood\Desktop\MBR.dat"

09:45:47.193 The log file has been saved successfully to "C:\Users\Flood\Desktop\aswMBR.txt"

TDSSkiller log:

09:48:08.0017 4996 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

09:48:08.0079 4996 ============================================================

09:48:08.0079 4996 Current date / time: 2012/03/28 09:48:08.0079

09:48:08.0079 4996 SystemInfo:

09:48:08.0079 4996

09:48:08.0079 4996 OS Version: 6.0.6002 ServicePack: 2.0

09:48:08.0079 4996 Product type: Workstation

09:48:08.0079 4996 ComputerName: FLOOD-PC

09:48:08.0079 4996 UserName: Flood

09:48:08.0079 4996 Windows directory: C:\Windows

09:48:08.0079 4996 System windows directory: C:\Windows

09:48:08.0079 4996 Running under WOW64

09:48:08.0079 4996 Processor architecture: Intel x64

09:48:08.0079 4996 Number of processors: 4

09:48:08.0079 4996 Page size: 0x1000

09:48:08.0079 4996 Boot type: Normal boot

09:48:08.0079 4996 ============================================================

09:48:09.0998 4996 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:48:10.0139 4996 \Device\Harddisk0\DR0:

09:48:10.0139 4996 MBR used

09:48:10.0139 4996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800

09:48:10.0185 4996 Initialize success

09:48:10.0185 4996 ============================================================

09:48:14.0319 2508 ============================================================

09:48:14.0319 2508 Scan started

09:48:14.0319 2508 Mode: Manual;

09:48:14.0319 2508 ============================================================

09:48:15.0848 2508 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

09:48:15.0864 2508 ACPI - ok

09:48:15.0973 2508 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

09:48:15.0989 2508 adp94xx - ok

09:48:16.0051 2508 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

09:48:16.0067 2508 adpahci - ok

09:48:16.0082 2508 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

09:48:16.0082 2508 adpu160m - ok

09:48:16.0113 2508 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

09:48:16.0113 2508 adpu320 - ok

09:48:16.0176 2508 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

09:48:16.0191 2508 AeLookupSvc - ok

09:48:16.0238 2508 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

09:48:16.0269 2508 AFD - ok

09:48:16.0332 2508 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe

09:48:16.0332 2508 AgereModemAudio - ok

09:48:16.0425 2508 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys

09:48:16.0488 2508 AgereSoftModem - ok

09:48:16.0535 2508 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

09:48:16.0535 2508 agp440 - ok

09:48:16.0613 2508 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

09:48:16.0613 2508 aic78xx - ok

09:48:16.0847 2508 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll

09:48:16.0847 2508 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4

09:48:16.0862 2508 Akamai ( HiddenFile.Multi.Generic ) - warning

09:48:16.0862 2508 Akamai - detected HiddenFile.Multi.Generic (1)

09:48:16.0909 2508 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

09:48:16.0909 2508 ALG - ok

09:48:16.0971 2508 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

09:48:16.0971 2508 aliide - ok

09:48:17.0049 2508 AMD External Events Utility (812349d328eb406815183a5d17b49e7c) C:\Windows\system32\atiesrxx.exe

09:48:17.0049 2508 AMD External Events Utility - ok

09:48:17.0143 2508 AMD FUEL Service - ok

09:48:17.0190 2508 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

09:48:17.0190 2508 amdide - ok

09:48:17.0268 2508 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

09:48:17.0268 2508 amdiox64 - ok

09:48:17.0315 2508 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

09:48:17.0330 2508 AmdK8 - ok

09:48:17.0658 2508 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys

09:48:17.0892 2508 amdkmdag - ok

09:48:17.0970 2508 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys

09:48:17.0985 2508 amdkmdap - ok

09:48:18.0126 2508 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

09:48:18.0141 2508 AODDriver4.01 - ok

09:48:18.0219 2508 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

09:48:18.0219 2508 Appinfo - ok

09:48:18.0297 2508 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

09:48:18.0297 2508 arc - ok

09:48:18.0344 2508 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

09:48:18.0360 2508 arcsas - ok

09:48:18.0500 2508 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:48:18.0500 2508 aspnet_state - ok

09:48:18.0563 2508 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

09:48:18.0563 2508 aswFsBlk - ok

09:48:18.0609 2508 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

09:48:18.0609 2508 aswMonFlt - ok

09:48:18.0672 2508 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys

09:48:18.0672 2508 aswRdr - ok

09:48:18.0781 2508 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

09:48:18.0812 2508 aswSnx - ok

09:48:18.0843 2508 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

09:48:18.0843 2508 aswSP - ok

09:48:18.0890 2508 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

09:48:18.0890 2508 aswTdi - ok

09:48:18.0953 2508 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

09:48:18.0953 2508 AsyncMac - ok

09:48:18.0984 2508 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

09:48:18.0984 2508 atapi - ok

09:48:19.0046 2508 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\SysWOW64\atashost.exe

09:48:19.0062 2508 atashost - ok

09:48:19.0155 2508 athur (ed41ce1066464cde2b4a176b8fa68b13) C:\Windows\system32\DRIVERS\athurx.sys

09:48:19.0233 2508 athur - ok

09:48:19.0530 2508 atikmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys

09:48:19.0639 2508 atikmdag - ok

09:48:19.0701 2508 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:48:19.0701 2508 AtiPcie - ok

09:48:19.0779 2508 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

09:48:19.0795 2508 AudioEndpointBuilder - ok

09:48:19.0811 2508 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

09:48:19.0826 2508 AudioSrv - ok

09:48:19.0935 2508 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

09:48:19.0935 2508 avast! Antivirus - ok

09:48:19.0998 2508 Beep - ok

09:48:20.0060 2508 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

09:48:20.0076 2508 BFE - ok

09:48:20.0154 2508 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll

09:48:20.0232 2508 BITS - ok

09:48:20.0263 2508 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

09:48:20.0263 2508 blbdrive - ok

09:48:20.0294 2508 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

09:48:20.0294 2508 bowser - ok

09:48:20.0341 2508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

09:48:20.0341 2508 BrFiltLo - ok

09:48:20.0403 2508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

09:48:20.0403 2508 BrFiltUp - ok

09:48:20.0450 2508 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

09:48:20.0466 2508 Browser - ok

09:48:20.0481 2508 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

09:48:20.0481 2508 Brserid - ok

09:48:20.0497 2508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

09:48:20.0497 2508 BrSerWdm - ok

09:48:20.0544 2508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

09:48:20.0544 2508 BrUsbMdm - ok

09:48:20.0559 2508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

09:48:20.0559 2508 BrUsbSer - ok

09:48:20.0591 2508 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

09:48:20.0606 2508 BTHMODEM - ok

09:48:20.0653 2508 catchme - ok

09:48:20.0684 2508 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

09:48:20.0684 2508 cdfs - ok

09:48:20.0731 2508 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

09:48:20.0731 2508 cdrom - ok

09:48:20.0793 2508 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

09:48:20.0871 2508 CertPropSvc - ok

09:48:20.0903 2508 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

09:48:20.0903 2508 circlass - ok

09:48:20.0965 2508 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

09:48:20.0981 2508 CLFS - ok

09:48:21.0043 2508 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:48:21.0059 2508 clr_optimization_v2.0.50727_32 - ok

09:48:21.0105 2508 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:48:21.0105 2508 clr_optimization_v2.0.50727_64 - ok

09:48:21.0199 2508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:48:21.0199 2508 clr_optimization_v4.0.30319_32 - ok

09:48:21.0605 2508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:48:21.0683 2508 clr_optimization_v4.0.30319_64 - ok

09:48:22.0026 2508 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

09:48:22.0026 2508 cmdide - ok

09:48:22.0057 2508 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

09:48:22.0057 2508 Compbatt - ok

09:48:22.0104 2508 COMSysApp - ok

09:48:22.0182 2508 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys

09:48:22.0182 2508 cpuz135 - ok

09:48:22.0229 2508 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

09:48:22.0229 2508 crcdisk - ok

09:48:22.0291 2508 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll

09:48:22.0291 2508 CryptSvc - ok

09:48:22.0369 2508 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

09:48:22.0400 2508 DcomLaunch - ok

09:48:22.0447 2508 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

09:48:22.0447 2508 DfsC - ok

09:48:22.0587 2508 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

09:48:22.0681 2508 DFSR - ok

09:48:22.0775 2508 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

09:48:22.0790 2508 Dhcp - ok

09:48:22.0821 2508 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

09:48:22.0821 2508 disk - ok

09:48:22.0884 2508 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

09:48:22.0899 2508 Dnscache - ok

09:48:22.0962 2508 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

09:48:22.0962 2508 dot3svc - ok

09:48:23.0040 2508 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

09:48:23.0055 2508 DPS - ok

09:48:23.0118 2508 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

09:48:23.0118 2508 drmkaud - ok

09:48:23.0196 2508 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

09:48:23.0258 2508 DXGKrnl - ok

09:48:23.0305 2508 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

09:48:23.0305 2508 E1G60 - ok

09:48:23.0352 2508 EagleX64 - ok

09:48:23.0399 2508 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

09:48:23.0399 2508 EapHost - ok

09:48:23.0430 2508 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

09:48:23.0430 2508 Ecache - ok

09:48:23.0477 2508 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

09:48:23.0492 2508 ehRecvr - ok

09:48:23.0508 2508 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

09:48:23.0523 2508 ehSched - ok

09:48:23.0570 2508 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

09:48:23.0570 2508 ehstart - ok

09:48:23.0586 2508 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

09:48:23.0601 2508 elxstor - ok

09:48:23.0664 2508 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

09:48:23.0679 2508 EMDMgmt - ok

09:48:23.0757 2508 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

09:48:23.0757 2508 ErrDev - ok

09:48:23.0851 2508 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

09:48:23.0851 2508 ETService - ok

09:48:23.0898 2508 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

09:48:23.0913 2508 EventSystem - ok

09:48:23.0976 2508 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

09:48:23.0976 2508 exfat - ok

09:48:24.0038 2508 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

09:48:24.0038 2508 fastfat - ok

09:48:24.0101 2508 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

09:48:24.0101 2508 fdc - ok

09:48:24.0163 2508 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

09:48:24.0163 2508 fdPHost - ok

09:48:24.0225 2508 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

09:48:24.0225 2508 FDResPub - ok

09:48:24.0272 2508 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

09:48:24.0272 2508 FileInfo - ok

09:48:24.0319 2508 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

09:48:24.0319 2508 Filetrace - ok

09:48:24.0366 2508 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

09:48:24.0366 2508 flpydisk - ok

09:48:24.0397 2508 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

09:48:24.0413 2508 FltMgr - ok

09:48:24.0522 2508 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

09:48:24.0584 2508 FontCache - ok

09:48:24.0647 2508 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:48:24.0647 2508 FontCache3.0.0.0 - ok

09:48:24.0678 2508 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

09:48:24.0693 2508 Fs_Rec - ok

09:48:24.0709 2508 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

09:48:24.0709 2508 gagp30kx - ok

09:48:24.0787 2508 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

09:48:24.0787 2508 GameConsoleService - ok

09:48:24.0865 2508 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

09:48:24.0881 2508 gpsvc - ok

09:48:24.0990 2508 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:48:25.0005 2508 gupdate - ok

09:48:25.0037 2508 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:48:25.0037 2508 gupdatem - ok

09:48:25.0083 2508 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

09:48:25.0083 2508 hamachi - ok

09:48:25.0208 2508 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

09:48:25.0239 2508 Hamachi2Svc - ok

09:48:25.0317 2508 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

09:48:25.0317 2508 HdAudAddService - ok

09:48:25.0411 2508 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:48:25.0473 2508 HDAudBus - ok

09:48:25.0489 2508 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

09:48:25.0505 2508 HidBth - ok

09:48:25.0520 2508 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

09:48:25.0520 2508 HidIr - ok

09:48:25.0551 2508 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

09:48:25.0551 2508 hidserv - ok

09:48:25.0614 2508 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

09:48:25.0614 2508 HidUsb - ok

09:48:25.0645 2508 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

09:48:25.0661 2508 hkmsvc - ok

09:48:25.0723 2508 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

09:48:25.0723 2508 HpCISSs - ok

09:48:25.0801 2508 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

09:48:25.0848 2508 HTTP - ok

09:48:25.0895 2508 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

09:48:25.0895 2508 i2omp - ok

09:48:26.0113 2508 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

09:48:26.0113 2508 i8042prt - ok

09:48:26.0160 2508 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

09:48:26.0160 2508 iaStorV - ok

09:48:26.0253 2508 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:48:26.0316 2508 idsvc - ok

09:48:26.0394 2508 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

09:48:26.0394 2508 iirsp - ok

09:48:26.0472 2508 IJPLMSVC (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

09:48:26.0487 2508 IJPLMSVC - ok

09:48:26.0550 2508 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

09:48:26.0565 2508 IKEEXT - ok

09:48:26.0675 2508 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys

09:48:26.0675 2508 int15 - ok

09:48:26.0768 2508 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys

09:48:26.0831 2508 IntcAzAudAddService - ok

09:48:26.0862 2508 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

09:48:26.0862 2508 intelide - ok

09:48:26.0877 2508 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

09:48:26.0877 2508 intelppm - ok

09:48:26.0987 2508 IntuitUpdateService (7bdb4e00e1cb174b56e5b2c31dde68a7) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

09:48:26.0987 2508 IntuitUpdateService - ok

09:48:27.0096 2508 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

09:48:27.0096 2508 IntuitUpdateServiceV4 - ok

09:48:27.0127 2508 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

09:48:27.0143 2508 IPBusEnum - ok

09:48:27.0174 2508 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:48:27.0189 2508 IpFilterDriver - ok

09:48:27.0221 2508 iphlpsvc (cd033d871a83e918b14f43f7e7590819) C:\Windows\System32\iphlpsvc.dll

09:48:27.0221 2508 iphlpsvc - ok

09:48:27.0236 2508 IpInIp - ok

09:48:27.0252 2508 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

09:48:27.0267 2508 IPMIDRV - ok

09:48:27.0299 2508 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

09:48:27.0299 2508 IPNAT - ok

09:48:27.0314 2508 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

09:48:27.0314 2508 IRENUM - ok

09:48:27.0377 2508 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

09:48:27.0377 2508 isapnp - ok

09:48:27.0439 2508 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

09:48:27.0455 2508 iScsiPrt - ok

09:48:27.0486 2508 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

09:48:27.0501 2508 iteatapi - ok

09:48:27.0564 2508 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

09:48:27.0564 2508 iteraid - ok

09:48:27.0673 2508 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe

09:48:27.0689 2508 jswpsapi - ok

09:48:27.0767 2508 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys

09:48:27.0767 2508 JSWPSLWF - ok

09:48:27.0782 2508 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

09:48:27.0798 2508 kbdclass - ok

09:48:27.0813 2508 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

09:48:27.0813 2508 kbdhid - ok

09:48:27.0829 2508 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe

09:48:27.0845 2508 KeyIso - ok

09:48:27.0891 2508 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

09:48:27.0907 2508 KSecDD - ok

09:48:27.0954 2508 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

09:48:27.0954 2508 ksthunk - ok

09:48:28.0032 2508 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

09:48:28.0047 2508 KtmRm - ok

09:48:28.0110 2508 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

09:48:28.0125 2508 LanmanServer - ok

09:48:28.0172 2508 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

09:48:28.0188 2508 LanmanWorkstation - ok

09:48:28.0219 2508 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

09:48:28.0219 2508 lltdio - ok

09:48:28.0250 2508 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

09:48:28.0266 2508 lltdsvc - ok

09:48:28.0281 2508 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

09:48:28.0281 2508 lmhosts - ok

09:48:28.0313 2508 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

09:48:28.0313 2508 LSI_FC - ok

09:48:28.0359 2508 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

09:48:28.0359 2508 LSI_SAS - ok

09:48:28.0391 2508 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

09:48:28.0391 2508 LSI_SCSI - ok

09:48:28.0437 2508 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

09:48:28.0437 2508 luafv - ok

09:48:28.0469 2508 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

09:48:28.0469 2508 Mcx2Svc - ok

09:48:28.0531 2508 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

09:48:28.0531 2508 megasas - ok

09:48:28.0593 2508 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

09:48:28.0593 2508 MegaSR - ok

09:48:28.0671 2508 Microsoft SharePoint Workspace Audit Service - ok

09:48:28.0734 2508 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

09:48:28.0734 2508 MMCSS - ok

09:48:28.0749 2508 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

09:48:28.0765 2508 Modem - ok

09:48:28.0812 2508 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

09:48:28.0812 2508 monitor - ok

09:48:28.0827 2508 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

09:48:28.0827 2508 mouclass - ok

09:48:28.0890 2508 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

09:48:28.0890 2508 mouhid - ok

09:48:28.0937 2508 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

09:48:28.0937 2508 MountMgr - ok

09:48:28.0952 2508 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

09:48:28.0952 2508 mpio - ok

09:48:28.0999 2508 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

09:48:28.0999 2508 mpsdrv - ok

09:48:29.0077 2508 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

09:48:29.0139 2508 MpsSvc - ok

09:48:29.0171 2508 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

09:48:29.0171 2508 Mraid35x - ok

09:48:29.0217 2508 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

09:48:29.0217 2508 MRxDAV - ok

09:48:29.0280 2508 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:48:29.0295 2508 mrxsmb - ok

09:48:29.0358 2508 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:48:29.0373 2508 mrxsmb10 - ok

09:48:29.0436 2508 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:48:29.0436 2508 mrxsmb20 - ok

09:48:29.0467 2508 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

09:48:29.0467 2508 msahci - ok

09:48:29.0498 2508 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

09:48:29.0498 2508 msdsm - ok

09:48:29.0529 2508 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

09:48:29.0545 2508 MSDTC - ok

09:48:29.0592 2508 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

09:48:29.0592 2508 Msfs - ok

09:48:29.0654 2508 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

09:48:29.0654 2508 msisadrv - ok

09:48:29.0685 2508 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

09:48:29.0701 2508 MSiSCSI - ok

09:48:29.0717 2508 msiserver - ok

09:48:29.0779 2508 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

09:48:29.0779 2508 MSKSSRV - ok

09:48:29.0810 2508 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

09:48:29.0810 2508 MSPCLOCK - ok

09:48:29.0857 2508 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

09:48:29.0857 2508 MSPQM - ok

09:48:29.0904 2508 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

09:48:29.0904 2508 MsRPC - ok

09:48:29.0935 2508 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

09:48:29.0935 2508 mssmbios - ok

09:48:29.0966 2508 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

09:48:29.0966 2508 MSTEE - ok

09:48:29.0997 2508 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

09:48:29.0997 2508 Mup - ok

09:48:30.0044 2508 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

09:48:30.0075 2508 napagent - ok

09:48:30.0169 2508 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

09:48:30.0169 2508 NativeWifiP - ok

09:48:30.0247 2508 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

09:48:30.0294 2508 NDIS - ok

09:48:30.0309 2508 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

09:48:30.0309 2508 NdisTapi - ok

09:48:30.0325 2508 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

09:48:30.0341 2508 Ndisuio - ok

09:48:30.0356 2508 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

09:48:30.0356 2508 NdisWan - ok

09:48:30.0403 2508 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

09:48:30.0403 2508 NDProxy - ok

09:48:30.0450 2508 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

09:48:30.0450 2508 NetBIOS - ok

09:48:30.0497 2508 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

09:48:30.0497 2508 netbt - ok

09:48:30.0543 2508 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe

09:48:30.0559 2508 Netlogon - ok

09:48:30.0590 2508 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

09:48:30.0606 2508 Netman - ok

09:48:30.0746 2508 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:48:30.0762 2508 NetMsmqActivator - ok

09:48:30.0777 2508 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:48:30.0777 2508 NetPipeActivator - ok

09:48:30.0824 2508 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

09:48:30.0840 2508 netprofm - ok

09:48:30.0933 2508 netr28ux (9c7234623096284339c698ffb41daece) C:\Windows\system32\DRIVERS\netr28ux.sys

09:48:30.0996 2508 netr28ux - ok

09:48:31.0011 2508 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:48:31.0027 2508 NetTcpActivator - ok

09:48:31.0027 2508 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:48:31.0027 2508 NetTcpPortSharing - ok

09:48:31.0058 2508 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

09:48:31.0058 2508 nfrd960 - ok

09:48:31.0105 2508 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

09:48:31.0105 2508 NlaSvc - ok

09:48:31.0199 2508 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

09:48:31.0214 2508 NPF - ok

09:48:31.0230 2508 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

09:48:31.0245 2508 Npfs - ok

09:48:31.0277 2508 npggsvc - ok

09:48:31.0308 2508 NPPTNT2 - ok

09:48:31.0355 2508 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

09:48:31.0355 2508 nsi - ok

09:48:31.0370 2508 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

09:48:31.0370 2508 nsiproxy - ok

09:48:31.0417 2508 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

09:48:31.0448 2508 Ntfs - ok

09:48:31.0464 2508 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

09:48:31.0464 2508 Null - ok

09:48:31.0495 2508 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

09:48:31.0495 2508 nvraid - ok

09:48:31.0526 2508 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

09:48:31.0526 2508 nvstor - ok

09:48:31.0573 2508 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

09:48:31.0573 2508 nv_agp - ok

09:48:31.0589 2508 NwlnkFlt - ok

09:48:31.0604 2508 NwlnkFwd - ok

09:48:31.0698 2508 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:48:31.0698 2508 odserv - ok

09:48:31.0760 2508 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

09:48:31.0760 2508 ohci1394 - ok

09:48:31.0823 2508 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:48:31.0823 2508 ose - ok

09:48:32.0072 2508 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:48:32.0103 2508 osppsvc - ok

09:48:32.0181 2508 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:48:32.0213 2508 p2pimsvc - ok

09:48:32.0291 2508 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:48:32.0291 2508 p2psvc - ok

09:48:32.0353 2508 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

09:48:32.0353 2508 Parport - ok

09:48:32.0415 2508 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

09:48:32.0415 2508 partmgr - ok

09:48:32.0478 2508 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

09:48:32.0493 2508 PcaSvc - ok

09:48:32.0525 2508 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

09:48:32.0525 2508 pci - ok

09:48:32.0571 2508 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

09:48:32.0587 2508 pciide - ok

09:48:32.0634 2508 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

09:48:32.0634 2508 pcmcia - ok

09:48:32.0681 2508 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

09:48:32.0696 2508 PEAUTH - ok

09:48:32.0774 2508 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

09:48:32.0774 2508 PerfHost - ok

09:48:32.0868 2508 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

09:48:32.0930 2508 pla - ok

09:48:32.0977 2508 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

09:48:33.0008 2508 PlugPlay - ok

09:48:33.0039 2508 PnkBstrA - ok

09:48:33.0117 2508 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:48:33.0149 2508 PNRPAutoReg - ok

09:48:33.0180 2508 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:48:33.0195 2508 PNRPsvc - ok

09:48:33.0258 2508 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

09:48:33.0273 2508 PolicyAgent - ok

09:48:33.0351 2508 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

09:48:33.0351 2508 PptpMiniport - ok

09:48:33.0429 2508 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

09:48:33.0429 2508 Processor - ok

09:48:33.0476 2508 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

09:48:33.0492 2508 ProfSvc - ok

09:48:33.0554 2508 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe

09:48:33.0554 2508 ProtectedStorage - ok

09:48:33.0617 2508 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

09:48:33.0617 2508 PSched - ok

09:48:33.0679 2508 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

09:48:33.0726 2508 ql2300 - ok

09:48:33.0757 2508 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

09:48:33.0773 2508 ql40xx - ok

09:48:33.0804 2508 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

09:48:33.0819 2508 QWAVE - ok

09:48:33.0866 2508 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

09:48:33.0866 2508 QWAVEdrv - ok

09:48:33.0897 2508 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

09:48:33.0897 2508 RasAcd - ok

09:48:33.0944 2508 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

09:48:33.0960 2508 RasAuto - ok

09:48:34.0007 2508 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:48:34.0007 2508 Rasl2tp - ok

09:48:34.0069 2508 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

09:48:34.0085 2508 RasMan - ok

09:48:34.0116 2508 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

09:48:34.0116 2508 RasPppoe - ok

09:48:34.0194 2508 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

09:48:34.0194 2508 RasSstp - ok

09:48:34.0225 2508 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

09:48:34.0225 2508 rdbss - ok

09:48:34.0241 2508 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:48:34.0241 2508 RDPCDD - ok

09:48:34.0287 2508 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

09:48:34.0287 2508 rdpdr - ok

09:48:34.0303 2508 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

09:48:34.0303 2508 RDPENCDD - ok

09:48:34.0350 2508 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

09:48:34.0365 2508 RDPWD - ok

09:48:34.0428 2508 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

09:48:34.0428 2508 RemoteAccess - ok

09:48:34.0475 2508 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

09:48:34.0506 2508 RemoteRegistry - ok

09:48:34.0584 2508 RichVideo (d1f1d0ee50f8c070a612796676971699) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

09:48:34.0615 2508 RichVideo - ok

09:48:34.0662 2508 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe

09:48:34.0662 2508 rpcapd - ok

09:48:34.0693 2508 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

09:48:34.0693 2508 RpcLocator - ok

09:48:34.0740 2508 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

09:48:34.0755 2508 RpcSs - ok

09:48:34.0771 2508 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

09:48:34.0771 2508 rspndr - ok

09:48:34.0833 2508 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys

09:48:34.0849 2508 RTHDMIAzAudService - ok

09:48:34.0911 2508 RTL8192su (20c8110486320213625c965943833e88) C:\Windows\system32\DRIVERS\RTL8192su.sys

09:48:34.0927 2508 RTL8192su - ok

09:48:34.0958 2508 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS

09:48:34.0958 2508 RTSTOR - ok

09:48:35.0021 2508 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe

09:48:35.0021 2508 SamSs - ok

09:48:35.0099 2508 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

09:48:35.0099 2508 sbp2port - ok

09:48:35.0145 2508 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

09:48:35.0161 2508 SCardSvr - ok

09:48:35.0239 2508 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys

09:48:35.0239 2508 SCDEmu - ok

09:48:35.0301 2508 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

09:48:35.0348 2508 Schedule - ok

09:48:35.0411 2508 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys

09:48:35.0411 2508 SCMNdisP - ok

09:48:35.0426 2508 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

09:48:35.0442 2508 SCPolicySvc - ok

09:48:35.0473 2508 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

09:48:35.0473 2508 SDRSVC - ok

09:48:35.0535 2508 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS

09:48:35.0535 2508 Secdrv - ok

09:48:35.0582 2508 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

09:48:35.0582 2508 seclogon - ok

09:48:35.0629 2508 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll

09:48:35.0645 2508 SENS - ok

09:48:35.0660 2508 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

09:48:35.0660 2508 Serenum - ok

09:48:35.0723 2508 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

09:48:35.0723 2508 Serial - ok

09:48:35.0769 2508 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

09:48:35.0785 2508 sermouse - ok

09:48:35.0879 2508 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

09:48:35.0894 2508 SessionEnv - ok

09:48:35.0941 2508 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

09:48:35.0941 2508 sffdisk - ok

09:48:35.0957 2508 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

09:48:35.0972 2508 sffp_mmc - ok

09:48:36.0019 2508 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

09:48:36.0019 2508 sffp_sd - ok

09:48:36.0035 2508 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

09:48:36.0035 2508 sfloppy - ok

09:48:36.0081 2508 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

09:48:36.0097 2508 SharedAccess - ok

09:48:36.0144 2508 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

09:48:36.0175 2508 ShellHWDetection - ok

09:48:36.0206 2508 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

09:48:36.0206 2508 SiSRaid2 - ok

09:48:36.0253 2508 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

09:48:36.0253 2508 SiSRaid4 - ok

09:48:36.0347 2508 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

09:48:36.0440 2508 slsvc - ok

09:48:36.0487 2508 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

09:48:36.0487 2508 SLUINotify - ok

09:48:36.0518 2508 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

09:48:36.0534 2508 Smb - ok

09:48:36.0596 2508 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

09:48:36.0596 2508 SNMPTRAP - ok

09:48:36.0659 2508 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

09:48:36.0659 2508 spldr - ok

09:48:36.0690 2508 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

09:48:36.0705 2508 Spooler - ok

09:48:36.0815 2508 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

09:48:36.0815 2508 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

09:48:36.0815 2508 sptd ( LockedFile.Multi.Generic ) - warning

09:48:36.0815 2508 sptd - detected LockedFile.Multi.Generic (1)

09:48:36.0846 2508 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

09:48:36.0861 2508 srv - ok

09:48:36.0908 2508 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

09:48:36.0924 2508 srv2 - ok

09:48:36.0924 2508 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

09:48:36.0939 2508 srvnet - ok

09:48:36.0955 2508 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

09:48:36.0955 2508 SSDPSRV - ok

09:48:37.0017 2508 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

09:48:37.0017 2508 SstpSvc - ok

09:48:37.0111 2508 Steam Client Service - ok

09:48:37.0173 2508 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

09:48:37.0220 2508 stisvc - ok

09:48:37.0283 2508 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

09:48:37.0283 2508 swenum - ok

09:48:37.0329 2508 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

09:48:37.0392 2508 swprv - ok

09:48:37.0423 2508 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

09:48:37.0423 2508 Symc8xx - ok

09:48:37.0454 2508 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

09:48:37.0454 2508 Sym_hi - ok

09:48:37.0485 2508 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

09:48:37.0485 2508 Sym_u3 - ok

09:48:37.0548 2508 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

09:48:37.0610 2508 SysMain - ok

09:48:37.0782 2508 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

09:48:37.0797 2508 TabletInputService - ok

09:48:37.0844 2508 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

09:48:37.0891 2508 TapiSrv - ok

09:48:37.0938 2508 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

09:48:37.0938 2508 TBS - ok

09:48:38.0016 2508 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys

09:48:38.0031 2508 Tcpip - ok

09:48:38.0078 2508 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys

09:48:38.0094 2508 Tcpip6 - ok

09:48:38.0156 2508 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

09:48:38.0156 2508 tcpipreg - ok

09:48:38.0172 2508 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

09:48:38.0187 2508 TDPIPE - ok

09:48:38.0219 2508 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

09:48:38.0219 2508 TDTCP - ok

09:48:38.0281 2508 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

09:48:38.0281 2508 tdx - ok

09:48:38.0406 2508 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

09:48:38.0453 2508 TeamViewer6 - ok

09:48:38.0609 2508 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

09:48:38.0640 2508 TeamViewer7 - ok

09:48:38.0780 2508 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

09:48:38.0780 2508 TermDD - ok

09:48:38.0843 2508 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

09:48:38.0858 2508 TermService - ok

09:48:38.0905 2508 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

09:48:38.0921 2508 Themes - ok

09:48:38.0983 2508 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

09:48:38.0983 2508 THREADORDER - ok

09:48:39.0014 2508 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

09:48:39.0014 2508 TrkWks - ok

09:48:39.0170 2508 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

09:48:39.0170 2508 TrustedInstaller - ok

09:48:39.0217 2508 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:48:39.0217 2508 tssecsrv - ok

09:48:39.0248 2508 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

09:48:39.0248 2508 tunmp - ok

09:48:39.0311 2508 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

09:48:39.0311 2508 tunnel - ok

09:48:39.0326 2508 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

09:48:39.0326 2508 uagp35 - ok

09:48:39.0389 2508 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

09:48:39.0389 2508 udfs - ok

09:48:39.0420 2508 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

09:48:39.0420 2508 UI0Detect - ok

09:48:39.0451 2508 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

09:48:39.0451 2508 uliagpkx - ok

09:48:39.0498 2508 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

09:48:39.0513 2508 uliahci - ok

09:48:39.0529 2508 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

09:48:39.0545 2508 UlSata - ok

09:48:39.0576 2508 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

09:48:39.0576 2508 ulsata2 - ok

09:48:39.0607 2508 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

09:48:39.0623 2508 umbus - ok

09:48:39.0669 2508 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

09:48:39.0732 2508 upnphost - ok

09:48:39.0763 2508 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

09:48:39.0763 2508 usbaudio - ok

09:48:39.0825 2508 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

09:48:39.0841 2508 usbccgp - ok

09:48:39.0888 2508 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

09:48:39.0888 2508 usbcir - ok

09:48:39.0935 2508 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

09:48:39.0935 2508 usbehci - ok

09:48:39.0966 2508 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

09:48:39.0966 2508 usbhub - ok

09:48:40.0028 2508 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

09:48:40.0028 2508 usbohci - ok

09:48:40.0091 2508 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

09:48:40.0091 2508 usbprint - ok

09:48:40.0137 2508 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:48:40.0137 2508 USBSTOR - ok

09:48:40.0184 2508 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

09:48:40.0184 2508 usbuhci - ok

09:48:40.0215 2508 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

09:48:40.0231 2508 UxSms - ok

09:48:40.0262 2508 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

09:48:40.0278 2508 vds - ok

09:48:40.0309 2508 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

09:48:40.0309 2508 vga - ok

09:48:40.0340 2508 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

09:48:40.0340 2508 VgaSave - ok

09:48:40.0356 2508 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

09:48:40.0356 2508 viaide - ok

09:48:40.0418 2508 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys

09:48:40.0418 2508 vmm - ok

09:48:40.0481 2508 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

09:48:40.0481 2508 volmgr - ok

09:48:40.0527 2508 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

09:48:40.0527 2508 volmgrx - ok

09:48:40.0574 2508 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

09:48:40.0590 2508 volsnap - ok

09:48:40.0652 2508 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys

09:48:40.0652 2508 VPCNetS2 - ok

09:48:40.0683 2508 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

09:48:40.0699 2508 vsmraid - ok

09:48:40.0777 2508 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

09:48:40.0855 2508 VSS - ok

09:48:40.0855 2508 vtany - ok

09:48:40.0902 2508 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

09:48:40.0964 2508 W32Time - ok

09:48:40.0980 2508 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

09:48:40.0995 2508 WacomPen - ok

09:48:41.0058 2508 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:48:41.0058 2508 Wanarp - ok

09:48:41.0058 2508 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:48:41.0073 2508 Wanarpv6 - ok

09:48:41.0105 2508 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

09:48:41.0151 2508 wcncsvc - ok

09:48:41.0183 2508 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

09:48:41.0183 2508 WcsPlugInService - ok

09:48:41.0214 2508 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

09:48:41.0214 2508 Wd - ok

09:48:41.0261 2508 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

09:48:41.0323 2508 Wdf01000 - ok

09:48:41.0370 2508 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

09:48:41.0385 2508 WdiServiceHost - ok

09:48:41.0385 2508 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

09:48:41.0401 2508 WdiSystemHost - ok

09:48:41.0432 2508 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

09:48:41.0448 2508 WebClient - ok

09:48:41.0479 2508 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

09:48:41.0510 2508 Wecsvc - ok

09:48:41.0526 2508 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

09:48:41.0541 2508 wercplsupport - ok

09:48:41.0588 2508 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

09:48:41.0651 2508 WerSvc - ok

09:48:41.0697 2508 WinDefend - ok

09:48:41.0713 2508 WinHttpAutoProxySvc - ok

09:48:41.0791 2508 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

09:48:41.0791 2508 Winmgmt - ok

09:48:41.0978 2508 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

09:48:42.0072 2508 WinRM - ok

09:48:42.0134 2508 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

09:48:42.0150 2508 Wlansvc - ok

09:48:42.0306 2508 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:48:42.0337 2508 wlidsvc - ok

09:48:42.0431 2508 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

09:48:42.0431 2508 WmiAcpi - ok

09:48:42.0493 2508 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

09:48:42.0509 2508 wmiApSrv - ok

09:48:42.0540 2508 WMPNetworkSvc - ok

09:48:42.0680 2508 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

09:48:42.0743 2508 WPCSvc - ok

09:48:42.0789 2508 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

09:48:42.0805 2508 WPDBusEnum - ok

09:48:42.0883 2508 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

09:48:42.0883 2508 WpdUsb - ok

09:48:43.0101 2508 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:48:43.0164 2508 WPFFontCache_v0400 - ok

09:48:43.0195 2508 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

09:48:43.0195 2508 ws2ifsl - ok

09:48:43.0226 2508 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

09:48:43.0242 2508 wscsvc - ok

09:48:43.0257 2508 WSearch - ok

09:48:43.0382 2508 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

09:48:43.0382 2508 WSWNA1100 - ok

09:48:43.0476 2508 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll

09:48:43.0569 2508 wuauserv - ok

09:48:43.0632 2508 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:48:43.0632 2508 WUDFRd - ok

09:48:43.0679 2508 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

09:48:43.0694 2508 wudfsvc - ok

09:48:43.0725 2508 X6va005 - ok

09:48:43.0788 2508 xspirit - ok

09:48:43.0803 2508 yksvc - ok

09:48:43.0850 2508 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys

09:48:43.0866 2508 yukonx64 - ok

09:48:43.0975 2508 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0

09:48:48.0951 2508 \Device\Harddisk0\DR0 - ok

09:48:48.0998 2508 Boot (0x1200) (5afe3da0bded2ac89afc99fcd1f3e44a) \Device\Harddisk0\DR0\Partition0

09:48:48.0998 2508 \Device\Harddisk0\DR0\Partition0 - ok

09:48:49.0014 2508 ============================================================

09:48:49.0014 2508 Scan finished

09:48:49.0014 2508 ============================================================

09:48:49.0029 5752 Detected object count: 2

09:48:49.0029 5752 Actual detected object count: 2

09:48:57.0594 5752 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

09:48:57.0594 5752 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

09:48:57.0594 5752 sptd ( LockedFile.Multi.Generic ) - skipped by user

09:48:57.0594 5752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

-kosmic94

Link to post
Share on other sites

By the way, i should note this: The first time I was trying to download TDSSkiller, I was getting it through a link from the bleepingcomputer site. Even though this virus apparently isn't TDSS (at least not that TDSSkiller can detect), I had a hard time getting that file to download. The page would load, and then turn white. I had to refresh the page and quickly hit download to get the program. Maybe that's just an issue with their site or my browser but I thought I'd throw it out there. However, I did not have an issue downloading TDSSkiller this time from the link you gave me, although it was apparently the same link, since my download manager did pop up and say there was already a download from that link.

-kosmic94

Link to post
Share on other sites

The aswMBR result is good. The TDSSKILLER run indicates follow-up is needed on sptd.sys driver

You have installed Daemon tools Lite on this system.

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 2

There's 2 utilities & 2 programs that are out-of-date and pose security concerns. Let's get them updated.

Java

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Flash Player

Close all browsers and instant messenger (IM) programs.

Next, press Start orb, then in Run box, type in

appwiz.cpl

and press Enter-key

Look for Adobe Flash Player. Select it and then select Un-install (remove). If more than 1 flash player listed, remove each one.

Next, Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Adobe Reader

Next, press Start orb, then in Run box, type in

appwiz.cpl

and press Enter-key

Look for Adobe Reader. Select it and un-install

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Firefox browser

Start it. Select Help >> About

Let it search for latest version. Allow it to Update and to apply the current version.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/u...ine-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Step 4

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Link to post
Share on other sites

I did as you instructed with the Java, and even rebooted my computer after installing it, but I do not see the control access in the control panel, nor do I see any way to access controls in its installed folder. So you know, I am using Vista Home Premium x64.

Two other bits of pertinent information: First, my avast antivirus no longer seems to be starting automatically on startup, and, second, both times I restarted, after removing the Java, and after installing the new, the computer took an incredibly long time on the "Shutting Down" screen.

I am on the part about going into the Java controls. I await your instructions before proceeding.

-kosmic94

Link to post
Share on other sites

Re the computer took an incredibly long time on the "Shutting Down" screen.

I have no idea why, nor, what it is related to. Perhaps it may have had some pending Windows Updates. (but that is a guess)

On a 64-bit Windows, you actually have 2 Internet Explorer browser versions. 1 a 64-bit, 1 a 32-bit

On a 64-bit Windows, if you want to have Java capability for all browsers, you need both the 32 & 64 bit.

Proceed forward with the other steps I outlined before. (You may skip over the Java cache cleanup).

Do the other updates, the ESET scan, and post logs.

Link to post
Share on other sites

P.S. I should correct myself regarding Flash Player & 64-bit Windows:

If you use Internet Explorer on your 64-bit Windows, and go to the Flash Player download page,

it will offer the 64-bit player-installer. That installer contains both the 32-bit & 64-bit flash players.

FYI, the latest version is 11.2.202.228

btw, be sure you Un-check any Google Chrome add-on or any added widget.

Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f1453587d422d6478e7fb538e15e43f4

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-29 02:23:16

# local_time=2012-03-28 10:23:16 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 45 131167324 169569011 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=451762

# found=10

# cleaned=10

# scan_time=17490

C:\Downloads\index(5).html HTML/Hoax.FastDownload.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Games\SoftonicDownloader_for_bus-simulator.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\cnet_alienarena-7_51-win20110316_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\cnet_smrecorder_installer_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\Counter Strike(1).exe a variant of MSIL/Solimba.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\Counter Strike.exe a variant of MSIL/Solimba.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\installer_counter-strike.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\RAR+Password+Cracker.exe MSIL/Solimba.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\Software\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Downloads\wrrk\system\WarRock.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

-kosmic94

Link to post
Share on other sites

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log. Post that & tell me, How your system is now :excl:

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.