Jump to content


Photo
- - - - -

sp.dll infection


  • This topic is locked This topic is locked
48 replies to this topic

#1 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 26 March 2012 - 07:31 AM

There seems to be something wrong with C:\Windows\SysWOW64\rundll32.exe. I keep getting popups from avast (my main antivirus) that are, apparently, indicating that it's trying to contact a remote computer. It's also redirected some Google searches and at one point even stopped avast from doing a scan (I got a message that there were no more endpoints available from the endpoint mapper). I've scanned with avast, both with the computer on and at boot time, I ran Kaspersky's TDSSkiller but it did not detect TDSS, and I ran Malwarebytes, which removed several infections, including, apparently, something in the registry referencing rundll32.exe, but I am still getting the alerts from avast.

In fact, I originally started getting the alerts from a file in C:\user\%user%\AppData\Local\Temp - a file I couldn't actually find when I went to look for it. An avast scan removed something (though I don't think it was even the same file) from that folder, after which the infection apparently "migrated" to the SysWOW64 rundll32.exe.

If I go into Task Manager and terminate the rundll32.exe process from SysWOW64 (there is also one running from System32 which I leave alone), the alerts stop and Google searches are not redirected. I have half a mind, therefore, to just shred that copy of rundll32.exe, but somehow, that sounds like a rather bad idea on the whole.

Attached are the DDS logs as instructed. Thank you in advance for your help; my family and I are in a situation where we really cannot afford to be without this computer.

-kosmic94

Attached Files



#2 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 26 March 2012 - 06:30 PM

Bump... forgive me but this is very important to me and my family.

-kosmic94

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 07:15 AM

Hello kosmic94,

These steps are for kosmic94 only. If you are a casual viewer, do NOT try this on your system!
If you are not kosmic94 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other
System !

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do NOT do any websurfing of any kind while this topic is open & I am helping you.
Do NOT run any tools of any sort on your own. Follow my guidance. If you have questions, then STOP, and put into reply in this topic.

The base issue is sp.dll which is a highly suspect driver. Not rundll32 ! What do you know about "Minecraft" ??

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Show all files:
  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.
Step 3
Turn OFF Avast anti-virus otherwise it will interfere with cleanup of malware !

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

DDS::
uRun: [sp]

Driver::
sp

File::
C:\Users\Flood\AppData\Roaming\.minecraft\sp.DLL

Folder::
C:\Users\Flood\AppData\Roaming\.minecraft\


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4

Now, re-enable the Avast antivirus.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step 5
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Step 6
Copy & Paste contents of C:\Combofix.txt, & Log.txt & Info.txt & Checkup.txt.
Use separate replies as needed if logs do not fit into one reply box.

There will be more to do later.

Edited by Maurice Naggar, 27 March 2012 - 07:54 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#4 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 10:09 AM

All done. I thought I should provide you with some extra info, just in case it will be helpful. It's probably going to be extraneous, but I figure, with computers, too much information is far better than too little.

First off, I've attached the original log from Malwarebytes when I scanned my computer, in case that will help.

Second, you should know I had the rundll32.exe process (from SysWOW64) shut down when I was running ComboFix, in case that needed to be running for ComboFix to detect it or something.

Third, after ComboFix ran, it restarted the computer. I wasn't sure if that was ComboFix or not (should have told me to expect that ;)), so I canceled the shutdown initially and looked for the logfile. At C:\ I found "ComboFix," but it had the computer icon, and clicking on it just took me apparently back to My Computer, but it was indeed shown at C:\Computer\ComboFix. I renamed it to ComboFix.txt and it became an openable folder with a bunch of files inside it - including the as-yet incomplete ComboFix.txt logfile. I then renamed it back to just ComboFix (but it remained a folder and did not return to the computer icon), and restarted my computer. There was also some computer file with numbers as its name, but it's gone now; presumably it was a ComboFix file or folder.

Fourth, after I restarted and ComboFix was preparing its report, I noted it said not to run any programs. Java requested to update while it was doing that, which I denied, clicked the "x" in its system tray popup, and then clicked inside the ComboFix window. I doubt this matters, but, like I said, better too much info than too little.

Fifth - and I really think this is completely irrelevant but I'll say it anyway just because I got the idea into my head - I haven't been shutting down and restarting my computer, but keeping it "off" in standby mode instead. This is to circumvent a crashing issue that seems to be exacerbated by restarts.

I think that's all. Next post will have the copy/pasted log files from everything. See Malwarebytes log attachment in this one.

-kosmic94

Attached Files



#5 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 10:11 AM

ComboFix 12-03-27.02 - Flood 03/27/2012 9:52.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1033.18.3838.2412 [GMT -4:00]
Running from: c:\downloads\MalwareStuff\ComboFix.exe
Command switches used :: c:\downloads\MalwareStuff\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Flood\AppData\Roaming\.minecraft\sp.DLL"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\Install.exe
c:\program files (x86)\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
c:\users\Flood\AppData\Roaming\.minecraft
c:\users\Flood\AppData\Roaming\.minecraft\backup\bin\Minecraft.jar.1325537237112
c:\users\Flood\AppData\Roaming\.minecraft\backup\saves\Dinamite\Dinamite.1325537242665.zip
c:\users\Flood\AppData\Roaming\.minecraft\backup\saves\New World\New World.1325537243478.zip
c:\users\Flood\AppData\Roaming\.minecraft\backup\saves\Tech World\Tech World.1325537244515.zip
c:\users\Flood\AppData\Roaming\.minecraft\bin\jinput.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\lwjgl.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\lwjgl_util.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\md5s
c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft-1.0.0.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft-1.7.3.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft - Copy.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft.bak
c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft.jar
c:\users\Flood\AppData\Roaming\.minecraft\bin\minecraft.jar.backup
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
c:\users\Flood\AppData\Roaming\.minecraft\bin\version
c:\users\Flood\AppData\Roaming\.minecraft\bin\WorldEdit.jar
c:\users\Flood\AppData\Roaming\.minecraft\config\ModLoader.cfg
c:\users\Flood\AppData\Roaming\.minecraft\data_dump.xml
c:\users\Flood\AppData\Roaming\.minecraft\default_reference.xml
c:\users\Flood\AppData\Roaming\.minecraft\hs_err_pid6324.log
c:\users\Flood\AppData\Roaming\.minecraft\lastlogin
c:\users\Flood\AppData\Roaming\.minecraft\mcpatcher.xml
c:\users\Flood\AppData\Roaming\.minecraft\mcyu.jar
c:\users\Flood\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe
c:\users\Flood\AppData\Roaming\.minecraft\Minecraft Cracked.exe
c:\users\Flood\AppData\Roaming\.minecraft\Minecraft Updater.exe
c:\users\Flood\AppData\Roaming\.minecraft\Minecraft.exe
c:\users\Flood\AppData\Roaming\.minecraft\MinecraftInstall.net.url
c:\users\Flood\AppData\Roaming\.minecraft\ModLoader.txt
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\alias.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\bindings.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\itemnames.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spc.settings
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113624938.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113629190.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113689243.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113697789.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113703638.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113705944.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113708141.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\spcexception-1325113711042.log
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\sppcommands.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods\sppcommands\worldedit.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\alias.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\bindings.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\itemnames.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\spc.settings
c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\sppcommands.properties
c:\users\Flood\AppData\Roaming\.minecraft\mods_backup\sppcommands\worldedit.properties
c:\users\Flood\AppData\Roaming\.minecraft\optifog.log
c:\users\Flood\AppData\Roaming\.minecraft\options.txt
c:\users\Flood\AppData\Roaming\.minecraft\resources\music\calm1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\music\calm2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\music\calm3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\hal4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\nuance1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\nuance2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\piano1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\piano2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newmusic\piano3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave10.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave11.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave12.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave13.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave6.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave7.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave8.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\cave\cave9.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\rain4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\thunder1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\thunder2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\ambient\weather\thunder3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\fallbig1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\fallbig2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\fallsmall.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\hurtflesh1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\hurtflesh2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\damage\hurtflesh3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\fire\fire.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\fire\ignite.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\lava.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\lavapop.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\splash.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\liquid\water.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\breathe4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\death.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\blaze\hit4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hiss1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hiss2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hiss3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hitt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hitt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\hitt3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\meow4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purr1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purr2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purr3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purreow1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cat\purreow2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chicken1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chicken2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chicken3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chickenhurt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chickenhurt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\chickenplop.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cow4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cowhurt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cowhurt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\cowhurt3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeper4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\creeperdeath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\death.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\hit4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\idle5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\portal.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\portal2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\scream4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\endermen\stare.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\affectionate scream.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\charge.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\death.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\fireball4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan6.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\moan7.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\ghast\scream5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\big4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\jump4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube\small5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pig1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pig2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pig3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\pigdeath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\sheep1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\sheep2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\sheep3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\hit1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\hit2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\hit3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\kill.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\say4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish\step4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeleton1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeleton2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeleton3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletondeath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\skeletonhurt4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slime5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slimeattack1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\slimeattack2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spider4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\spiderdeath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\bark1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\bark2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\bark3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\death.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\growl1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\growl2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\growl3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\howl1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\howl2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\hurt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\hurt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\hurt3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\panting.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\shake.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\wolf\whine.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\metal1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\metal2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\metal3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\wood4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie\woodbreak.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombie3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiedeath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiehurt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiehurt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpig4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigangry4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpigdeath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpighurt1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig\zpighurt2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\bass.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\bassattack.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\bd.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\harp.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\hat.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\pling.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\note\snare.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\portal\portal.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\portal\travel.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\portal\trigger.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bow.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\bowhit4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\break.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\breath.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\burp.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\chestclosed.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\chestopen.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\click.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\door_close.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\door_open.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\drink.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\drr.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\eat1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\eat2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\eat3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\explode4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\fizz.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\fuse.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\glass1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\glass2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\glass3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\hurt.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\levelup.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\old_explode.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\orb.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\pop.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\splash.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\random\wood click.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\cloth4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\grass4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\gravel4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\sand4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\snow4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\stone4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\step\wood4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\tile\piston\in.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\tile\piston\out.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart5.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart6.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart7.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\newsound\vehicle\minecart8.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\pe\humble.png
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\grass4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\gravel4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\stone4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood1.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood2.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood3.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\sound\step\wood4.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\11.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\13.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\13.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\blocks.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\cat.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\cat.ogg
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\chirp.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\far.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\mall.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\mellohi.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\stal.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\strad.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\ward.mus
c:\users\Flood\AppData\Roaming\.minecraft\resources\streaming\where are we now.mus
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\level.dat
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\level.dat_old
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.-1.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.0.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.0.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.1.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\region\r.1.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\session.lock
c:\users\Flood\AppData\Roaming\.minecraft\saves\Dinamite\spc.settings
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\level.dat
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\level.dat_old
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.-1.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.-1.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.0.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\region\r.0.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Gersland\session.lock
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\level.dat
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\level.dat_old
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.-1.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.-1.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.0.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\region\r.0.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\session.lock
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\spc.settings
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\waypoints.dat
c:\users\Flood\AppData\Roaming\.minecraft\saves\New World\waypoints.dat_old
c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\level.dat
c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\level.dat_old
c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\region\r.-1.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\region\r.0.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Nova Terra\session.lock
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\level.dat
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\level.dat_old
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.-1.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.0.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.0.-2.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.0.0.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\region\r.1.-1.mcr
c:\users\Flood\AppData\Roaming\.minecraft\saves\Tech World\session.lock
c:\users\Flood\AppData\Roaming\.minecraft\servers.dat
c:\users\Flood\AppData\Roaming\.minecraft\sp.DLL
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_dave_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_dave_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_futhark74_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_futhark74_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker2_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_joeriker2_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_mcfalson_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_mcfalson_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_player_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_player_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_ryan_unsent.dat
c:\users\Flood\AppData\Roaming\.minecraft\stats\stats_ryan_unsent.old
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\ChaosKiller.zip
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\CUBE Inc. Texture Pack copy.zip
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\CustomPainterly.Griz2.zip
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\Misa210.zip
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\Misa301.zip
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\PainterlyCustomTexPack.zip
c:\users\Flood\AppData\Roaming\.minecraft\texturepacks\The Way - Texturepack 1.7.zip
c:\users\Flood\AppData\Roaming\.minecraft\TooManyItems.txt
c:\users\Flood\AppData\Roaming\.minecraft\Uninstall.exe
c:\users\Flood\AppData\Roaming\.minecraft\Uninstall.ini
c:\users\Flood\AppData\Roaming\Local
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(4).ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(5).ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(6).ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\(7).ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4)
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Flood\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Flood\xobglu32.dll
c:\windows\iun6002.exe
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 14:24 . 2012-03-27 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 13:43 . 2012-03-27 13:43 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\users\Flood\AppData\Roaming\Malwarebytes
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 02:08 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 22:32 . 2012-03-16 22:32 -------- d-----w- c:\programdata\id Software
2012-03-10 22:45 . 2012-03-10 22:45 -------- d-----w- c:\program files (x86)\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-06-29 17:07 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-06-13 19:12 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-01-16 15:52 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-03-06 00:13 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2009-06-13 19:12 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-06-13 19:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-06-13 19:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-06-13 19:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-06-13 19:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2011-03-03 4620288]
"Akamai NetSession Interface"="c:\users\Flood\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"MAgent"="c:\program files (x86)\Mail.Ru\Agent\MAgent.exe" [2009-12-24 8746680]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\users\Flood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RCA Detective.lnk - c:\users\Flood\Documents\RCA Detective\RCADetective.exe [2010-12-25 804352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Мастер установки.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-7-18 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.juno.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0409&m=dx4200-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Display All Images with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/227"
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files (x86)\Mail.Ru\Agent\magent.exe
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Flood\AppData\Roaming\Mozilla\Firefox\Profiles\360vmvb8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Performance Cache: gcyvknqexv@gcyvknqexv.org - %profile%\extensions\gcyvknqexv@gcyvknqexv.org
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://operations.section31rp.co.uk/ppt
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Easy Dock - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Civil War Generals II Demo - c:\sierra\Cwg2Demo\Uninst.isu
AddRemove-Digalo 2000 Russian - c:\program files (x86)\Digalo\Digalo 2000 Russian\Uninst.isu
AddRemove-Elite Force Engine Patch1.37 - c:\windows\iun6002.exe
AddRemove-Elite Force Player Maps - c:\program files (x86)\Raven\Star Trek Voyager Elite Force\EFPM.isu
AddRemove-Minecraft Beta Cracked - c:\users\Flood\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-PunkBusterSvc - c:\downloads\ПОБЕДИМ\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-Geotag - c:\windows\system32\javaws.exe
AddRemove-Wurm Online 3.0.1 - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Flood\AppData\Local\Temp\005A29D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\SysWOW64\atashost.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-03-27 10:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 14:45
.
Pre-Run: 243,155,763,200 bytes free
Post-Run: 244,682,305,536 bytes free
.
- - End Of File - - CF50324089B178FDAB833FBB468DE185



#6 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 10:12 AM

Logfile of random's system information tool 1.09 (written by random/random)
Run by Flood at 2012-03-27 10:48:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 233 GB (39%) free of 600 GB
Total RAM: 3838 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:55 AM, on 3/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe
C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe
C:\Windows\CNYHKey.exe
C:\Users\Flood\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Program Files\trend micro\Flood.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...409&m=dx4200-09
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\JNAccelerator\qsacc\x1IEBHO.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [MAgent] "C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe" -LM
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [VueMinder] "C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe" 1
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RCA Detective.lnk = C:\Users\Flood\Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: NETGEAR WNA1100 Мастер установки.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files (x86)\JNAccelerator\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files (x86)\JNAccelerator\qsacc\appres.dll/227"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.support.g...rvest/gwCID.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\SysWOW64\atashost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 15923 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
taskeng.exe {37DDFE69-FDBE-4111-ADE4-B7D8CFA0FF7B}
C:\Windows\Explorer.EXE
taskeng.exe {EBCEEE99-9906-4C34-8BAB-CFC8C9D33D63}
taskeng.exe {392C2C18-B08A-4521-97A3-3A4ADE1E50C9}
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Windows\SysWOW64\atashost.exe"
"C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4451abcc-c2e6-4808-9974-f323599c37b4 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d8f919ea-14d5-4537-8767-37f1f3d706b3 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-44d07c60-5b3d-4c21-9154-03bf64dc4789 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d0bedf9c-0fcb-406c-bc80-8a37ffd844f8
"C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe"
RUNDLL32.EXE ykx64coinst,serviceStartProc
WLIDSvcM.exe 1284
C:\Windows\system32\conime.exe
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Windows\ehome\ehtray.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe" 1
"C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe"
"C:/Users/Flood/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Windows\CNYHKey.exe"
"C:\Users\Flood\Documents\RCA Detective\RCADetective.exe"
"C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
C:\Windows\ModLedKey.exe
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {26C14A7E-524E-4850-82B4-02C362872773}
notepad.exe "C:\Users\Flood\AppData\Local\Temp\log.txt"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 680 684 692 65536 688
C:\PROGRA~2\FREEDO~1\fdm.exe -Embedding
"C:\Users\Flood\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-05-27 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
Pop-up Blocker - C:\Program Files (x86)\JNAccelerator\qsacc\x1IEBHO.dll [2006-12-06 211456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2010-03-10 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-09-18 6495264]
"Skytel"=C:\Windows\Skytel.exe [2008-09-18 1833504]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1840720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"VueMinder"=C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [2011-03-02 4620288]
"Akamai NetSession Interface"=C:\Users\Flood\AppData\Local\Akamai\netsession_win.exe [2012-03-13 3331872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"=C:\Windows\LchDrvKey.exe [2007-03-28 36864]
"LedKey"=C:\Windows\CNYHKey.exe [2008-04-23 339968]
"Smart Copy"=C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [2008-05-21 53248]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"MAgent"=C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe [2009-12-24 8746680]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-12-09 1226608]
"DivX Download Manager"=C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-05-27 40368]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-25 343168]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WNA1100 Мастер установки.lnk - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe

C:\Users\Flood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
RCA Detective.lnk - C:\Users\Flood\Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.XFR1"=xfcodec64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-03-27 10:48:45 ----D---- C:\rsit
2012-03-27 10:48:45 ----D---- C:\Program Files\trend micro
2012-03-27 10:45:10 ----A---- C:\ComboFix.txt
2012-03-27 10:36:02 ----SHD---- C:\$RECYCLE.BIN
2012-03-27 09:48:49 ----A---- C:\Windows\zip.exe
2012-03-27 09:48:49 ----A---- C:\Windows\SWSC.exe
2012-03-27 09:48:49 ----A---- C:\Windows\SWREG.exe
2012-03-27 09:48:49 ----A---- C:\Windows\sed.exe
2012-03-27 09:48:49 ----A---- C:\Windows\PEV.exe
2012-03-27 09:48:49 ----A---- C:\Windows\NIRCMD.exe
2012-03-27 09:48:49 ----A---- C:\Windows\MBR.exe
2012-03-27 09:48:49 ----A---- C:\Windows\grep.exe
2012-03-27 09:48:33 ----D---- C:\Qoobox
2012-03-27 09:43:51 ----D---- C:\Windows\ERDNT
2012-03-27 09:43:17 ----D---- C:\Program Files (x86)\ERUNT
2012-03-25 22:08:58 ----D---- C:\Users\Flood\AppData\Roaming\Malwarebytes
2012-03-25 22:08:50 ----D---- C:\ProgramData\Malwarebytes
2012-03-25 22:08:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 22:08:48 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-03-25 22:03:27 ----A---- C:\TDSSKiller.2.7.22.0_25.03.2012_22.03.27_log.txt
2012-03-25 21:45:32 ----ASH---- C:\hiberfil.sys
2012-03-16 18:32:43 ----D---- C:\ProgramData\id Software
2012-03-10 18:45:55 ----D---- C:\Program Files (x86)\AnvSoft

======List of files/folders modified in the last 1 month======

2012-03-27 10:48:45 ----RD---- C:\Program Files
2012-03-27 10:48:28 ----D---- C:\Windows\Temp
2012-03-27 10:45:22 ----D---- C:\Windows\system32\drivers
2012-03-27 10:42:58 ----D---- C:\Windows\System32
2012-03-27 10:42:58 ----D---- C:\Windows\inf
2012-03-27 10:42:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-27 10:37:19 ----D---- C:\Windows
2012-03-27 10:37:08 ----A---- C:\Windows\system.ini
2012-03-27 10:36:47 ----D---- C:\Windows\system32\WDI
2012-03-27 10:35:46 ----D---- C:\Windows\system32\drivers\etc
2012-03-27 10:09:58 ----D---- C:\Windows\SYSWOW64\drivers
2012-03-27 10:09:58 ----D---- C:\Windows\SysWOW64
2012-03-27 10:09:58 ----D---- C:\Windows\AppPatch
2012-03-27 10:09:54 ----D---- C:\Program Files\Common Files
2012-03-27 10:09:54 ----D---- C:\Program Files (x86)\Common Files
2012-03-27 09:48:17 ----D---- C:\Windows\Prefetch
2012-03-27 09:46:17 ----D---- C:\Users\Flood\AppData\Roaming\Free Download Manager
2012-03-27 09:43:17 ----RD---- C:\Program Files (x86)
2012-03-27 09:41:58 ----RD---- C:\Downloads
2012-03-27 09:26:43 ----SHD---- C:\Windows\Installer
2012-03-26 21:14:59 ----D---- C:\Users\Flood\AppData\Roaming\Skype
2012-03-26 01:24:38 ----SHD---- C:\System Volume Information
2012-03-25 22:08:50 ----D---- C:\ProgramData
2012-03-25 20:43:55 ----A---- C:\Windows\ntbtlog.txt
2012-03-25 15:40:25 ----D---- C:\Users\Flood\AppData\Roaming\codeblocks
2012-03-25 11:48:49 ----D---- C:\Program Files (x86)\Cain
2012-03-22 18:01:24 ----D---- C:\Users\Flood\AppData\Roaming\CyberLink
2012-03-20 09:47:38 ----D---- C:\Windows\system32\catroot2
2012-03-14 21:54:20 ----D---- C:\Windows\Minidump
2012-03-14 21:25:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-13 19:59:15 ----D---- C:\Users\Flood\AppData\Roaming\gtk-2.0
2012-03-06 19:15:14 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-03-06 19:15:03 ----A---- C:\Windows\system32\aswBoot.exe
2012-03-04 16:30:11 ----RSD---- C:\Windows\assembly
2012-03-04 16:29:08 ----D---- C:\Windows\Microsoft.NET
2012-03-04 16:27:27 ----RSD---- C:\Windows\Fonts
2012-03-04 16:21:27 ----D---- C:\Program Files (x86)\TurboTax
2012-03-02 17:00:16 ----D---- C:\ProgramData\CanonIJPLM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-27 16400]
R0 SCMNdisP;General NDIS Protocol Driver; C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-05 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-03-06 43864]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-06 819032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-06 337240]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-06 59224]
R1 JSWPSLWF;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-06-15 93240]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-07-14 294232]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2008-10-29 1253376]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10496512]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-10-25 326656]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-09-18 1497112]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2008-08-12 181024]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS [2008-06-05 66048]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 98944]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 108544]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2008-08-05 392192]
S2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-06-11 17952]
S3 aib0rg7m;aib0rg7m; C:\Windows\system32\drivers\aib0rg7m.sys []
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-10-10 1724416]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10496512]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-08-02 900608]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-01 4682]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 616448]
S3 vtany;vtany; \??\C:\Windows\vtany.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]
S3 X6va005;X6va005; \??\C:\Users\Flood\AppData\Local\Temp\005A29D.tmp []
S3 xspirit;xspirit; \??\C:\Users\Flood\AppData\Local\Temp\xspirit.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe [2007-12-10 15872]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 27648]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-10-25 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\SysWOW64\atashost.exe [2009-03-06 20376]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-06 44768]
R2 ETService;Empowering Technology Service; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-08-04 75136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2008-08-19 244904]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 WSWNA1100;WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
R2 yksvc;Marvell Yukon Service; ykx64coinst,serviceStartProc []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-22 960992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-06-06 4005936]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-07-28 411432]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------



#7 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 10:13 AM

info.txt logfile of random's system information tool 1.09 2012-03-27 10:48:58

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
A.V.A-->"C:\Program Files (x86)\InstallShield Installation Information\{93712806-272D-485E-8D8E-C08E861CF3E0}\setup.exe" -runfromtemp -l0x0409 -removeonly
Adobe Digital Editions-->"C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -maintain plugin
Adobe Reader 8.3.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A83000000003}
Agere Systems PCI-SV92PP Soft Modem-->C:\Windows\agrsmdel
Akamai NetSession Interface Service-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe
Alcatraz Prison Escape-->C:\Windows\IsUninst.exe -f"C:\GAMES\TRIADA\Alcatraz Prison Escape\Uninst.isu"
Allods Online 2.0.04.49-->C:\Downloads\Allods\uninst.exe
Alt MP3 Bitrate Converter 7.3-->"C:\Program Files (x86)\Alt MP3 Bitrate Converter\unins000.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{52FB2985-F3AD-DAA7-7645-4E38A5B96E17} REBOOT=ReallySuppress
Any Flv Converter 2.0.0-->"C:\Program Files (x86)\Any Flv Converter\unins000.exe"
Any Video Converter 3.2.5-->"C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ArmA 2 Free Uninstall-->C:\Downloads\Arma2Free\UnInstall.exe
Armagetron Advanced 0.2.8.3.1.gcc-->C:\Program Files (x86)\Armagetron Advanced\uninst.exe
AssaultCube v1.0-->"C:\Program Files (x86)\ACube\uninstall.exe"
AssaultCube v1.1.0.4-->"C:\Program Files (x86)\ACube\uninstall.exe"
Atomic RAR Password Recovery 1.20-->"C:\Program Files (x86)\Atomic RAR Password Recovery\unins000.exe"
Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~2\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~2\AVVCS6~1.0DI\INSTALL.LOG
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"
Battlefield 1942 Multiplayer Demo-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5ED20FB0-678F-41EE-9211-DC9C670FD193}\Setup.exe" -l0x9
Battlefield 2™ Demo-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}\setup.exe" -l0x9 -removeonly
Battlefield Heroes-->"C:\Program Files (x86)\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstall.xml"
Battlefield Play4Free-->"C:\Program Files (x86)\EA Games\Battlefield Play4Free\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Play4Free\Uninstall.xml"
BEYOND ATLANTIS 2-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\DreamCatcher\BEYOND ATLANTIS 2\Uninst.isu"
Black Shades (remove only)-->"C:\Program Files (x86)\Black Shades\uninstall.exe"
BOS-->C:\Windows\ST5UNST.EXE -n "C:\Downloads\bos\ST5UNST.LOG"
Byki Express-->"C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe" REMOVE=TRUE MODIFY=FALSE
Byki-->C:\ProgramData\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe
Cabela's 4x4 Off-road Adventure 1.2-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Activision Value\Cabela's 4x4 Off-road Adventure\Uninst.isu"
Cain & Abel v4.9.42-->C:\PROGRA~2\Cain\UNINSTAL.EXE C:\PROGRA~2\Cain\Install.log
CamStudio-->C:\Program Files (x86)\CamStudio\uninstall.exe
Canon iP2600 series User Registration-->C:\Program Files (x86)\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
Civil War Generals II Demo-->C:\Windows\IsUninst.exe -fC:\SIERRA\Cwg2Demo\Uninst.isu
Clive Barker's Undying™-->C:\Windows\IsUninst.exe -fC:\Downloads\Games\Clive\Uninst.isu
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cosmic Supremacy-->MsiExec.exe /I{9DD2509C-8479-4A92-8FF3-9A412A5B1877}
Counter Strike 1.6 FULL v42-->C:\Downloads\CS-1.6-2\Uninstall.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9
Counter-Strike 2D 0.1.1.9-->"C:\Downloads\CS2D\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
CPUID CPU-Z 1.58-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
CPUID HWMonitor Pro 1.12-->"C:\Program Files\CPUID\HWMonitorPro\unins000.exe"
Crash Demo-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Mattel Media\Hot Wheels\Crash Demo\Uninst.isu"
Cross Fire En-->"C:\Downloads\cf\unins000.exe"
Custom locale tlh-pIqaD-US-->MsiExec.exe /I{314AE83A-B29E-4D5C-8A0D-8ADAAA3E0FB4}
CyberLink LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Deus Ex Game Of The Year-->C:\Games\DEUSEX~1\UNWISE.EXE C:\Games\DEUSEX~1\INSTALL.LOG
Digalo 2000 Russian-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Digalo\Digalo 2000 Russian\Uninst.isu"
Digital Camera-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}\setup.exe"
Disney's 102 Dalmatians Puppies to the Rescue-->C:\Windows\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\102DAL~1\DeIsL1.isu
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Elder Futhark Keyboard-->MsiExec.exe /I{7CC89A11-E357-4243-9235-99B8B9C0CA58}
Elite Force Engine Patch-->C:\Windows\iun6002.exe "C:\Program Files (x86)\raven\Star Trek Voyager Elite Force\irunin.ini"
Elite Force Player Maps-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Raven\Star Trek Voyager Elite Force\EFPM.isu"
Elite Force RPG-X v2.0-->"C:\Program Files (x86)\Raven\Star Trek Voyager Elite Force\RPG-X2\extras\uninstall\unins000.exe"
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
FileZilla Client 3.3.5.1-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
FLV to MP4 Converter 2009.2.20-->"C:\Program Files (x86)\FLV to MP4 Converter\unins000.exe"
Foxit Reader 5.0-->"C:\Downloads\fx\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Allegiance - Application Compatibility Database-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{64fb7ce2-21dd-464d-a6a5-a21ca54f173f}.sdb"
Free Allegiance-->C:\Downloads\Allegiance\uninst.exe
Free Audio CD Burner version 1.4.7-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free Download Manager 3.4 ALPHA-->"C:\Program Files (x86)\Free Download Manager\unins000.exe"
Free WMA to MP3 Converter 1.16-->"C:\Program Files (x86)\Free WMA to MP3 Converter\unins000.exe"
Free YouTube Download version 3.0.13.815-->C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
Free YouTube to MP3 Converter version 3.9.35.324-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Frogger2-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Hasbro Interactive\Frogger2\Uninst.isu"
Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"
Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GSC 2.00-->"C:\Program Files (x86)\GSC 2.00\gsc-uninst.exe"
GtkRadiant 1.5.0-->MsiExec.exe /I{EC2F741D-308C-42B4-BD04-9A4853F2E402}
Guitar Pro 6-->"C:\Program Files (x86)\Guitar Pro 6\unins000.exe"
Hard Truck 18 Wheels of Steel-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1096C4FA-CC07-4BE1-B73F-77BDFF4916B8}
Harry Potter and the Order of the Phoenix™-->C:\Program Files (x86)\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
Hirc-->"C:\Program Files (x86)\Hirc\unins000.exe"
Hot Wheels Crash-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Mattel Media\Hot Wheels\CRASH\Data\UninstallCrash.isu"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ioquake3-->"C:\Program Files (x86)\ioquake3\uninstall.exe"
iWisoft Free Video Converter 1.2-->"C:\Program Files (x86)\iWisoft Free Video Converter\unins000.exe"
Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}
Java™ 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JFK Reloaded 1.1-->C:\Downloads\j\uninst.exe
Juno 5.1.83-->C:\Program Files (x86)\Juno\bin\Uninstall.exe
Juno SpeedBand (remove only)-->"C:\Program Files (x86)\JNAccelerator\uninstacc.exe"
Just BASIC v1.01-->C:\Program Files (x86)\Just BASIC v1.01\uninstall.exe
KB0817 Keyboard Driver-->C:\Program Files (x86)\InstallShield Installation Information\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}\setup.exe -runfromtemp -l0x0009 -removeonly
L&H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSGED.inf, Uninstall
L&H TTS3000 Russian-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSRUR.inf, Uninstall
LAME v3.98.2 for Audacity-->"C:\Program Files (x86)\Lame for Audacity\unins000.exe"
League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Livestream Procaster-->MsiExec.exe /I{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {8BBB5E4C-3F5E-4C07-BFBE-33B34600783A} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}
Lords of Magic Special Edition-->C:\Windows\IsUninst.exe -fC:\SIERRA\LOMSE\Uninst.isu
Lords of Magic-->C:\Windows\IsUninst.exe -fC:\SIERRA\LOM\Uninst.isu
Mail.Ru Agent 5.6 (build 3278, for all users)-->C:\Program Files (x86)\Mail.Ru\Agent\magentsetup.exe -uninstalllm
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
Microsoft Midtown Madness-->"C:\Program Files (x86)\Microsoft Games\Midtown Madness\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Money Essentials-->"C:\Program Files (x86)\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Motocross Madness 2-->"C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
Minecraft Beta Cracked-->C:\Users\Flood\AppData\Roaming\.minecraft\Uninstall.exe
Mozilla Firefox (3.6.28)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MUSHclient (remove only)-->C:\Program Files (x86)\MUSHclient\uninstall.exe
My Game Long Name-->C:\Program Files (x86)\WHITE\Binaries\UnSetup.exe /uninstall
NCC1701 (remove only)-->"C:\Program Files (x86)\NCC1701\uninst-NCC1701.exe"
NETGEAR WNA1100 N150 Wireless USB Adapter-->"C:\Program Files (x86)\InstallShield Installation Information\{A2AE9709-283B-4B48-AA34-729C070A62FB}\setup.exe" -runfromtemp -l0x0419 -removeonly
Nmap 5.51-->"C:\Program Files (x86)\Nmap\uninstall.exe"
Noah's Jungle-->C:\UDK\Noah's Jungle\Binaries\UnSetup.exe /uninstall
NSIS Example2 (remove only)-->"C:\Program Files (x86)\Flamewar\uninstall.exe"
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}
Opera 10.61-->MsiExec.exe /X{70858C67-8761-4444-895A-0A8B2E9E144E}
ophcrack 3.3.1-->C:\Program Files (x86)\ophcrack\uninst.exe
Paintball2 Alpha build 32 update-->C:\Games\Paintball2\uninst.exe
Paltalk Messenger-->"C:\Windows\PaltalkScene\uninstall.exe" "/U:C:\Program Files (x86)\Paltalk Messenger\irunin.xml"
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}
Pirates! Gold-->C:\Windows\unvise32.exe c:\downloads\pg\uninstal.log
PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Plasma Fusion Server Files Setup version 1.0-->"C:\Program Files\Raven\Star Trek Voyager Elite Force\Plasma Fusion Server Files Setup\unins000.exe"
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
Project Blackout-->C:\Downloads\pbk\uninst.exe
PunkBuster Services-->C:\DOWNLOADS\ПОБЕДИМ\APB RELOADED\Binaries\pbsvc_apb.exe -u
Python 2.6.4-->MsiExec.exe /I{E7394A0F-3F80-45B1-87FC-ABCD51893246}
Quake 3 Arena Demo-->C:\Windows\unvise32.exe c:\Q3Ademo\uninstal.log
Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe C:\Program Files (x86)\Quake III Arena\uninstal5.log
Quake Live Mozilla Plugin-->MsiExec.exe /I{B42A6552-1A83-4D79-9137-AB0C9036249A}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RAR Password Cracker 4.12-->C:\Downloads\Cracker1\uninstall.exe
RCA Detective™ 3.0.1.1-->"C:\Users\Flood\Documents\RCA Detective\unins000.exe"
RCA easyRip 2.4.9.0-->"C:\Users\Flood\Documents\RCA easyRip\unins000.exe"
RCA Updater 2.0.5.0-->"C:\Users\Flood\Documents\RCA Updater\unins000.exe"
Rcon Unlimited 1.0-->C:\Windows\iun506.exe C:\Program Files (x86)\Rcon Unlimited\irunin.ini
REACTOR-->"C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Realms Online version 1.7.2-->"C:\Downloads\Realms\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Resonation-->C:\Program Files (x86)\Resonation\Uninstal.exe
Revo Uninstaller 1.92-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Savage 2 - A Tortured Soul-->C:\Downloads\SV\uninstall.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553074)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5729F1AE-5895-468F-9165-BAD161C9E982}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft Office Excel 2007 (KB2553073)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {65EA4836-B5A3-4C1D-8883-0C35E471003A}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Sierra Utilities-->C:\Program Files (x86)\Sierra On-Line\sutil32.exe uninstall
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Smart Copy 3.1.1.1-->C:\Program Files (x86)\IOI\Smart Copy\uninst.exe
SMRecorder 1.2.0-->C:\Program Files (x86)\SMRecorder\uninst.exe
Soldat 1.6.2-->"C:\Soldat\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Star Trek Bridge Commander-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Activision\Bridge Commander\stbc.isu"
Star Trek Elite Force II Single Player Demo-->C:\PROGRA~2\ACTIVI~1\STARTR~1\Uninstall\Unwise.exe /u C:\PROGRA~2\ACTIVI~1\STARTR~1\Uninstall\Install.log
Star Trek Elite Force II-->C:\PROGRA~2\ACTIVI~1\EF2\Uninstall\Unwise.exe /u C:\PROGRA~2\ACTIVI~1\EF2\Uninstall\Install.log
Star Trek Online-->C:\Downloads\Games\STO1\Uninstall Star Trek Online.exe
Star Trek Voyager Elite Force-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Raven\Star Trek Voyager Elite Force\Ef.isu"
Starport GE v1.0-->"C:\Downloads\Starport\unins000.exe"
SuddenAttackNA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{732799C0-7785-43C5-8496-71546A062992}\setup.exe" -l0x9 -removeonly
Sweet Little Piano 32 (remove only)-->"C:\Program Files (x86)\Roni Music\Sweet Little Piano 32\uninstall.exe"
System Requirements Lab CYRI-->MsiExec.exe /I{943A8D28-80D6-41DC-AE94-81FEB42041BF}
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
tazti 2.0.2-->MsiExec.exe /I{213AC470-5576-495F-B6AB-705EF12C826E}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
TeamViewer 7-->C:\Program Files (x86)\TeamViewer\Version7\uninstall.exe
theHunter (remove only)-->"C:\Downloads\ht\theHunter-uninstall.exe"
Thief 2-->C:\Windows\IsUninst.exe -fC:\games\Thief2\lglass.u
Tremulous 1.1.0-->"C:\Program Files (x86)\Tremulous\uninstall.exe"
Tribes 2-->C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG
TubeTillaFree-->MsiExec.exe /I{9C3C151F-75E5-4375-AD85-76645A1A001F}
Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009 wvaiper-->MsiExec.exe /I{3D29DFC0-EAA2-012B-AED3-000000000000}
TurboTax 2009-->C:\Program Files (x86)\TurboTax\Basic 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
TurboTax 2011 WinPerFedFormset-->MsiExec.exe /I{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}
TurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789}
TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA}
TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}
TurboTax 2011-->C:\Program Files (x86)\TurboTax\Basic 2011\Installer\TurboTax 2011 Installer.exe /u /t /a
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VueMinder Calendar Lite-->MsiExec.exe /X{F296E6A5-78D9-4EAA-BFE7-95D079476153}
Wav to Mp3 Converter-->"C:\Windows\unins000.exe"
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
WHITE 1.0-->"C:\Program Files (x86)\WHITE\unins000.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinImage-->"C:\Program Files\WinImage\winimage.exe" /uninstall
WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinX Free FLV to MP4 Converter 4.1.9-->"C:\Program Files (x86)\Digiarty\WinX_Free_FLV_to_MP4_Converter\unins000.exe"
WinZip 15.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}
Wolfenstein - Enemy Territory-->C:\DOWNLO~1\Wolfen\Uninstall\Unwise.exe /u C:\DOWNLO~1\Wolfen\Uninstall\Install.log
WolfTeam-->C:\Downloads\wt\Uninst.exe
World of Padman 1.5-->C:\Downloads\wop\UnWoP.exe
World of Tanks v.0.6.5-->"C:\Downloads\WoT\unins000.exe"
Xfire (remove only)-->"C:\Downloads\Xfire\uninst.exe"
Zoo Tycoon: Complete Collection-->"C:\Program Files (x86)\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
Горыныч ПРОФ 5.0 CommandLight-->C:\Program Files (x86)\Gor\uninst.exe
Диктограф 4-->C:\Program Files (x86)\Dictograph\uninst.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Flood-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer HOME-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.
Record Number: 490126
Source Name: bowser
Time Written: 20110829022522.604988-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 7000
Message: The NPPTNT2 service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 490114
Source Name: Service Control Manager
Time Written: 20110829021231.000000-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer S230E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.
Record Number: 489886
Source Name: bowser
Time Written: 20110829013111.260988-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer S230E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.
Record Number: 489607
Source Name: bowser
Time Written: 20110829005514.850588-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 8003
Message: The master browser has received a server announcement from the computer S230E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E337C099-1BA1-47C9-889C-1DE4C5D49BED}. The master browser is stopping or an election is being forced.
Record Number: 489409
Source Name: bowser
Time Written: 20110829004312.753588-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Flood-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 51750
Source Name: SideBySide
Time Written: 20101031220540.000000-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 51749
Source Name: SideBySide
Time Written: 20101031220540.000000-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 51748
Source Name: SideBySide
Time Written: 20101031220540.000000-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 51727
Source Name: Microsoft-Windows-CAPI2
Time Written: 20101031181149.000000-000
Event Type: Error
User:

Computer Name: Flood-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 51715
Source Name: Microsoft-Windows-WMI
Time Written: 20101031171416.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Flood-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FLOOD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2c4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 57683
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110315104917.709761-000
Event Type: Audit Success
User:

Computer Name: Flood-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FLOOD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2c4
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 57682
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110315104917.709761-000
Event Type: Audit Success
User:

Computer Name: Flood-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 57681
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110315104917.553760-000
Event Type: Audit Success
User:

Computer Name: Flood-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FLOOD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2c4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 57680
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110315104917.553760-000
Event Type: Audit Success
User:

Computer Name: Flood-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 57679
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110315104917.382159-000
Event Type: Audit Success
User:

======Environment variables======

"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Downloads\Games\BC3K;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Pinnacle\Shared Files;C:\Program Files (x86)\Pinnacle\Shared Files\Filter;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_LEVEL"=16
"PROCESSOR_REVISION"=0203
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------



#8 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 10:13 AM

Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java™ 6 Update 22
Java™ 6 Update 5
Java version out of date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.28) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````



#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 11:03 AM

Kosmic94,

Be very aware that the tools I'll have you use may require a Restart and you have to allow them to do that. Often, a cleanup is done as part of a restart.
Please only do as I ask and follow my notes. If you have an issue or question, STOP & post the question.
Make sure you do NO websurfing or online transactions of any kind.
Just the websites I guide you to and this forum.

It appears you got lucky and Combofix worked, but we will need a new run.
Rundll32 is a normal component of Windows, just so you know.

I want you to do a Logoff and Restart.
If there is any "crash" then STOP, and post details in this topic and await my reply.

Do NOT run any other tools or programs on your own. Follow my guidance while I am helping you and this topic is open.
Do not make any changes, or adds, or removals on your own. E.g. do not tweak or change your system by yourself.
If you have an issue or question, STOP & post the question, and await my reply.

Step 1
Logoff and Restart system fresh.

Step 2 new MBAM run after update
Turn off your antivirus program so that it does not interfere.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do not turn off the firewall.

Save and close any work documents, close any apps that you started.


Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


IF it asks for a Reboot/Restart allow it :excl:


Step 3

Recheck & be sure your antivirus is OFF
Turn off your antivirus program so that it does not interfere.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do not turn off the firewall.

Next a new run of Combofix. This may require a restart/reboot. Allow it to do so.

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Step 4
Reply with a copy of the latest MBAM scan log
and C:\Combofix.txt log

There will be more to do after this
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 11:27 AM

I have two questions before I do this:

1) You said do not browse the internet. I thought you just meant while I was working with this malware removal. Did you mean I should not browse at all? Because I have been; does that mean I need to change passwords on the sites I've been to?

2) When you say to run ComboFix again, do you mean I should just go directly to the ComboFix file and run that, or should I drag that other script you provided me into it again and run it that way?

-kosmic94

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 11:40 AM

1) NO websurfing of any kind at all .....consider your system as in Quarantine ....until we close this case.
Do not use "this system" to change passwords. You need to do that from a clean pc.

2)Just go directly to the combofix program and run it like I have in my last note. And no, not with the script. No drag. no drop.

3) This is a point where you need to decide about whether to make a clean start.
According to the information provided in logs, one or more of the identified infections is a trojan. I do not know the severity of it.

This "may" have allowed hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.
1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451
Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx
Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx
Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx
Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#12 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 11:41 AM

Also, now that I've come back on this forum and made this post, do I need to restart my computer again before starting this procedure (I restarted it already once)?

-kosmic94

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 11:44 AM

See my response just before this.
and if you have restarted 1 time today , that will suffice.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 12:03 PM

P..S.S.
Before and while doing remedial steps that I called for, Close your browsers and your email app & any other programs..... while doing the tasks I asked for.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#15 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 27 March 2012 - 02:43 PM

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19120
Flood :: FLOOD-PC [administrator]

3/27/2012 12:47:38 PM
mbam-log-2012-03-27 (12-47-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 624844
Time elapsed: 2 hour(s), 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.
C:\Downloads\mskmsact\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Cain\Abel.exe (HackTool.Cain) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Cain\Abel64.exe (HackTool.Cain) -> Quarantined and deleted successfully.

(end)


ComboFix log:

ComboFix 12-03-27.02 - Flood 03/27/2012 15:07:18.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1033.18.3838.1901 [GMT -4:00]
Running from: c:\users\Flood\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 19:35 . 2012-03-27 19:35 -------- d-----w- c:\users\Flood\AppData\Local\temp
2012-03-27 19:35 . 2012-03-27 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 14:48 . 2012-03-27 14:48 -------- d-----w- C:\rsit
2012-03-27 14:48 . 2012-03-27 14:48 -------- d-----w- c:\program files\trend micro
2012-03-27 13:43 . 2012-03-27 13:43 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\users\Flood\AppData\Roaming\Malwarebytes
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 02:08 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 22:32 . 2012-03-16 22:32 -------- d-----w- c:\programdata\id Software
2012-03-10 22:45 . 2012-03-10 22:45 -------- d-----w- c:\program files (x86)\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-06-29 17:07 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-06-13 19:12 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-01-16 15:52 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-03-06 00:13 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2009-06-13 19:12 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-06-13 19:12 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-06-13 19:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-06-13 19:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-06-13 19:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_14.36.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-03-27 14:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-27 18:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-03-27 14:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-27 18:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-27 18:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-03-27 14:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-03-27 18:59 73426 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-06-11 23:15 . 2012-03-27 18:59 16156 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3000704899-2802138994-1906717886-1000_UserData.bin
- 2009-06-11 23:15 . 2012-03-27 14:36 16156 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3000704899-2802138994-1906717886-1000_UserData.bin
+ 2009-06-14 00:07 . 2012-03-27 18:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-14 00:07 . 2012-03-26 11:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-14 00:07 . 2012-03-27 18:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-14 00:07 . 2012-03-26 11:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-14 05:16 . 2012-03-27 16:19 4952 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2012-03-27 14:33 . 2012-03-27 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 18:56 . 2012-03-27 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 14:33 . 2012-03-27 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 18:56 . 2012-03-27 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-03-27 18:59 149026 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-03-27 12:54 647232 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-27 19:05 647232 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-27 12:54 128820 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-03-27 19:05 128820 c:\windows\system32\perfc009.dat
- 2011-07-15 01:41 . 2012-03-27 14:32 483384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-15 01:41 . 2012-03-27 18:55 483384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-22 04:12 . 2012-03-27 18:55 5353752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-22 04:12 . 2012-03-27 14:32 5353752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2011-03-03 4620288]
"Akamai NetSession Interface"="c:\users\Flood\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-21 53248]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"MAgent"="c:\program files (x86)\Mail.Ru\Agent\MAgent.exe" [2009-12-24 8746680]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\users\Flood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RCA Detective.lnk - c:\users\Flood\Documents\RCA Detective\RCADetective.exe [2010-12-25 804352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Мастер установки.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-7-18 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 19:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.juno.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0409&m=dx4200-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Display All Images with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\JNAccelerator\qsacc\appres.dll/227"
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Flood\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files (x86)\Mail.Ru\Agent\magent.exe
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Flood\AppData\Roaming\Mozilla\Firefox\Profiles\360vmvb8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Performance Cache: gcyvknqexv@gcyvknqexv.org - %profile%\extensions\gcyvknqexv@gcyvknqexv.org
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://operations.section31rp.co.uk/ppt
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Flood\AppData\Local\Temp\005A29D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-03-27 15:40:10
ComboFix-quarantined-files.txt 2012-03-27 19:40
.
Pre-Run: 244,064,673,792 bytes free
Post-Run: 244,048,519,168 bytes free
.
- - End Of File - - 1E86BC218FCF1A20DBA8033E45836D04


-kosmic94

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 March 2012 - 08:05 AM

Kindly do NOT enclose the log-contents within code or quote boxes.


Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2
DELETE the prior copy of TDSSKILLER.exe :excl:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Reply with copy of aswMBR log & TDSSKILLER log
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#17 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 28 March 2012 - 08:51 AM

aswMBR Fix button was not enabled.

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 09:44:25
-----------------------------
09:44:25.543 OS Version: Windows x64 6.0.6002 Service Pack 2
09:44:25.543 Number of processors: 4 586 0x203
09:44:25.543 ComputerName: FLOOD-PC UserName: Flood
09:44:29.895 Initialize success
09:44:33.873 AVAST engine defs: 12032801
09:45:01.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:45:01.719 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
09:45:01.875 Disk 0 MBR read successfully
09:45:01.875 Disk 0 MBR scan
09:45:01.875 Disk 0 unknown MBR code
09:45:01.891 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
09:45:01.922 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096
09:45:01.953 Disk 0 scanning C:\Windows\system32\drivers
09:45:12.203 Service scanning
09:45:27.132 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:45:32.077 Modules scanning
09:45:32.093 Scan finished successfully
09:45:47.178 Disk 0 MBR has been saved successfully to "C:\Users\Flood\Desktop\MBR.dat"
09:45:47.193 The log file has been saved successfully to "C:\Users\Flood\Desktop\aswMBR.txt"



TDSSkiller log:

09:48:08.0017 4996 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:48:08.0079 4996 ============================================================
09:48:08.0079 4996 Current date / time: 2012/03/28 09:48:08.0079
09:48:08.0079 4996 SystemInfo:
09:48:08.0079 4996
09:48:08.0079 4996 OS Version: 6.0.6002 ServicePack: 2.0
09:48:08.0079 4996 Product type: Workstation
09:48:08.0079 4996 ComputerName: FLOOD-PC
09:48:08.0079 4996 UserName: Flood
09:48:08.0079 4996 Windows directory: C:\Windows
09:48:08.0079 4996 System windows directory: C:\Windows
09:48:08.0079 4996 Running under WOW64
09:48:08.0079 4996 Processor architecture: Intel x64
09:48:08.0079 4996 Number of processors: 4
09:48:08.0079 4996 Page size: 0x1000
09:48:08.0079 4996 Boot type: Normal boot
09:48:08.0079 4996 ============================================================
09:48:09.0998 4996 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:48:10.0139 4996 \Device\Harddisk0\DR0:
09:48:10.0139 4996 MBR used
09:48:10.0139 4996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800
09:48:10.0185 4996 Initialize success
09:48:10.0185 4996 ============================================================
09:48:14.0319 2508 ============================================================
09:48:14.0319 2508 Scan started
09:48:14.0319 2508 Mode: Manual;
09:48:14.0319 2508 ============================================================
09:48:15.0848 2508 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
09:48:15.0864 2508 ACPI - ok
09:48:15.0973 2508 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:48:15.0989 2508 adp94xx - ok
09:48:16.0051 2508 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:48:16.0067 2508 adpahci - ok
09:48:16.0082 2508 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:48:16.0082 2508 adpu160m - ok
09:48:16.0113 2508 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:48:16.0113 2508 adpu320 - ok
09:48:16.0176 2508 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
09:48:16.0191 2508 AeLookupSvc - ok
09:48:16.0238 2508 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
09:48:16.0269 2508 AFD - ok
09:48:16.0332 2508 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
09:48:16.0332 2508 AgereModemAudio - ok
09:48:16.0425 2508 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys
09:48:16.0488 2508 AgereSoftModem - ok
09:48:16.0535 2508 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:48:16.0535 2508 agp440 - ok
09:48:16.0613 2508 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:48:16.0613 2508 aic78xx - ok
09:48:16.0847 2508 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll
09:48:16.0847 2508 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
09:48:16.0862 2508 Akamai ( HiddenFile.Multi.Generic ) - warning
09:48:16.0862 2508 Akamai - detected HiddenFile.Multi.Generic (1)
09:48:16.0909 2508 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
09:48:16.0909 2508 ALG - ok
09:48:16.0971 2508 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
09:48:16.0971 2508 aliide - ok
09:48:17.0049 2508 AMD External Events Utility (812349d328eb406815183a5d17b49e7c) C:\Windows\system32\atiesrxx.exe
09:48:17.0049 2508 AMD External Events Utility - ok
09:48:17.0143 2508 AMD FUEL Service - ok
09:48:17.0190 2508 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:48:17.0190 2508 amdide - ok
09:48:17.0268 2508 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
09:48:17.0268 2508 amdiox64 - ok
09:48:17.0315 2508 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:48:17.0330 2508 AmdK8 - ok
09:48:17.0658 2508 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
09:48:17.0892 2508 amdkmdag - ok
09:48:17.0970 2508 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
09:48:17.0985 2508 amdkmdap - ok
09:48:18.0126 2508 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
09:48:18.0141 2508 AODDriver4.01 - ok
09:48:18.0219 2508 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
09:48:18.0219 2508 Appinfo - ok
09:48:18.0297 2508 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:48:18.0297 2508 arc - ok
09:48:18.0344 2508 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:48:18.0360 2508 arcsas - ok
09:48:18.0500 2508 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:48:18.0500 2508 aspnet_state - ok
09:48:18.0563 2508 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
09:48:18.0563 2508 aswFsBlk - ok
09:48:18.0609 2508 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
09:48:18.0609 2508 aswMonFlt - ok
09:48:18.0672 2508 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys
09:48:18.0672 2508 aswRdr - ok
09:48:18.0781 2508 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
09:48:18.0812 2508 aswSnx - ok
09:48:18.0843 2508 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
09:48:18.0843 2508 aswSP - ok
09:48:18.0890 2508 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
09:48:18.0890 2508 aswTdi - ok
09:48:18.0953 2508 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:48:18.0953 2508 AsyncMac - ok
09:48:18.0984 2508 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
09:48:18.0984 2508 atapi - ok
09:48:19.0046 2508 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\SysWOW64\atashost.exe
09:48:19.0062 2508 atashost - ok
09:48:19.0155 2508 athur (ed41ce1066464cde2b4a176b8fa68b13) C:\Windows\system32\DRIVERS\athurx.sys
09:48:19.0233 2508 athur - ok
09:48:19.0530 2508 atikmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
09:48:19.0639 2508 atikmdag - ok
09:48:19.0701 2508 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:48:19.0701 2508 AtiPcie - ok
09:48:19.0779 2508 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
09:48:19.0795 2508 AudioEndpointBuilder - ok
09:48:19.0811 2508 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
09:48:19.0826 2508 AudioSrv - ok
09:48:19.0935 2508 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
09:48:19.0935 2508 avast! Antivirus - ok
09:48:19.0998 2508 Beep - ok
09:48:20.0060 2508 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
09:48:20.0076 2508 BFE - ok
09:48:20.0154 2508 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
09:48:20.0232 2508 BITS - ok
09:48:20.0263 2508 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:48:20.0263 2508 blbdrive - ok
09:48:20.0294 2508 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
09:48:20.0294 2508 bowser - ok
09:48:20.0341 2508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:48:20.0341 2508 BrFiltLo - ok
09:48:20.0403 2508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:48:20.0403 2508 BrFiltUp - ok
09:48:20.0450 2508 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
09:48:20.0466 2508 Browser - ok
09:48:20.0481 2508 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:48:20.0481 2508 Brserid - ok
09:48:20.0497 2508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:48:20.0497 2508 BrSerWdm - ok
09:48:20.0544 2508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:48:20.0544 2508 BrUsbMdm - ok
09:48:20.0559 2508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:48:20.0559 2508 BrUsbSer - ok
09:48:20.0591 2508 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:48:20.0606 2508 BTHMODEM - ok
09:48:20.0653 2508 catchme - ok
09:48:20.0684 2508 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:48:20.0684 2508 cdfs - ok
09:48:20.0731 2508 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
09:48:20.0731 2508 cdrom - ok
09:48:20.0793 2508 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
09:48:20.0871 2508 CertPropSvc - ok
09:48:20.0903 2508 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:48:20.0903 2508 circlass - ok
09:48:20.0965 2508 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
09:48:20.0981 2508 CLFS - ok
09:48:21.0043 2508 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:48:21.0059 2508 clr_optimization_v2.0.50727_32 - ok
09:48:21.0105 2508 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:48:21.0105 2508 clr_optimization_v2.0.50727_64 - ok
09:48:21.0199 2508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:48:21.0199 2508 clr_optimization_v4.0.30319_32 - ok
09:48:21.0605 2508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:48:21.0683 2508 clr_optimization_v4.0.30319_64 - ok
09:48:22.0026 2508 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:48:22.0026 2508 cmdide - ok
09:48:22.0057 2508 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
09:48:22.0057 2508 Compbatt - ok
09:48:22.0104 2508 COMSysApp - ok
09:48:22.0182 2508 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
09:48:22.0182 2508 cpuz135 - ok
09:48:22.0229 2508 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:48:22.0229 2508 crcdisk - ok
09:48:22.0291 2508 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
09:48:22.0291 2508 CryptSvc - ok
09:48:22.0369 2508 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
09:48:22.0400 2508 DcomLaunch - ok
09:48:22.0447 2508 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
09:48:22.0447 2508 DfsC - ok
09:48:22.0587 2508 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
09:48:22.0681 2508 DFSR - ok
09:48:22.0775 2508 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
09:48:22.0790 2508 Dhcp - ok
09:48:22.0821 2508 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
09:48:22.0821 2508 disk - ok
09:48:22.0884 2508 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
09:48:22.0899 2508 Dnscache - ok
09:48:22.0962 2508 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
09:48:22.0962 2508 dot3svc - ok
09:48:23.0040 2508 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
09:48:23.0055 2508 DPS - ok
09:48:23.0118 2508 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:48:23.0118 2508 drmkaud - ok
09:48:23.0196 2508 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
09:48:23.0258 2508 DXGKrnl - ok
09:48:23.0305 2508 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:48:23.0305 2508 E1G60 - ok
09:48:23.0352 2508 EagleX64 - ok
09:48:23.0399 2508 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
09:48:23.0399 2508 EapHost - ok
09:48:23.0430 2508 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
09:48:23.0430 2508 Ecache - ok
09:48:23.0477 2508 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
09:48:23.0492 2508 ehRecvr - ok
09:48:23.0508 2508 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
09:48:23.0523 2508 ehSched - ok
09:48:23.0570 2508 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
09:48:23.0570 2508 ehstart - ok
09:48:23.0586 2508 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:48:23.0601 2508 elxstor - ok
09:48:23.0664 2508 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
09:48:23.0679 2508 EMDMgmt - ok
09:48:23.0757 2508 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
09:48:23.0757 2508 ErrDev - ok
09:48:23.0851 2508 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
09:48:23.0851 2508 ETService - ok
09:48:23.0898 2508 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
09:48:23.0913 2508 EventSystem - ok
09:48:23.0976 2508 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
09:48:23.0976 2508 exfat - ok
09:48:24.0038 2508 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
09:48:24.0038 2508 fastfat - ok
09:48:24.0101 2508 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:48:24.0101 2508 fdc - ok
09:48:24.0163 2508 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
09:48:24.0163 2508 fdPHost - ok
09:48:24.0225 2508 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
09:48:24.0225 2508 FDResPub - ok
09:48:24.0272 2508 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:48:24.0272 2508 FileInfo - ok
09:48:24.0319 2508 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:48:24.0319 2508 Filetrace - ok
09:48:24.0366 2508 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:48:24.0366 2508 flpydisk - ok
09:48:24.0397 2508 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
09:48:24.0413 2508 FltMgr - ok
09:48:24.0522 2508 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
09:48:24.0584 2508 FontCache - ok
09:48:24.0647 2508 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:48:24.0647 2508 FontCache3.0.0.0 - ok
09:48:24.0678 2508 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:48:24.0693 2508 Fs_Rec - ok
09:48:24.0709 2508 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:48:24.0709 2508 gagp30kx - ok
09:48:24.0787 2508 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
09:48:24.0787 2508 GameConsoleService - ok
09:48:24.0865 2508 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
09:48:24.0881 2508 gpsvc - ok
09:48:24.0990 2508 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:48:25.0005 2508 gupdate - ok
09:48:25.0037 2508 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:48:25.0037 2508 gupdatem - ok
09:48:25.0083 2508 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
09:48:25.0083 2508 hamachi - ok
09:48:25.0208 2508 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
09:48:25.0239 2508 Hamachi2Svc - ok
09:48:25.0317 2508 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
09:48:25.0317 2508 HdAudAddService - ok
09:48:25.0411 2508 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:48:25.0473 2508 HDAudBus - ok
09:48:25.0489 2508 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:48:25.0505 2508 HidBth - ok
09:48:25.0520 2508 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:48:25.0520 2508 HidIr - ok
09:48:25.0551 2508 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
09:48:25.0551 2508 hidserv - ok
09:48:25.0614 2508 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
09:48:25.0614 2508 HidUsb - ok
09:48:25.0645 2508 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
09:48:25.0661 2508 hkmsvc - ok
09:48:25.0723 2508 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:48:25.0723 2508 HpCISSs - ok
09:48:25.0801 2508 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
09:48:25.0848 2508 HTTP - ok
09:48:25.0895 2508 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:48:25.0895 2508 i2omp - ok
09:48:26.0113 2508 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:48:26.0113 2508 i8042prt - ok
09:48:26.0160 2508 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:48:26.0160 2508 iaStorV - ok
09:48:26.0253 2508 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:48:26.0316 2508 idsvc - ok
09:48:26.0394 2508 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:48:26.0394 2508 iirsp - ok
09:48:26.0472 2508 IJPLMSVC (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
09:48:26.0487 2508 IJPLMSVC - ok
09:48:26.0550 2508 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
09:48:26.0565 2508 IKEEXT - ok
09:48:26.0675 2508 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
09:48:26.0675 2508 int15 - ok
09:48:26.0768 2508 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys
09:48:26.0831 2508 IntcAzAudAddService - ok
09:48:26.0862 2508 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
09:48:26.0862 2508 intelide - ok
09:48:26.0877 2508 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:48:26.0877 2508 intelppm - ok
09:48:26.0987 2508 IntuitUpdateService (7bdb4e00e1cb174b56e5b2c31dde68a7) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:48:26.0987 2508 IntuitUpdateService - ok
09:48:27.0096 2508 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
09:48:27.0096 2508 IntuitUpdateServiceV4 - ok
09:48:27.0127 2508 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
09:48:27.0143 2508 IPBusEnum - ok
09:48:27.0174 2508 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:48:27.0189 2508 IpFilterDriver - ok
09:48:27.0221 2508 iphlpsvc (cd033d871a83e918b14f43f7e7590819) C:\Windows\System32\iphlpsvc.dll
09:48:27.0221 2508 iphlpsvc - ok
09:48:27.0236 2508 IpInIp - ok
09:48:27.0252 2508 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:48:27.0267 2508 IPMIDRV - ok
09:48:27.0299 2508 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:48:27.0299 2508 IPNAT - ok
09:48:27.0314 2508 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:48:27.0314 2508 IRENUM - ok
09:48:27.0377 2508 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:48:27.0377 2508 isapnp - ok
09:48:27.0439 2508 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
09:48:27.0455 2508 iScsiPrt - ok
09:48:27.0486 2508 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:48:27.0501 2508 iteatapi - ok
09:48:27.0564 2508 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:48:27.0564 2508 iteraid - ok
09:48:27.0673 2508 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
09:48:27.0689 2508 jswpsapi - ok
09:48:27.0767 2508 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
09:48:27.0767 2508 JSWPSLWF - ok
09:48:27.0782 2508 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:48:27.0798 2508 kbdclass - ok
09:48:27.0813 2508 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:48:27.0813 2508 kbdhid - ok
09:48:27.0829 2508 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
09:48:27.0845 2508 KeyIso - ok
09:48:27.0891 2508 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
09:48:27.0907 2508 KSecDD - ok
09:48:27.0954 2508 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:48:27.0954 2508 ksthunk - ok
09:48:28.0032 2508 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
09:48:28.0047 2508 KtmRm - ok
09:48:28.0110 2508 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
09:48:28.0125 2508 LanmanServer - ok
09:48:28.0172 2508 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
09:48:28.0188 2508 LanmanWorkstation - ok
09:48:28.0219 2508 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:48:28.0219 2508 lltdio - ok
09:48:28.0250 2508 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
09:48:28.0266 2508 lltdsvc - ok
09:48:28.0281 2508 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
09:48:28.0281 2508 lmhosts - ok
09:48:28.0313 2508 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:48:28.0313 2508 LSI_FC - ok
09:48:28.0359 2508 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:48:28.0359 2508 LSI_SAS - ok
09:48:28.0391 2508 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:48:28.0391 2508 LSI_SCSI - ok
09:48:28.0437 2508 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:48:28.0437 2508 luafv - ok
09:48:28.0469 2508 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
09:48:28.0469 2508 Mcx2Svc - ok
09:48:28.0531 2508 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:48:28.0531 2508 megasas - ok
09:48:28.0593 2508 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:48:28.0593 2508 MegaSR - ok
09:48:28.0671 2508 Microsoft SharePoint Workspace Audit Service - ok
09:48:28.0734 2508 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
09:48:28.0734 2508 MMCSS - ok
09:48:28.0749 2508 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:48:28.0765 2508 Modem - ok
09:48:28.0812 2508 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:48:28.0812 2508 monitor - ok
09:48:28.0827 2508 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:48:28.0827 2508 mouclass - ok
09:48:28.0890 2508 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:48:28.0890 2508 mouhid - ok
09:48:28.0937 2508 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:48:28.0937 2508 MountMgr - ok
09:48:28.0952 2508 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:48:28.0952 2508 mpio - ok
09:48:28.0999 2508 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:48:28.0999 2508 mpsdrv - ok
09:48:29.0077 2508 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
09:48:29.0139 2508 MpsSvc - ok
09:48:29.0171 2508 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:48:29.0171 2508 Mraid35x - ok
09:48:29.0217 2508 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
09:48:29.0217 2508 MRxDAV - ok
09:48:29.0280 2508 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:48:29.0295 2508 mrxsmb - ok
09:48:29.0358 2508 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:48:29.0373 2508 mrxsmb10 - ok
09:48:29.0436 2508 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:48:29.0436 2508 mrxsmb20 - ok
09:48:29.0467 2508 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
09:48:29.0467 2508 msahci - ok
09:48:29.0498 2508 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:48:29.0498 2508 msdsm - ok
09:48:29.0529 2508 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
09:48:29.0545 2508 MSDTC - ok
09:48:29.0592 2508 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:48:29.0592 2508 Msfs - ok
09:48:29.0654 2508 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:48:29.0654 2508 msisadrv - ok
09:48:29.0685 2508 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
09:48:29.0701 2508 MSiSCSI - ok
09:48:29.0717 2508 msiserver - ok
09:48:29.0779 2508 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:48:29.0779 2508 MSKSSRV - ok
09:48:29.0810 2508 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:48:29.0810 2508 MSPCLOCK - ok
09:48:29.0857 2508 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:48:29.0857 2508 MSPQM - ok
09:48:29.0904 2508 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
09:48:29.0904 2508 MsRPC - ok
09:48:29.0935 2508 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:48:29.0935 2508 mssmbios - ok
09:48:29.0966 2508 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:48:29.0966 2508 MSTEE - ok
09:48:29.0997 2508 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
09:48:29.0997 2508 Mup - ok
09:48:30.0044 2508 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
09:48:30.0075 2508 napagent - ok
09:48:30.0169 2508 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
09:48:30.0169 2508 NativeWifiP - ok
09:48:30.0247 2508 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
09:48:30.0294 2508 NDIS - ok
09:48:30.0309 2508 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:48:30.0309 2508 NdisTapi - ok
09:48:30.0325 2508 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:48:30.0341 2508 Ndisuio - ok
09:48:30.0356 2508 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
09:48:30.0356 2508 NdisWan - ok
09:48:30.0403 2508 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:48:30.0403 2508 NDProxy - ok
09:48:30.0450 2508 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:48:30.0450 2508 NetBIOS - ok
09:48:30.0497 2508 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
09:48:30.0497 2508 netbt - ok
09:48:30.0543 2508 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
09:48:30.0559 2508 Netlogon - ok
09:48:30.0590 2508 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
09:48:30.0606 2508 Netman - ok
09:48:30.0746 2508 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:48:30.0762 2508 NetMsmqActivator - ok
09:48:30.0777 2508 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:48:30.0777 2508 NetPipeActivator - ok
09:48:30.0824 2508 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
09:48:30.0840 2508 netprofm - ok
09:48:30.0933 2508 netr28ux (9c7234623096284339c698ffb41daece) C:\Windows\system32\DRIVERS\netr28ux.sys
09:48:30.0996 2508 netr28ux - ok
09:48:31.0011 2508 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:48:31.0027 2508 NetTcpActivator - ok
09:48:31.0027 2508 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:48:31.0027 2508 NetTcpPortSharing - ok
09:48:31.0058 2508 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:48:31.0058 2508 nfrd960 - ok
09:48:31.0105 2508 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
09:48:31.0105 2508 NlaSvc - ok
09:48:31.0199 2508 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
09:48:31.0214 2508 NPF - ok
09:48:31.0230 2508 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
09:48:31.0245 2508 Npfs - ok
09:48:31.0277 2508 npggsvc - ok
09:48:31.0308 2508 NPPTNT2 - ok
09:48:31.0355 2508 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
09:48:31.0355 2508 nsi - ok
09:48:31.0370 2508 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:48:31.0370 2508 nsiproxy - ok
09:48:31.0417 2508 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
09:48:31.0448 2508 Ntfs - ok
09:48:31.0464 2508 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:48:31.0464 2508 Null - ok
09:48:31.0495 2508 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:48:31.0495 2508 nvraid - ok
09:48:31.0526 2508 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:48:31.0526 2508 nvstor - ok
09:48:31.0573 2508 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:48:31.0573 2508 nv_agp - ok
09:48:31.0589 2508 NwlnkFlt - ok
09:48:31.0604 2508 NwlnkFwd - ok
09:48:31.0698 2508 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:48:31.0698 2508 odserv - ok
09:48:31.0760 2508 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
09:48:31.0760 2508 ohci1394 - ok
09:48:31.0823 2508 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:48:31.0823 2508 ose - ok
09:48:32.0072 2508 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:48:32.0103 2508 osppsvc - ok
09:48:32.0181 2508 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:48:32.0213 2508 p2pimsvc - ok
09:48:32.0291 2508 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:48:32.0291 2508 p2psvc - ok
09:48:32.0353 2508 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
09:48:32.0353 2508 Parport - ok
09:48:32.0415 2508 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
09:48:32.0415 2508 partmgr - ok
09:48:32.0478 2508 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
09:48:32.0493 2508 PcaSvc - ok
09:48:32.0525 2508 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
09:48:32.0525 2508 pci - ok
09:48:32.0571 2508 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
09:48:32.0587 2508 pciide - ok
09:48:32.0634 2508 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:48:32.0634 2508 pcmcia - ok
09:48:32.0681 2508 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:48:32.0696 2508 PEAUTH - ok
09:48:32.0774 2508 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
09:48:32.0774 2508 PerfHost - ok
09:48:32.0868 2508 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
09:48:32.0930 2508 pla - ok
09:48:32.0977 2508 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
09:48:33.0008 2508 PlugPlay - ok
09:48:33.0039 2508 PnkBstrA - ok
09:48:33.0117 2508 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:48:33.0149 2508 PNRPAutoReg - ok
09:48:33.0180 2508 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:48:33.0195 2508 PNRPsvc - ok
09:48:33.0258 2508 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
09:48:33.0273 2508 PolicyAgent - ok
09:48:33.0351 2508 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
09:48:33.0351 2508 PptpMiniport - ok
09:48:33.0429 2508 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
09:48:33.0429 2508 Processor - ok
09:48:33.0476 2508 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
09:48:33.0492 2508 ProfSvc - ok
09:48:33.0554 2508 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
09:48:33.0554 2508 ProtectedStorage - ok
09:48:33.0617 2508 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
09:48:33.0617 2508 PSched - ok
09:48:33.0679 2508 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:48:33.0726 2508 ql2300 - ok
09:48:33.0757 2508 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:48:33.0773 2508 ql40xx - ok
09:48:33.0804 2508 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
09:48:33.0819 2508 QWAVE - ok
09:48:33.0866 2508 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:48:33.0866 2508 QWAVEdrv - ok
09:48:33.0897 2508 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:48:33.0897 2508 RasAcd - ok
09:48:33.0944 2508 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
09:48:33.0960 2508 RasAuto - ok
09:48:34.0007 2508 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:48:34.0007 2508 Rasl2tp - ok
09:48:34.0069 2508 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
09:48:34.0085 2508 RasMan - ok
09:48:34.0116 2508 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
09:48:34.0116 2508 RasPppoe - ok
09:48:34.0194 2508 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
09:48:34.0194 2508 RasSstp - ok
09:48:34.0225 2508 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
09:48:34.0225 2508 rdbss - ok
09:48:34.0241 2508 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:48:34.0241 2508 RDPCDD - ok
09:48:34.0287 2508 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:48:34.0287 2508 rdpdr - ok
09:48:34.0303 2508 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:48:34.0303 2508 RDPENCDD - ok
09:48:34.0350 2508 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
09:48:34.0365 2508 RDPWD - ok
09:48:34.0428 2508 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
09:48:34.0428 2508 RemoteAccess - ok
09:48:34.0475 2508 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
09:48:34.0506 2508 RemoteRegistry - ok
09:48:34.0584 2508 RichVideo (d1f1d0ee50f8c070a612796676971699) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:48:34.0615 2508 RichVideo - ok
09:48:34.0662 2508 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
09:48:34.0662 2508 rpcapd - ok
09:48:34.0693 2508 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
09:48:34.0693 2508 RpcLocator - ok
09:48:34.0740 2508 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
09:48:34.0755 2508 RpcSs - ok
09:48:34.0771 2508 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:48:34.0771 2508 rspndr - ok
09:48:34.0833 2508 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
09:48:34.0849 2508 RTHDMIAzAudService - ok
09:48:34.0911 2508 RTL8192su (20c8110486320213625c965943833e88) C:\Windows\system32\DRIVERS\RTL8192su.sys
09:48:34.0927 2508 RTL8192su - ok
09:48:34.0958 2508 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
09:48:34.0958 2508 RTSTOR - ok
09:48:35.0021 2508 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
09:48:35.0021 2508 SamSs - ok
09:48:35.0099 2508 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:48:35.0099 2508 sbp2port - ok
09:48:35.0145 2508 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
09:48:35.0161 2508 SCardSvr - ok
09:48:35.0239 2508 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
09:48:35.0239 2508 SCDEmu - ok
09:48:35.0301 2508 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
09:48:35.0348 2508 Schedule - ok
09:48:35.0411 2508 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
09:48:35.0411 2508 SCMNdisP - ok
09:48:35.0426 2508 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
09:48:35.0442 2508 SCPolicySvc - ok
09:48:35.0473 2508 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
09:48:35.0473 2508 SDRSVC - ok
09:48:35.0535 2508 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
09:48:35.0535 2508 Secdrv - ok
09:48:35.0582 2508 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
09:48:35.0582 2508 seclogon - ok
09:48:35.0629 2508 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
09:48:35.0645 2508 SENS - ok
09:48:35.0660 2508 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
09:48:35.0660 2508 Serenum - ok
09:48:35.0723 2508 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
09:48:35.0723 2508 Serial - ok
09:48:35.0769 2508 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:48:35.0785 2508 sermouse - ok
09:48:35.0879 2508 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
09:48:35.0894 2508 SessionEnv - ok
09:48:35.0941 2508 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:48:35.0941 2508 sffdisk - ok
09:48:35.0957 2508 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:48:35.0972 2508 sffp_mmc - ok
09:48:36.0019 2508 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:48:36.0019 2508 sffp_sd - ok
09:48:36.0035 2508 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:48:36.0035 2508 sfloppy - ok
09:48:36.0081 2508 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
09:48:36.0097 2508 SharedAccess - ok
09:48:36.0144 2508 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
09:48:36.0175 2508 ShellHWDetection - ok
09:48:36.0206 2508 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:48:36.0206 2508 SiSRaid2 - ok
09:48:36.0253 2508 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:48:36.0253 2508 SiSRaid4 - ok
09:48:36.0347 2508 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
09:48:36.0440 2508 slsvc - ok
09:48:36.0487 2508 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
09:48:36.0487 2508 SLUINotify - ok
09:48:36.0518 2508 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
09:48:36.0534 2508 Smb - ok
09:48:36.0596 2508 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
09:48:36.0596 2508 SNMPTRAP - ok
09:48:36.0659 2508 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
09:48:36.0659 2508 spldr - ok
09:48:36.0690 2508 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
09:48:36.0705 2508 Spooler - ok
09:48:36.0815 2508 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
09:48:36.0815 2508 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
09:48:36.0815 2508 sptd ( LockedFile.Multi.Generic ) - warning
09:48:36.0815 2508 sptd - detected LockedFile.Multi.Generic (1)
09:48:36.0846 2508 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
09:48:36.0861 2508 srv - ok
09:48:36.0908 2508 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
09:48:36.0924 2508 srv2 - ok
09:48:36.0924 2508 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
09:48:36.0939 2508 srvnet - ok
09:48:36.0955 2508 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
09:48:36.0955 2508 SSDPSRV - ok
09:48:37.0017 2508 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
09:48:37.0017 2508 SstpSvc - ok
09:48:37.0111 2508 Steam Client Service - ok
09:48:37.0173 2508 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
09:48:37.0220 2508 stisvc - ok
09:48:37.0283 2508 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:48:37.0283 2508 swenum - ok
09:48:37.0329 2508 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
09:48:37.0392 2508 swprv - ok
09:48:37.0423 2508 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:48:37.0423 2508 Symc8xx - ok
09:48:37.0454 2508 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:48:37.0454 2508 Sym_hi - ok
09:48:37.0485 2508 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:48:37.0485 2508 Sym_u3 - ok
09:48:37.0548 2508 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
09:48:37.0610 2508 SysMain - ok
09:48:37.0782 2508 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
09:48:37.0797 2508 TabletInputService - ok
09:48:37.0844 2508 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
09:48:37.0891 2508 TapiSrv - ok
09:48:37.0938 2508 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
09:48:37.0938 2508 TBS - ok
09:48:38.0016 2508 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
09:48:38.0031 2508 Tcpip - ok
09:48:38.0078 2508 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
09:48:38.0094 2508 Tcpip6 - ok
09:48:38.0156 2508 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
09:48:38.0156 2508 tcpipreg - ok
09:48:38.0172 2508 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:48:38.0187 2508 TDPIPE - ok
09:48:38.0219 2508 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:48:38.0219 2508 TDTCP - ok
09:48:38.0281 2508 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
09:48:38.0281 2508 tdx - ok
09:48:38.0406 2508 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
09:48:38.0453 2508 TeamViewer6 - ok
09:48:38.0609 2508 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:48:38.0640 2508 TeamViewer7 - ok
09:48:38.0780 2508 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
09:48:38.0780 2508 TermDD - ok
09:48:38.0843 2508 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
09:48:38.0858 2508 TermService - ok
09:48:38.0905 2508 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
09:48:38.0921 2508 Themes - ok
09:48:38.0983 2508 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
09:48:38.0983 2508 THREADORDER - ok
09:48:39.0014 2508 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
09:48:39.0014 2508 TrkWks - ok
09:48:39.0170 2508 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
09:48:39.0170 2508 TrustedInstaller - ok
09:48:39.0217 2508 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:48:39.0217 2508 tssecsrv - ok
09:48:39.0248 2508 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:48:39.0248 2508 tunmp - ok
09:48:39.0311 2508 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
09:48:39.0311 2508 tunnel - ok
09:48:39.0326 2508 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:48:39.0326 2508 uagp35 - ok
09:48:39.0389 2508 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
09:48:39.0389 2508 udfs - ok
09:48:39.0420 2508 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
09:48:39.0420 2508 UI0Detect - ok
09:48:39.0451 2508 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:48:39.0451 2508 uliagpkx - ok
09:48:39.0498 2508 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:48:39.0513 2508 uliahci - ok
09:48:39.0529 2508 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:48:39.0545 2508 UlSata - ok
09:48:39.0576 2508 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:48:39.0576 2508 ulsata2 - ok
09:48:39.0607 2508 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:48:39.0623 2508 umbus - ok
09:48:39.0669 2508 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
09:48:39.0732 2508 upnphost - ok
09:48:39.0763 2508 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
09:48:39.0763 2508 usbaudio - ok
09:48:39.0825 2508 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:48:39.0841 2508 usbccgp - ok
09:48:39.0888 2508 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:48:39.0888 2508 usbcir - ok
09:48:39.0935 2508 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
09:48:39.0935 2508 usbehci - ok
09:48:39.0966 2508 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
09:48:39.0966 2508 usbhub - ok
09:48:40.0028 2508 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
09:48:40.0028 2508 usbohci - ok
09:48:40.0091 2508 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:48:40.0091 2508 usbprint - ok
09:48:40.0137 2508 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:48:40.0137 2508 USBSTOR - ok
09:48:40.0184 2508 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:48:40.0184 2508 usbuhci - ok
09:48:40.0215 2508 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
09:48:40.0231 2508 UxSms - ok
09:48:40.0262 2508 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
09:48:40.0278 2508 vds - ok
09:48:40.0309 2508 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:48:40.0309 2508 vga - ok
09:48:40.0340 2508 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:48:40.0340 2508 VgaSave - ok
09:48:40.0356 2508 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:48:40.0356 2508 viaide - ok
09:48:40.0418 2508 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
09:48:40.0418 2508 vmm - ok
09:48:40.0481 2508 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
09:48:40.0481 2508 volmgr - ok
09:48:40.0527 2508 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
09:48:40.0527 2508 volmgrx - ok
09:48:40.0574 2508 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
09:48:40.0590 2508 volsnap - ok
09:48:40.0652 2508 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
09:48:40.0652 2508 VPCNetS2 - ok
09:48:40.0683 2508 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:48:40.0699 2508 vsmraid - ok
09:48:40.0777 2508 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
09:48:40.0855 2508 VSS - ok
09:48:40.0855 2508 vtany - ok
09:48:40.0902 2508 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
09:48:40.0964 2508 W32Time - ok
09:48:40.0980 2508 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:48:40.0995 2508 WacomPen - ok
09:48:41.0058 2508 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:48:41.0058 2508 Wanarp - ok
09:48:41.0058 2508 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:48:41.0073 2508 Wanarpv6 - ok
09:48:41.0105 2508 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
09:48:41.0151 2508 wcncsvc - ok
09:48:41.0183 2508 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
09:48:41.0183 2508 WcsPlugInService - ok
09:48:41.0214 2508 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:48:41.0214 2508 Wd - ok
09:48:41.0261 2508 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:48:41.0323 2508 Wdf01000 - ok
09:48:41.0370 2508 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
09:48:41.0385 2508 WdiServiceHost - ok
09:48:41.0385 2508 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
09:48:41.0401 2508 WdiSystemHost - ok
09:48:41.0432 2508 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
09:48:41.0448 2508 WebClient - ok
09:48:41.0479 2508 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
09:48:41.0510 2508 Wecsvc - ok
09:48:41.0526 2508 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
09:48:41.0541 2508 wercplsupport - ok
09:48:41.0588 2508 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
09:48:41.0651 2508 WerSvc - ok
09:48:41.0697 2508 WinDefend - ok
09:48:41.0713 2508 WinHttpAutoProxySvc - ok
09:48:41.0791 2508 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
09:48:41.0791 2508 Winmgmt - ok
09:48:41.0978 2508 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
09:48:42.0072 2508 WinRM - ok
09:48:42.0134 2508 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
09:48:42.0150 2508 Wlansvc - ok
09:48:42.0306 2508 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:48:42.0337 2508 wlidsvc - ok
09:48:42.0431 2508 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
09:48:42.0431 2508 WmiAcpi - ok
09:48:42.0493 2508 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
09:48:42.0509 2508 wmiApSrv - ok
09:48:42.0540 2508 WMPNetworkSvc - ok
09:48:42.0680 2508 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
09:48:42.0743 2508 WPCSvc - ok
09:48:42.0789 2508 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
09:48:42.0805 2508 WPDBusEnum - ok
09:48:42.0883 2508 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
09:48:42.0883 2508 WpdUsb - ok
09:48:43.0101 2508 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:48:43.0164 2508 WPFFontCache_v0400 - ok
09:48:43.0195 2508 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:48:43.0195 2508 ws2ifsl - ok
09:48:43.0226 2508 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
09:48:43.0242 2508 wscsvc - ok
09:48:43.0257 2508 WSearch - ok
09:48:43.0382 2508 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
09:48:43.0382 2508 WSWNA1100 - ok
09:48:43.0476 2508 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
09:48:43.0569 2508 wuauserv - ok
09:48:43.0632 2508 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:48:43.0632 2508 WUDFRd - ok
09:48:43.0679 2508 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
09:48:43.0694 2508 wudfsvc - ok
09:48:43.0725 2508 X6va005 - ok
09:48:43.0788 2508 xspirit - ok
09:48:43.0803 2508 yksvc - ok
09:48:43.0850 2508 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
09:48:43.0866 2508 yukonx64 - ok
09:48:43.0975 2508 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
09:48:48.0951 2508 \Device\Harddisk0\DR0 - ok
09:48:48.0998 2508 Boot (0x1200) (5afe3da0bded2ac89afc99fcd1f3e44a) \Device\Harddisk0\DR0\Partition0
09:48:48.0998 2508 \Device\Harddisk0\DR0\Partition0 - ok
09:48:49.0014 2508 ============================================================
09:48:49.0014 2508 Scan finished
09:48:49.0014 2508 ============================================================
09:48:49.0029 5752 Detected object count: 2
09:48:49.0029 5752 Actual detected object count: 2
09:48:57.0594 5752 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
09:48:57.0594 5752 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
09:48:57.0594 5752 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:48:57.0594 5752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

-kosmic94

#18 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 28 March 2012 - 08:56 AM

By the way, i should note this: The first time I was trying to download TDSSkiller, I was getting it through a link from the bleepingcomputer site. Even though this virus apparently isn't TDSS (at least not that TDSSkiller can detect), I had a hard time getting that file to download. The page would load, and then turn white. I had to refresh the page and quickly hit download to get the program. Maybe that's just an issue with their site or my browser but I thought I'd throw it out there. However, I did not have an issue downloading TDSSkiller this time from the link you gave me, although it was apparently the same link, since my download manager did pop up and say there was already a download from that link.

-kosmic94

#19 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 March 2012 - 09:53 AM

The aswMBR result is good. The TDSSKILLER run indicates follow-up is needed on sptd.sys driver
You have installed Daemon tools Lite on this system.

Disable CD-ROM Emulation Software:
Please download the following tool DeFogger to your desktop.
◦Double click DeFogger to run the tool.
◦The application window will appear
◦Click the Disable button to disable your CD Emulation drivers.
◦Click Yes to continue
◦A 'Finished!' message will appear
◦Click OK
◦DeFogger will now ask to reboot the machine - click OK
◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
◦Do not re-enable these drivers until otherwise instructed.

Step 2
There's 2 utilities & 2 programs that are out-of-date and pose security concerns. Let's get them updated.

Java
Posted Image
Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Flash Player
Close all browsers and instant messenger (IM) programs.

Next, press Start orb, then in Run box, type in
appwiz.cpl
and press Enter-key
Look for Adobe Flash Player. Select it and then select Un-install (remove). If more than 1 flash player listed, remove each one.

Next, Go to http://www.adobe.com/go/getflash
and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Adobe Reader
Next, press Start orb, then in Run box, type in
appwiz.cpl
and press Enter-key
Look for Adobe Reader. Select it and un-install

Get latest Adobe Reader version
http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Firefox browser
Start it. Select Help >> About
Let it search for latest version. Allow it to Update and to apply the current version.

Step 3
You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/
  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image
Step 4
Re-enable the antivirus program.

Reply with copy of the Eset scan log
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#20 kosmic94

kosmic94

    New Member

  • Members
  • Pip
  • 28 posts

Posted 28 March 2012 - 10:57 AM

I did as you instructed with the Java, and even rebooted my computer after installing it, but I do not see the control access in the control panel, nor do I see any way to access controls in its installed folder. So you know, I am using Vista Home Premium x64.

Two other bits of pertinent information: First, my avast antivirus no longer seems to be starting automatically on startup, and, second, both times I restarted, after removing the Java, and after installing the new, the computer took an incredibly long time on the "Shutting Down" screen.

I am on the part about going into the Java controls. I await your instructions before proceeding.

-kosmic94




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users