Free Malware Removal Forum

by **afreihat** » December 14th, 2010, 4:13 am

Hi, i'm new here, but i've been having this problem for over a month now. Everytime I click on any search bar, a new window opens that takes me to google or some other unknown search engine. This also happens with search result links from google.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:57:42 AM, on 14/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\kass.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsn.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KeyAccess] kass.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KeyAccess - Sassafras Software Inc. - C:\Windows\keyacc32.exe

--
End of file - 6396 bytes

Installed Programs:

uTorrent
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
AVG 2011
Bonjour
Broadcom 802.11 Network Adapter
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Free iPod Video Converter 1.34
HiJackThis
Hitman Pro 3.5
Intel(r) Graphics Media Accelerator Driver
iTunes
Launch Manager
Malwarebytes' Anti-Malware
Microsoft Office Enterprise 2007
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
QuickTime
Realtek High Definition Audio Driver
Sassafras K2 Client
SUPERAntiSpyware
Synaptics Pointing Device Driver
Video Web Camera
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - ENE (EUCR) USB(11/23/2009 5.89.0.62)
Windows Essentials Media Codec Pack 3.2 [32-Bit]
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Mobile Device Center
WinRAR archiver

Well thanks in advance to whoever helps me out.

by **Cypher** » December 16th, 2010, 3:06 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.

The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process.
Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
How to backup your data - Vista

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
When prompted by this with anything I ask you to do carry out please select the option Allow.

Remove P2P Programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent
Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Click on Start > All programs > Accessories > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.

Right click on RSIT.exe And select " Run as administrator " to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... 2 logs files...will be produced.
The first one, "log.txt", << will be maximized
The second one, "info.txt", << will be minimized.

Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply

Next.

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
* This can take a while. Please be patient *.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of this log in you're next reply.
This log can be lengthy you may have to post it in separate replies.
Note: You may get the following warning - it is ok - just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Logs/Information to Post in your Next Reply

RSIT log.txt and info.txt contents.
RKUnHooker log.
Please give me an update on your computers performance.

by **afreihat** » December 17th, 2010, 12:17 am

log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Freihat at 2010-12-16 23:07:20
Microsoft Windows 7 Professional
System drive C: has 91 GB (65%) free of 140 GB
Total RAM: 1013 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:43 PM, on 16/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\kass.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Freihat\Desktop\RSIT.exe
C:\Program Files\trend micro\Freihat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsn.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KeyAccess] kass.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KeyAccess - Sassafras Software Inc. - C:\Windows\keyacc32.exe

--
End of file - 6313 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-11-04 2731360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-25 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-25 2475336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-23 1594664]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-05 150552]
"Camera Assistant Software"=C:\Program Files\Video Web Camera\traybar.exe [2009-10-29 600688]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-10-07 1157640]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-12 7707168]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-10-15 233472]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"KeyAccess"=C:\Windows\kass.exe [2009-07-15 90816]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-10-22 2745696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="KATRACK.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-16 23:07:20 ----D---- C:\rsit
2010-12-15 23:03:35 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 23:03:35 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 23:03:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 23:03:34 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 23:03:34 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 23:03:34 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 23:03:33 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 23:03:33 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 23:03:32 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 23:03:32 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 23:03:32 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 23:03:31 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 23:03:30 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 23:03:29 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 23:03:26 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 23:03:07 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 23:03:06 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 23:03:06 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 23:03:06 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 23:03:06 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 23:03:06 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 23:02:58 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 23:02:58 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 23:02:52 ----A---- C:\Windows\system32\webio.dll
2010-12-15 23:01:47 ----A---- C:\Windows\system32\consent.exe
2010-12-15 23:01:16 ----A---- C:\Windows\system32\win32k.sys
2010-12-14 02:05:29 ----A---- C:\Windows\system32\bootdelete.exe
2010-12-14 02:00:15 ----A---- C:\Windows\system32\drivers\hitmanpro35.sys
2010-12-14 02:00:10 ----D---- C:\Program Files\Hitman Pro 3.5
2010-12-14 01:59:24 ----D---- C:\ProgramData\Hitman Pro
2010-12-14 01:52:26 ----D---- C:\Program Files\Trend Micro
2010-12-12 03:49:10 ----D---- C:\Windows\system32\directx
2010-12-12 03:48:18 ----D---- C:\Program Files\Essentials Codec Pack
2010-11-23 19:03:40 ----D---- C:\ProgramData\AVG Security Toolbar

======List of files/folders modified in the last 1 months======

2010-12-16 23:04:00 ----RD---- C:\Program Files
2010-12-16 18:44:29 ----D---- C:\Windows\Temp
2010-12-16 18:44:07 ----D---- C:\Windows\system32\drivers\AVG
2010-12-16 16:20:00 ----D---- C:\Windows\system32\config
2010-12-16 00:35:05 ----D---- C:\Windows\Prefetch
2010-12-16 00:33:38 ----A---- C:\Windows\keyacc.ini
2010-12-15 23:17:48 ----D---- C:\Windows\winsxs
2010-12-15 23:16:27 ----D---- C:\Windows\System32
2010-12-15 23:15:08 ----D---- C:\Windows\system32\migration
2010-12-15 23:15:08 ----D---- C:\Program Files\Windows Mail
2010-12-15 23:15:08 ----D---- C:\Program Files\Internet Explorer
2010-12-15 23:04:57 ----D---- C:\Windows\system32\catroot
2010-12-15 23:04:07 ----D---- C:\Windows\system32\catroot2
2010-12-15 23:02:51 ----SHD---- C:\Windows\Installer
2010-12-15 23:02:42 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 23:00:57 ----SHD---- C:\System Volume Information
2010-12-14 02:00:15 ----D---- C:\Windows\system32\drivers
2010-12-14 01:59:24 ----HD---- C:\ProgramData
2010-12-14 01:52:26 ----SD---- C:\Users\Freihat\AppData\Roaming\Microsoft
2010-12-14 01:42:18 ----D---- C:\Windows\system32\LogFiles
2010-12-12 03:49:22 ----HD---- C:\Windows\msdownld.tmp
2010-12-12 03:49:09 ----D---- C:\Windows\Logs
2010-12-12 03:49:00 ----D---- C:\Windows\system32\Tasks
2010-12-11 12:37:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-09 21:36:01 ----D---- C:\Windows\ShellNew
2010-12-09 15:54:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-09 15:54:02 ----D---- C:\Windows\inf
2010-12-07 01:21:53 ----D---- C:\Program Files\SUPERAntiSpyware
2010-11-23 18:51:04 ----D---- C:\ProgramData\MFAData
2010-11-23 18:01:24 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-09 299984]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-11-06 1227776]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-12 2748192]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-23 231856]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-08-07 212528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 78336]
S3 EUCR;EUCR; C:\Windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]
S4 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys []
S4 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
S4 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys []
S4 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys []
S4 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
R2 KeyAccess;KeyAccess; C:\Windows\keyacc32.exe [2009-07-15 1090240]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-25 517448]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]

-----------------EOF-----------------

by **afreihat** » December 17th, 2010, 12:18 am

info.txt

info.txt logfile of random's system information tool 1.08 2010-12-16 23:07:49

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}
AVG 2011-->MsiExec.exe /I{A23061AF-5361-433C-B7F0-CE5F79A22C49}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver"
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Sassafras K2 Client-->MsiExec.exe /I{E23D1D2C-1762-11D5-A8D2-00C04FA35723}
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB980376)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (KB2466076)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EE71630C-C756-4343-B620-DB5958609E3D}
Video Web Camera-->"C:\Program Files\InstallShield Installation Information\{12A1B519-5934-4508-ADBD-335347B0DC87}\setup.exe" -runfromtemp -l0x0409 -removeonly
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-vistax86-brcm.inf_x86_neutral_a622a4701b0a8e59\bcbtums-vistax86-brcm.inf
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x86-brcm.inf_x86_neutral_3d39d8a589bd3368\bcbtums-win7x86-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid32.inf_x86_neutral_6c4f31312ffe9ed6\bcbthid32.inf
Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62)-->C:\PROGRA~1\DIFX\198A84B0EB590201\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\eucr6sk.inf_x86_neutral_da91b7d33ed3694a\eucr6sk.inf
Windows Essentials Media Codec Pack 3.2 [32-Bit]-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Freihat-PC
Event Code: 15
Message: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.
Record Number: 574
Source Name: ACPI
Time Written: 20100528034409.959338-000
Event Type: Warning
User:

Computer Name: Freihat-PC
Event Code: 15
Message: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.
Record Number: 515
Source Name: ACPI
Time Written: 20100528013237.504220-000
Event Type: Warning
User:

Computer Name: Freihat-PC
Event Code: 15
Message: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.
Record Number: 513
Source Name: ACPI
Time Written: 20100528012550.756676-000
Event Type: Warning
User:

Computer Name: Freihat-PC
Event Code: 15
Message: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.
Record Number: 449
Source Name: ACPI
Time Written: 20100528011939.081613-000
Event Type: Warning
User:

Computer Name: Freihat-PC
Event Code: 15
Message: : The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.
Record Number: 353
Source Name: ACPI
Time Written: 20100528041505.173615-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Freihat-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fc983d33-9768-49ca-84d7-1892ffe0dd11}
Record Number: 235
Source Name: VSS
Time Written: 20100528034109.000000-000
Event Type: Error
User:

Computer Name: Freihat-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 207
Source Name: Microsoft-Windows-Search
Time Written: 20100528012056.000000-000
Event Type: Warning
User:

Computer Name: Freihat-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=BBBBB
ACID=?
Detailed Error[?]

Record Number: 185
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100528011901.000000-000
Event Type: Error
User:

Computer Name: Freihat-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 182
Source Name: Microsoft-Windows-Search
Time Written: 20100528041850.000000-000
Event Type: Warning
User:

Computer Name: 37L4247D28-05
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 169
Source Name: Microsoft-Windows-Search
Time Written: 20100528041431.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100528040202.435687-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100528040202.388887-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x23667
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100528040201.764886-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100528040158.379680-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100528040158.254880-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

by **afreihat** » December 17th, 2010, 2:47 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8CC01000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C0D000 C:\Windows\system32\ntoskrnl.exe 4194304 bytes (Microsoft Corporation, NT Kernel & System)
0x81C0D000 PnpManager 4194304 bytes
0x81C0D000 RAW 4194304 bytes
0x81C0D000 WMIxWDM 4194304 bytes
0x8D83C000 C:\Windows\system32\drivers\RTKVHDA.sys 2744320 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8F820000 Win32k 2404352 bytes
0x8F820000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x87421000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8D22A000 C:\Windows\system32\DRIVERS\athr.sys 1241088 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8703E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8D10A000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8721F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x86CF4000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA882E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C73D000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x86C21000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x86D9F000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8C466000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x871AB000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x87339000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA894C000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xA88FD000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D36E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86EE0000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x86E1E000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8777A000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8C6F7000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8C6A2000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x86CB2000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8C405000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x875AC000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x872D6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8C4F0000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x87000000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8D1C1000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8200D000 ACPI_HAL 225280 bytes
0x8200D000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C55F000 C:\Windows\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x86F8E000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C660000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x87638000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x877C2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8756A000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DADA000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x875F3000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8716D000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x86E77000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8767B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x87314000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8DB6C000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x86F4A000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8C7D4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8C5EE000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x873D5000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA88CF000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8C52C000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x876F9000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D1FA000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x87400000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FAB0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DBA5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x876A0000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DBC0000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8D813000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DB09000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8C4CA000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D3CC000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8C5CB000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8C610000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C628000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C63F000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x87758000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8DB55000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x86F2B000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x87198000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8D800000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x873B2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C5B9000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8C54D000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8C7C2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8766A000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8DB44000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x86FC2000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D219000 C:\Windows\system32\DRIVERS\L1C62x86.sys 69632 bytes (Atheros Communications, Inc., Atheros L1c PCI-E Gigabit Ethernet Controller)
0x8C6E6000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x86EAC000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x86C99000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87393000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8DBDA000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87620000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8DBEA000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x873C5000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x86ED0000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D3B9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8C4E2000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x873A4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8774A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x86F77000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x87208000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8C694000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86E10000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8C5AC000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8DB22000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D3EE000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C596000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA88F0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8771A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x876D3000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8C45A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x876ED000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86EC5000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8DB2F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8DB9A000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8773F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C5E3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8776F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8D363000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x86EA1000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8D3E4000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8DB3A000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8DB90000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x86F6D000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8C450000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C446000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8C656000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA88C5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8D359000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x86F85000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA8A07000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x86F41000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x87216000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA8A77000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8FA80000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8759B000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8C5A3000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x86E66000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86CAA000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86EBD000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x87630000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x81976000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x86E6F000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x87727000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8772F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x87737000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x875EB000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x875A4000 C:\Windows\system32\DRIVERS\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x876E6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x876DF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x877F4000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x873F7000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8D3C8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8D3FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D3FB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xA89C7F2E Unknown thread object [ ETHREAD 0x84742A50 ] , 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_3212D80E.exe_e852f323cc99416bce9dde9916daaee5d2442c_14f01fda\Report.wer
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\00,200,200,150_ZAClip,4,121,19,200,verdenab,8,255,255,255,1_ZAStone,4,136,19,200,arialbd,7,255,255,255,1_ZA01_07,164,1,14,40,verdenab,7,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\119_PIimdb-HDIconMiniWhite,BottomLeft,124,-122_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\1;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c1;s=c2;s=c3;s=c4;;u=1702350846960740.7;ord=1702350846960740[1].7g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\1;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c4;s=c3;s=c2;s=c1;;u=2941104579676683.5;ord=2941104579676683[1].5g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\1;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c3;s=c4;s=c4;s=c1;s=c2;s=c1;;u=2390407219080117.5;ord=2390407219080117[1].5g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c1;s=c4;s=c2;s=c3;s=c4;;u=2463875917039981;ord=2463875917039981[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c1;s=c4;s=c3;s=c2;s=c4;;u=9836496033346848;ord=9836496033346848[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c3;s=c4;s=c2;s=c1;s=c1;s=c4;;u=5944171496498668;ord=5944171496498668[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c3;s=c4;s=c2;s=c4;s=c1;s=c1;;u=4170250304389086;ord=4170250304389086[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c1;s=c2;s=c3;s=c4;s=c1;;u=8193495214802545;ord=8193495214802545[2]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c1;s=c3;s=c1;s=c2;s=c4;;u=9245159160436092;ord=9245159160436092[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\38;s=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c3;s=c1;s=c2;s=c1;s=c4;;u=9353782524173912;ord=9353782524173912[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c3;s=c4;s=c1;s=c2;;u=1844385003977193.7;ord=1844385003977193[1].7g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c1;s=c2;s=c1;s=c4;s=c3;;u=3100906343227887.5;ord=3100906343227887[2].5g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c1;s=c2;s=c3;s=c1;s=c4;;u=1686506822263270.7;ord=1686506822263270[1].7g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c3;s=c1;s=c2;s=c1;s=c4;;u=1769214330138905.7;ord=1769214330138905[1].7g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\=67;s=337;s=340;s=339;s=440;s=284;s=9;s=799;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c3;s=c2;s=c4;s=c1;s=c1;;u=1127909903343397.5;ord=1127909903343397[1].5g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\b-HDIconMiniWhite,BottomLeft,124,-122_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZAMusic%20Video,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\imdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZAInterview,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\imdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZAInterview,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\PIimdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\PIimdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\PIimdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[4].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\PIimdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[5].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\PIimdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[7].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c1;s=c4;s=c3;s=c2;s=c4;;u=7518142044204634;ord=7518142044204634[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c1;s=c4;s=c3;s=c2;s=c4;;u=7518142044204634;ord=7518142044204634[2]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c2;s=c3;s=c4;s=c4;s=c1;;u=5491706242374819;ord=5491706242374819[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c3;s=c4;s=c1;s=c4;s=c2;;u=8338857521406394;ord=8338857521406394[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c1;s=c2;s=c3;s=c4;;u=6811472235927277;ord=6811472235927277[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c3;s=c4;s=c4;s=c1;s=c2;s=c1;;u=6797974054428105;ord=6797974054428105[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\_PIimdb-HDIconMiniWhite,BottomLeft,124,-122_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14E5745A\_PIimdb-HDIconMiniWhite,BottomLeft,124,-122_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\2;s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c4;s=c3;s=c1;s=c4;s=c2;s=c1;;u=532137532601476;ord=532137532601476[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\PIimdb-blackband-204-28,BottomLeft,120,-119_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c1;s=c4;s=c3;s=c2;s=c4;;u=9190011452957008;ord=9190011452957008[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c2;s=c3;s=c4;s=c4;s=c1;;u=5491706242374819;ord=5491706242374819[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c2;s=c3;s=c4;s=c4;s=c1;;u=6620701163260210;ord=6620701163260210[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c1;s=c2;s=c3;s=c4;;u=5106495216756829;ord=5106495216756829[1]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c1;s=c2;s=c3;s=c4;;u=5106495216756829;ord=5106495216756829[2]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\s=341;s=344;s=343;s=338;s=337;s=340;s=339;s=284;s=283;s=333;s=1009;s=334;s=335;s=336;s=32;s=c1;s=c4;s=c1;s=c2;s=c3;s=c4;;u=7595468443771629;ord=7595468443771629[2]g
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\_PIimdb-HDIconMiniWhite,BottomLeft,124,-122_PIimdb-bluebutton-big,BottomLeft,212,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[6].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JJCGHLM\_ZATrailer,4,121,19,200,verdenab,8,255,255,255,1_ZAHunt%20to%20Kill,4,136,19,200,arialbd,7,255,255,255,1_ZA01_32,164,1,14,40,verdenab,7,255,255,255,1_FMpng_[1].pngg
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF01001A5A86B4E2F1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF013EB4185ACE3E5B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF020166172A15693C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0300D6DCA18B05DB.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF040DE74E100E0C34.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF04BA860BEB342E48.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF05F9077B5AE71EF3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF064793C8F4E1BEA6.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF064B6A6FB4C64074.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF06DE01C2B9E6B255.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF07119771F18EDA04.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0A094AA6021B4396.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0AA44437B28A39CD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0AEACCA7CCE70149.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0B9933AA3AB5AA7E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0BE2827561BD0132.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0C0770E593D51BD5.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0CDA3F2043F014C0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0CF4785E48BE430E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0DA1C82EB433BA2B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF0EB6D425CCDF0B1E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1041C0250EAEA81B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF11B5FBE9425DD29B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF145A05991B2FA41B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF14F8F3419F5AF2D0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF150BC13A753C2606.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF150BC90C9E22DD35.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF169747B1540C4784.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF16DF53F13B431C48.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF173353D8932F4DE1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF18B2F9F8BFB69089.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF198692B9D9A7F720.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF19A85D4B84510D6D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1B5F308CAAB6DA1E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1E38E88B2D2B1A67.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1E655385B8E3A0F0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1E752DA114005BB8.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1F0D7D591C35CD5B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF1F905165EB0AB9BA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2305E4630774ACFB.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2399A4405193A6FC.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF25FA738B37C727EB.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF265B0E433911EC84.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF27802C4D2DEBD3ED.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2867C1DCFE7375F2.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF28DB86C69CC2673D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2A3C977861806483.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2C81BF245F3A52FA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2CDD88D0ADBF57EF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2D083AE3F79BFB80.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2E2AD4C8DF62C21D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2EF37B252DF95535.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF2F501A704120C989.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3098C5AF9EA0FB10.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF30CDA63CEF51D981.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3194CFCE09973CC9.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF31998EF1073DBB64.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF31DAC8F1CAD0C72C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3230673B6D74ADAA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF33CAEF4EE6B4D365.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF34AA6CA10A27AF3E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF34F6F33734BA0A8D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF353FB00CCCDC65B5.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF35662388953B57D3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF36524861D2CC3E4B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3B205390B1C8AFFD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3C183F55234AE362.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3C998FE8F252042C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3D9411E8E44F22C6.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3E0C1FE7344FE15A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3E27F4D00F269E34.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3E795363B715A73B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF3EB1E9B831026879.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF43B6B493D7454F51.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF43EACF75096EB96C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF43F00397A226C17D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4494F147E2ABEA4E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF44EB5CD6B6492677.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4519D43028005B8A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF45394AD2AF02CF0F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF45799EC337E5F7F7.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF463D9809C4AA72FE.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4657C15695C70048.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF486325782DF61D1C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4949F4325EF1FA69.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4C8D9E9D5369DBE1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4ED9D304F0306E38.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4F09C15F0C9E3273.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF4F72C70F0F6A278E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF509872DC52CFDFBD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF50E974E1E7406AF2.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF52F8441F1D65D71E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF541BC8B2F0D97231.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF54DEAC7D47B04E52.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF54F6FE6D2E7221B0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF56B5EB6C2BD1CB62.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF57849D254DBFEC5F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5916E3F73614D941.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5983E4AB8177687B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5BD8C1B8FEB96339.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5BDF4D3A5CEBB7C9.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5D10922D45904D48.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5DCBB25B041C3E86.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5DF060E0A115C4BD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5F0058AE923BE8BB.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF5F896A6E6190EAE5.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF60F01091114F655D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF612B7A3354B321CD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF61371DC72B668C08.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF625D52FDB114BC04.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF62ABF5FC934668C6.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF62E7A6C9829B449F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6412F3FF46D58055.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF64CDB61045B7AF00.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF66BDC188B1B0B3C0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF66CF5DBB3568EA69.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF68B34A06B1CFB6AF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF68CA1906E77A33D2.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6B7071E4760C5909.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6B747442C3F64929.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6CCDCD0F49F5B803.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6D4097A517AEF1DA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6D7091914A78FFEF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF6E0E5CC3DA297903.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF70EB81BB9EDD02B6.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF71646378AE2324AA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF71C928801BDAF568.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF71DBEEB26C444E94.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF738340D8F53DA9E8.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF760F40FEF7288441.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF763FED3DDB060F94.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF78EC05301FE00FAD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF79AD31BF48DA3C7A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF7D223061CC482FCD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF7D57EBFB8E163124.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF7EF41CCB3C3F9689.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF7EF835C859B0BFA0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF7F967149E067A9A5.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF8069AFD82AD5873E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF80A4D19835E89CEE.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF81CB7C6289700DE1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF81FA205A005B1FD7.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF840D4557E49C90C1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF8563989274178613.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF8595C41C4E2882C3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF868911D2B2A2AE89.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF874270AFE90F6317.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF874D160388A5AB59.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF8D010060FD18525E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF8D5AB776A00FB24B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF8D7409B032019DCF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF90298A1A21DF2865.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF911D231BC71C60C0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF934FC460D03958A0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9582208E86D19E9B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF95D8112D4CB5CFF1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9637A7E350FBE08A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF96B0F1BB2C404664.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF96B5C17607260028.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF96D3C9CD1E186479.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF971ABE11AE68DB22.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9788297CECD34D56.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF97B946DC0ABD28E4.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF97D9814ED30EE077.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF981670C671EAC7AB.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9A26E4FCBAB440D1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9A61A17257B7C30F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9D2731DD80A9321B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9D380566985532CD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9D39FFAE1BE828AD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9D7FFDF3CE9AF414.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9E4CE8E3C70B6356.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9EAC8E627EB71E76.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DF9F823D993921D079.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA0AB7EA18B140A4B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA0FBA4C78F3663DE.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA11D56A8BD2B4194.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA145B9682120681D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA147AF4783F36E06.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA24574B207ADDA90.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA3028C87E2CC1E59.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA4520C3EA8B0E089.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA461547C647F05B9.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA49A87422E48A94B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA584F19FB4D7FDE3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA67B4101EC32C422.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA7342CC9AF0871B7.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA7B4D54892C87028.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA82DA7FEFC3AEFBF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA8464AA8ACBCC9FA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFA8A81A77C986B8A3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFABE323F73B41C644.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFAC52C344ED8E67A2.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB2D8426E4599B10E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB2DDBB2241ED94B5.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB3A615E1BA9BC5D0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB3E3EA6B1424DE78.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB4CF617D0940FF63.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB4F62E5530FB24B3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB5790559D6074FD0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB59053CCCDCA7459.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB5B3CA6746600C6A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB5F871B7625D2868.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB759C3438A80DC1E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB8629332053D8CCB.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB868938299078149.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB8B4CE906AB484A5.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB97BD929263BC712.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFB9AFF571909C8EF8.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFBB1741660BB01651.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFBE1E1D95A3216773.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFBE351DA3C2DC6EDC.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFBEAA6EC7AF526F24.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFBEC74CAA5EA32F8E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFBF4D1145938E6289.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC08663452E6C1928.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC0F6DC2CD75F1BC3.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC1F6A20D6DB93120.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC3024DCD4EFDADE6.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC3174EA885B78795.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC377B8ABC4B5E288.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC7B7968159E57031.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC8737077AA116ADE.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFC8A02D365B1FE34D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCA8BE183EE6CD9A8.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCACC8713CFFAB8EC.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCB1E8B718991CCEA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCC9F9FCFFFE78279.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCD12FC277E7B7A9E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCE4C33C3C9E416DA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCF0372392130F66E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFCFF593122FDA311D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD083CAE471B2D278.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD094B83D41D353F9.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD21289B3B6A248A0.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD2D93D47B4D76F7C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD3AB7716A3CC8A4C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD4A4C234BB788C0F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD62A93B848586E88.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD67FF15433FD2438.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD809C0B4A09AC1C1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD8242202FF3AD54E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFD9A50A06D6B03B72.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFDCEC1FED85906AAC.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFDE69475BBE1A5378.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFDF29B68D3A16B621.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFDFC05BE837B3D2E7.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFDFD22DF4E3CC7C7B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE146390A0118DDD4.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE267D77BB4444B08.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE2F2F9686BA4932F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE30A5CEA0C7BD5E9.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE4F86B3A0145AD87.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE6040CF94FE3E10D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE616FEB85D19497D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE6202A8130704B68.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE75CB762171B5E50.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE7EEE70A565B7087.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE80DD60454967AFA.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE8B6944A93E687A8.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE8C592FF8F37A79B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE8DF4492E1417148.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFE9AE6EE83E6BEF63.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEA08CDC0132F54A1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEA2C5630A8187A14.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEA8A3B6FCB3C109F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEBF3803BBA7BE224.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEC0692F0C0BBBF8D.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEC07FA7BA0250304.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEC28633FEFB46C10.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEC348524D52D547B.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFEE74DCE025CE2748.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF09F72D8C08BF204.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF0F9DB9DD0E04183.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF10FAA48FA4DFD02.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF1312683E3FE876F.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF153247EC22883D1.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF2CDC75A2792F020.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF2D116A20BC88A18.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF5A3139019240FBF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF5D60B699989BBBF.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF77C6C87AE1B0E3A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF7D3855021BEEE5E.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF80C5C2E9D8F057C.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFF9C48CBF1A3FEEDD.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFA91E5F500A51157.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFB0B7BAF8A3AE8E4.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFBF585E0BCD8B35A.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFD4FA7EB551DF3CE.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFD97DD2240EE5798.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFF07139FB23AB0EE.TMP::$DATA
!-->[Hidden] C:\Users\Freihat\AppData\Local\Temp\~DFFF4AB194E6C65F57.TMP::$DATA
!-->[Hidden] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog00.sqm
!-->[Hidden] C:\Windows\SoftwareDistribution\DataStore\DataStore.edb::$DATA
!-->[Hidden] C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log::$DATA
==============================================
>Hooks
==============================================

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

As for the update on the activity of my computer, the scan didnt change anything, i'm not sure if it was supposed to or not, but my internet and computers speed is excellent although it does tend to freeze every once in a while usually when a pop-up opens.

by **Cypher** » December 17th, 2010, 6:50 am

Hi afreihat.

MBRCheck

MBRCheck.exe

desktop

Right click on MBRCheck.exe and select " Run as administrator " to run it.
A window similar to this should open on your desktop:

If you are prompted with options, enter N at the prompt and press Enter
Press Enter again.
A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
Please post the contents of the log in your next reply.

by **afreihat** » December 17th, 2010, 7:00 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Gateway
System Product Name: LT21
Logical Drives Mask: 0x00000004

Kernel Drivers (total 151):
0x81C0D000 \SystemRoot\system32\ntoskrnl.exe
0x8200D000 \SystemRoot\system32\halmacpi.dll
0x81976000 \SystemRoot\system32\kdcom.dll
0x86C21000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x86C99000 \SystemRoot\system32\PSHED.dll
0x86CAA000 \SystemRoot\system32\BOOTVID.dll
0x86CB2000 \SystemRoot\system32\CLFS.SYS
0x86CF4000 \SystemRoot\system32\CI.dll
0x86D9F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86E10000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86E1E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x86E66000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x86E6F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x86E77000 \SystemRoot\system32\DRIVERS\pci.sys
0x86EA1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x86EAC000 \SystemRoot\System32\drivers\partmgr.sys
0x86EBD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86EC5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x86ED0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x86EE0000 \SystemRoot\System32\drivers\volmgrx.sys
0x86F2B000 \SystemRoot\System32\drivers\mountmgr.sys
0x86F41000 \SystemRoot\system32\DRIVERS\atapi.sys
0x86F4A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x86F6D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x86F77000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x86F85000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x86F8E000 \SystemRoot\system32\drivers\fltmgr.sys
0x86FC2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8703E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8716D000 \SystemRoot\System32\Drivers\msrpc.sys
0x87198000 \SystemRoot\System32\Drivers\ksecdd.sys
0x871AB000 \SystemRoot\System32\Drivers\cng.sys
0x87208000 \SystemRoot\System32\drivers\pcw.sys
0x87216000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8721F000 \SystemRoot\system32\drivers\ndis.sys
0x872D6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87314000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87421000 \SystemRoot\System32\drivers\tcpip.sys
0x8756A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8759B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x875A4000 \SystemRoot\system32\DRIVERS\wd.sys
0x875AC000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x875EB000 \SystemRoot\System32\Drivers\spldr.sys
0x875F3000 \SystemRoot\System32\drivers\rdyboost.sys
0x87620000 \SystemRoot\System32\Drivers\mup.sys
0x87630000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87638000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8766A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8767B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x876D3000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x876DF000 \SystemRoot\System32\Drivers\Null.SYS
0x876E6000 \SystemRoot\System32\Drivers\Beep.SYS
0x876ED000 \SystemRoot\System32\drivers\vga.sys
0x876F9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8771A000 \SystemRoot\System32\drivers\watchdog.sys
0x87727000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8772F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x87737000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8773F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8774A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x87758000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8776F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8777A000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x877C2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x87339000 \SystemRoot\system32\drivers\afd.sys
0x877F4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x87400000 \SystemRoot\system32\DRIVERS\pacer.sys
0x87393000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x873A4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x873B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x873C5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x873D5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x873F7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C405000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C446000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C450000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C45A000 \SystemRoot\System32\drivers\discache.sys
0x8C466000 \SystemRoot\system32\drivers\csc.sys
0x8C4CA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C4E2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8C4F0000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8C52C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C54D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CC01000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D10A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D1C1000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8D1FA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D219000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x8D22A000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D359000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8D363000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D36E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D3B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D3C8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D3CC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D3E4000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8D3EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C55F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D3FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C596000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C5A3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C5AC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8C5B9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8C5CB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C5E3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C5EE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C610000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C628000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C63F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C656000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8D3FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C660000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C694000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C6A2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C6E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D83C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8DADA000 \SystemRoot\system32\drivers\portcls.sys
0x8DB09000 \SystemRoot\system32\drivers\drmk.sys
0x8DB22000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DB2F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DB3A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8DB44000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8DB55000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DB6C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F820000 \SystemRoot\System32\win32k.sys
0x8DB90000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DB9A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8FA80000 \SystemRoot\System32\TSDDD.dll
0x8FAB0000 \SystemRoot\System32\cdd.dll
0x8DBA5000 \SystemRoot\system32\drivers\luafv.sys
0x8DBC0000 \SystemRoot\system32\drivers\WudfPf.sys
0x8DBDA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C6F7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DBEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D800000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C73D000 \SystemRoot\system32\drivers\HTTP.sys
0x8D813000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8C7C2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C7D4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x87000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x876A0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA882E000 \SystemRoot\system32\drivers\peauth.sys
0xA88C5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA88CF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA88F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA88FD000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA894C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA8A07000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77BD0000 \Windows\System32\ntdll.dll
0x47CA0000 \Windows\System32\smss.exe
0x77E10000 \Windows\System32\apisetschema.dll

Processes (total 57):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
384 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
576 csrss.exe
632 C:\Windows\System32\wininit.exe
644 csrss.exe
684 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\services.exe
756 C:\Windows\System32\lsass.exe
764 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\dwm.exe
1652 C:\Windows\System32\spoolsv.exe
1664 C:\Windows\explorer.exe
1672 C:\Windows\System32\taskhost.exe
1752 C:\Windows\System32\svchost.exe
1920 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1968 C:\Program Files\AVG\AVG10\avgwdsvc.exe
2024 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
116 C:\Program Files\Bonjour\mDNSResponder.exe
508 C:\Windows\System32\igfxtray.exe
532 C:\Windows\System32\hkcmd.exe
356 C:\Windows\System32\igfxpers.exe
604 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
760 C:\Program Files\Launch Manager\dsiwmis.exe
1376 C:\Windows\keyacc32.exe
1440 C:\Windows\System32\igfxsrvc.exe
1604 C:\Program Files\Launch Manager\LManager.exe
1864 C:\Windows\System32\svchost.exe
2008 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2232 C:\Windows\kass.exe
2288 C:\Windows\WindowsMobile\wmdc.exe
2348 C:\Program Files\iTunes\iTunesHelper.exe
2908 C:\Program Files\iPod\bin\iPodService.exe
2948 C:\Windows\System32\SearchIndexer.exe
3172 C:\Windows\System32\svchost.exe
3196 C:\Program Files\AVG\AVG10\avgnsx.exe
3212 C:\Program Files\AVG\AVG10\avgemcx.exe
3248 C:\Windows\System32\conhost.exe
3552 C:\Windows\System32\svchost.exe
2616 C:\Program Files\Windows Media Player\wmpnetwk.exe
212 C:\Windows\System32\svchost.exe
1340 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
4348 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2196 C:\Windows\System32\audiodg.exe
1800 C:\Windows\System32\SearchProtocolHost.exe
856 C:\Windows\System32\SearchFilterHost.exe
452 C:\Users\Freihat\Desktop\MBRCheck.exe
4864 C:\Windows\System32\conhost.exe
4088 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545016B9A300, Rev: PBBOC60F

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

by **Cypher** » December 17th, 2010, 7:38 am

Hi afreihat.

We need to run a tool called ComboFix.
ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus.
This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results".
Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.

I would like to to install Avira Personal FREE Antivirus in the meantime, don't install it until you have run ComboFix.
See link at the bottom of this post.

Add/Remove programs

Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the following.

AVG 2011

Next.

Back Up registry with ERUNT

Please use the following link and download ERUNT to your desktop. HERE
Click on the erunt-setup.exe
Follow the prompts to install ERUNT
Choose language
A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Download and Run ComboFix

Please download ComboFix from one of the following links.

Link 1.

Link 2.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Next.

Download and install Avira Personal FREE Antivirus from Here

Logs/Information to Post in your Next Reply

ComboFix log.
Please give me an update on your computers performance.

by **afreihat** » December 17th, 2010, 8:18 am

Combofix will not run with AVG Antivirus installed on my computer, and the uninstallation has failed a couple times, and it will not let me remove it. Right now I am trying to "repair" the software and try again, and if that doesnt work, then I'm going to try and reinstall it, then uninstall it. If that fails, i will let you know and we'll go from there.

by **Cypher** » December 17th, 2010, 8:25 am

Hi.
Try uninstalling AVG using the removal tool.
You and download and run it from Here

by **afreihat** » December 17th, 2010, 8:38 am

The "repair" and uninstall worked, but I have to leave in about an hour, so I will run ComboFix later today and post the log for you. Thank you for the help so far, I greatly appreciate it.

by **Cypher** » December 17th, 2010, 8:46 am

Thank you for the help so far, I greatly appreciate it.

You're welcome.
No problem just post the ComboFix log when ready

by **afreihat** » December 17th, 2010, 2:45 pm

ComboFix 10-12-16.04 - Freihat 17/12/2010 13:05:40.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.354 [GMT -5:00]
Running from: c:\users\Freihat\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://wsus.sheridanc.on.ca
c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 18:20 . 2010-12-17 18:25 -------- d-----w- c:\users\Freihat\AppData\Local\temp
2010-12-17 18:20 . 2010-12-17 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-17 11:48 . 2010-12-17 11:48 -------- d-----w- c:\program files\ERUNT
2010-12-17 04:07 . 2010-12-17 04:07 -------- d-----w- C:\rsit
2010-12-16 04:04 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:02 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 04:02 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 04:02 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 04:01 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 04:01 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-14 07:05 . 2010-12-14 07:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-14 07:00 . 2010-12-14 07:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-14 07:00 . 2010-12-14 07:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-14 06:59 . 2010-12-14 07:05 -------- d-----w- c:\programdata\Hitman Pro
2010-12-14 06:52 . 2010-12-17 04:07 -------- d-----w- c:\program files\Trend Micro
2010-12-14 06:52 . 2010-12-14 06:52 388096 ----a-r- c:\users\Freihat\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-12 08:48 . 2010-12-12 08:48 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-23 22:59 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BEA798-3CDC-4261-8D62-B6C1DE0222F4}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-11-15 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-11-15 03:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-17 09:23 . 2010-11-17 09:23 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-10-23 07:14 . 2009-07-13 23:12 16896 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2010-10-19 15:41 . 2010-05-28 04:05 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2009-10-29 600688]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-12 7707168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-15 233472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"KeyAccess"="kass.exe" [2009-07-15 90816]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\katrack.dll c:\windows\katrack.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 KeyAccess;KeyAccess;c:\windows\keyacc32.exe [2009-07-15 1090240]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nhl.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
SafeBoot-klmdb.sys

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\kass.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-12-17 13:32:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 18:32

Pre-Run: 104,015,400,960 bytes free
Post-Run: 104,337,821,696 bytes free

- - End Of File - - C84608A2EBC9853644C63FEA964FAB7B

The google problem appears to be fixed, links from google do not redirect to other pages, but they do open in a new window. However, on some sites, for example http://www.nhl.com, when I click on the arrows which cycle through the game dates and times, the random pop up window comes up. The link was something like www.google-analytics.com and becomes www.results.google.com, I closed the window before it redirected to where it wanted to go, but usually it goes to www.google.ca

by **Cypher** » December 17th, 2010, 3:16 pm

Hi afreihat.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

Right-click on TDSSKiller.exe and select " Run as administrator " to run it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Right-click SystemLook.exe and select " Run as administrator " to run it.
Copy the content of the following codebox into the main textfield:
Code: Select all
```
:filefind
userinit.exe.*
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

TDSSKiler log.
SystemLook.txt.

by **afreihat** » December 17th, 2010, 3:26 pm

2010/12/17 14:23:06.0484 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/17 14:23:06.0484 ================================================================================
2010/12/17 14:23:06.0484 SystemInfo:
2010/12/17 14:23:06.0484
2010/12/17 14:23:06.0484 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/17 14:23:06.0484 Product type: Workstation
2010/12/17 14:23:06.0484 ComputerName: FREIHAT-PC
2010/12/17 14:23:06.0484 UserName: Freihat
2010/12/17 14:23:06.0484 Windows directory: C:\Windows
2010/12/17 14:23:06.0484 System windows directory: C:\Windows
2010/12/17 14:23:06.0484 Processor architecture: Intel x86
2010/12/17 14:23:06.0484 Number of processors: 2
2010/12/17 14:23:06.0484 Page size: 0x1000
2010/12/17 14:23:06.0484 Boot type: Normal boot
2010/12/17 14:23:06.0484 ================================================================================
2010/12/17 14:23:06.0906 Initialize success
2010/12/17 14:23:09.0214 ================================================================================
2010/12/17 14:23:09.0214 Scan started
2010/12/17 14:23:09.0214 Mode: Manual;
2010/12/17 14:23:09.0214 ================================================================================
2010/12/17 14:23:10.0260 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/17 14:23:10.0369 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/17 14:23:10.0447 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/17 14:23:10.0650 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/17 14:23:10.0696 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/17 14:23:10.0884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/17 14:23:10.0993 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/17 14:23:11.0040 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/17 14:23:11.0258 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/17 14:23:11.0383 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/17 14:23:11.0430 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/17 14:23:11.0617 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/17 14:23:11.0679 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/17 14:23:11.0742 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/17 14:23:11.0929 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/17 14:23:11.0991 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/17 14:23:12.0038 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/17 14:23:12.0412 ApfiltrService (3477e796ed9c9aace83eab276e4a92b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/17 14:23:12.0553 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/17 14:23:12.0802 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/17 14:23:12.0849 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/17 14:23:12.0912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/17 14:23:12.0958 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/17 14:23:13.0192 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\Windows\system32\DRIVERS\athr.sys
2010/12/17 14:23:13.0426 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/17 14:23:13.0489 avipbb (7cefb5eca1f711d0ab996c98b38a2d5a) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/17 14:23:13.0707 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/17 14:23:13.0894 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/17 14:23:13.0988 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/17 14:23:14.0191 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/17 14:23:14.0284 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/17 14:23:14.0316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/17 14:23:14.0487 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/17 14:23:14.0550 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/17 14:23:14.0596 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/17 14:23:14.0815 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/17 14:23:14.0862 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/17 14:23:14.0908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/17 14:23:14.0971 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/17 14:23:15.0142 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/17 14:23:15.0579 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/17 14:23:15.0673 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/17 14:23:15.0876 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/17 14:23:15.0954 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/17 14:23:16.0078 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/17 14:23:16.0188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/17 14:23:16.0250 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/17 14:23:16.0375 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/17 14:23:16.0500 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/17 14:23:16.0624 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/17 14:23:16.0796 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/17 14:23:16.0999 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/17 14:23:17.0061 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/17 14:23:17.0186 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/17 14:23:17.0311 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2010/12/17 14:23:17.0482 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/17 14:23:17.0716 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/17 14:23:18.0013 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/17 14:23:18.0356 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/17 14:23:18.0418 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/17 14:23:18.0621 EUCR (649427b91b9dc760001f73085a1bb25c) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
2010/12/17 14:23:18.0730 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/17 14:23:18.0793 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/17 14:23:18.0980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/17 14:23:19.0074 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/17 14:23:19.0136 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/17 14:23:19.0183 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/17 14:23:19.0370 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/17 14:23:19.0464 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/17 14:23:19.0510 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/17 14:23:19.0588 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/17 14:23:19.0760 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/17 14:23:19.0854 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/17 14:23:20.0041 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/17 14:23:20.0150 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/17 14:23:20.0337 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/17 14:23:20.0400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/17 14:23:20.0462 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/17 14:23:20.0509 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/17 14:23:20.0712 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/17 14:23:20.0805 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/17 14:23:20.0883 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/17 14:23:21.0070 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/17 14:23:21.0117 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/17 14:23:21.0351 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/17 14:23:21.0616 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/17 14:23:21.0944 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/17 14:23:22.0116 IntcAzAudAddService (22980ce70cf3937e48cb7c46a9a1c5f1) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/17 14:23:22.0318 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/17 14:23:22.0381 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/17 14:23:22.0459 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/17 14:23:22.0646 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/17 14:23:22.0708 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/17 14:23:22.0927 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/17 14:23:22.0974 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/17 14:23:23.0036 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/17 14:23:23.0208 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/17 14:23:23.0270 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/17 14:23:23.0348 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/17 14:23:23.0504 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/17 14:23:23.0660 L1C (77f2ae3e32c2e647180ef3d71308e6ee) C:\Windows\system32\DRIVERS\L1C62x86.sys
2010/12/17 14:23:23.0894 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/17 14:23:24.0003 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/17 14:23:24.0050 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/17 14:23:24.0237 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/17 14:23:24.0300 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/17 14:23:24.0362 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/17 14:23:24.0565 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/17 14:23:24.0643 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/17 14:23:24.0705 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/17 14:23:24.0892 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/17 14:23:24.0939 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/17 14:23:25.0002 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/17 14:23:25.0189 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/17 14:23:25.0282 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/17 14:23:25.0345 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/17 14:23:25.0438 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/17 14:23:25.0657 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/17 14:23:25.0719 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/17 14:23:25.0782 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/17 14:23:25.0969 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/17 14:23:26.0016 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/17 14:23:26.0109 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/17 14:23:26.0156 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/17 14:23:26.0234 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/17 14:23:26.0452 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/17 14:23:26.0530 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/17 14:23:26.0624 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/17 14:23:26.0718 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/17 14:23:26.0827 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/17 14:23:26.0889 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/17 14:23:26.0983 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/17 14:23:27.0061 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/17 14:23:27.0186 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/17 14:23:27.0295 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/17 14:23:27.0466 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/17 14:23:27.0529 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/17 14:23:27.0591 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/17 14:23:27.0638 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/17 14:23:27.0810 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/17 14:23:27.0888 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/17 14:23:27.0950 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/17 14:23:28.0200 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/17 14:23:28.0278 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/17 14:23:28.0340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/17 14:23:28.0434 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/17 14:23:28.0621 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/17 14:23:28.0683 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/17 14:23:28.0746 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/17 14:23:28.0792 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/17 14:23:28.0980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/17 14:23:29.0089 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/17 14:23:29.0136 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/17 14:23:29.0198 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/17 14:23:29.0276 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/17 14:23:29.0448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/17 14:23:29.0510 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/17 14:23:29.0557 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/17 14:23:29.0635 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/17 14:23:30.0072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/17 14:23:30.0118 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/17 14:23:30.0399 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/17 14:23:30.0508 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/17 14:23:30.0696 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/17 14:23:30.0774 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/17 14:23:30.0867 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/17 14:23:31.0054 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/17 14:23:31.0148 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/17 14:23:31.0226 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/17 14:23:31.0429 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/17 14:23:31.0491 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/17 14:23:31.0554 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/17 14:23:31.0585 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/17 14:23:31.0694 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/17 14:23:31.0881 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/17 14:23:31.0975 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/17 14:23:32.0037 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/17 14:23:32.0100 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/17 14:23:32.0365 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/17 14:23:32.0458 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/17 14:23:32.0599 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/17 14:23:32.0661 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/17 14:23:32.0833 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/17 14:23:32.0911 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/17 14:23:33.0020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/17 14:23:33.0254 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/17 14:23:33.0316 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/17 14:23:33.0363 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/17 14:23:33.0472 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/17 14:23:33.0519 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/17 14:23:33.0582 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/17 14:23:33.0753 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/17 14:23:33.0878 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/17 14:23:34.0065 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/17 14:23:34.0112 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/17 14:23:34.0174 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/17 14:23:34.0408 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/17 14:23:34.0533 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/17 14:23:34.0611 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/17 14:23:34.0783 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/17 14:23:34.0861 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2010/12/17 14:23:35.0001 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2010/12/17 14:23:35.0064 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
2010/12/17 14:23:35.0142 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
2010/12/17 14:23:35.0360 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/12/17 14:23:35.0454 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/17 14:23:35.0563 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/17 14:23:35.0734 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/17 14:23:35.0828 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/17 14:23:35.0937 SynTP (343aab92e0959dc131c2051e09a68211) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/17 14:23:36.0202 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/17 14:23:36.0452 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/17 14:23:36.0655 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/17 14:23:36.0748 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/17 14:23:36.0795 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/17 14:23:36.0842 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/17 14:23:36.0905 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/17 14:23:37.0185 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/17 14:23:37.0248 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/17 14:23:37.0310 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/17 14:23:37.0373 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/17 14:23:37.0607 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/17 14:23:37.0669 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/17 14:23:37.0716 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/17 14:23:37.0919 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/17 14:23:38.0184 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/17 14:23:38.0402 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/17 14:23:38.0465 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/17 14:23:38.0527 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/17 14:23:38.0589 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/17 14:23:38.0761 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/17 14:23:38.0823 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/17 14:23:38.0870 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/17 14:23:38.0948 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/17 14:23:39.0167 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/17 14:23:39.0260 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/17 14:23:39.0323 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/17 14:23:39.0369 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/17 14:23:39.0557 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/17 14:23:39.0619 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/17 14:23:39.0666 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/17 14:23:39.0759 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/17 14:23:39.0806 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/17 14:23:39.0978 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/17 14:23:40.0040 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/17 14:23:40.0103 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/17 14:23:40.0290 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/17 14:23:40.0383 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/17 14:23:40.0461 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/17 14:23:40.0711 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/17 14:23:40.0773 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/17 14:23:40.0820 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/17 14:23:41.0007 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/17 14:23:41.0195 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/17 14:23:41.0585 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/17 14:23:41.0631 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/17 14:23:41.0834 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/17 14:23:42.0021 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/17 14:23:42.0177 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/17 14:23:42.0318 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/17 14:23:42.0489 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/17 14:23:42.0708 ================================================================================
2010/12/17 14:23:42.0708 Scan finished
2010/12/17 14:23:42.0708 ================================================================================

SystemLook 04.09.10 by jpshortstuff
Log created at 14:25 on 17/12/2010 by Freihat
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.exe.*"
C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\ERDNT\cache\userinit.exe --a---- 26112 bytes [18:28 17/12/2010] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\System32\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\System32\en-US\userinit.exe.mui --a---- 3584 bytes [04:55 14/07/2009] [02:03 14/07/2009] EA67C653ECFED02D7DBFB889A908CAA9
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui --a---- 3584 bytes [04:55 14/07/2009] [02:03 14/07/2009] EA67C653ECFED02D7DBFB889A908CAA9
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175

-= EOF =-

Free Malware Removal Forum

Google Analytics Virus

Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Re: Google Analytics Virus

Who is online