Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FF Google redirect


  • This topic is locked This topic is locked
17 replies to this topic

#1 mmavipc

mmavipc

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 16 December 2012 - 04:12 PM

I've tried everything I can think of, can't get rid of it.
Checked and updated all addons & extensions

HJThis: http://pastebin.com/uqZWhw1W
TDSSKiller: http://pastebin.com/zV3vAH71

Win7 x64

DDS: http://pastebin.com/ZDXb9rWt

Edited by mmavipc, 16 December 2012 - 04:24 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:59 PM

Posted 16 December 2012 - 05:02 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

OTL Custom Scan

We need to run an OTL Custom Scan

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    %systemroot%\*. /rp /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. aswMBR.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 16 December 2012 - 05:24 PM

I'm running the OTL scan right now, and I noticed you had me put a line in to scan chrome's user settings. I stopped using chrome a while back, using firefox now, should have made it clearer in post, sorry. I didn't change the custom scans/fixes, just wanted to let you know in case you thought the issue was with chrome. The scan is still running, I'll answer the four questions once everything has finished getting it's logs.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:59 PM

Posted 16 December 2012 - 05:27 PM

I'm running the OTL scan right now, and I noticed you had me put a line in to scan chrome's user settings. I stopped using chrome a while back, using firefox now, should have made it clearer in post, sorry. I didn't change the custom scans/fixes, just wanted to let you know in case you thought the issue was with chrome. The scan is still running, I'll answer the four questions once everything has finished getting it's logs.

Thanks for letting me know. I actually have that item saved as a default place to scan when I work on logs.

I'll await your logs in a little bit.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 16 December 2012 - 08:12 PM

  • No comments
  • OTL.txt: too gigantic for forum post or pastebin, availiable here: https://dl.dropbox.com/u/3925811/OTL.Txt

    Extras:
    OTL Extras logfile created on: 12/16/2012 2:14:20 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maverick\Downloads
    64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.97 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 25.85% Memory free
    10.70 Gb Paging File | 5.45 Gb Available in Paging File | 50.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 456.97 Gb Total Space | 60.79 Gb Free Space | 13.30% Space Free | Partition Type: NTFS
    Drive E: | 54.55 Gb Total Space | 13.93 Gb Free Space | 25.53% Space Free | Partition Type: NTFS
    Drive F: | 494.08 Gb Total Space | 364.47 Gb Free Space | 73.77% Space Free | Partition Type: NTFS
    Drive H: | 100.00 Gb Total Space | 60.32 Gb Free Space | 60.32% Space Free | Partition Type: NTFS
    Drive P: | 456.97 Gb Total Space | 60.79 Gb Free Space | 13.30% Space Free | Partition Type: NTFS
     
    Computer Name: MAVERICK-7PC | User Name: Maverick | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Extra Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== File Associations ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    [HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [color=#E56717]========== Shell Spawning ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [File && Folder Unlocker] -- C:\Users\Maverick\Documents\ffunlock\ffunlock.exe %1 ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [File && Folder Unlocker] -- C:\Users\Maverick\Documents\ffunlock\ffunlock.exe %1 ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
     
    [color=#E56717]========== Security Center Settings ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    [color=#E56717]========== System Restore Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [color=#E56717]========== Firewall Settings ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [color=#E56717]========== Authorized Applications List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1B918A92-A0BC-4B34-B2EF-AD427332732D}" = Microsoft SQL Server Management Studio Express
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    "{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
    "{269F9470-26A4-11E1-83EE-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
    "{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
    "{33D54AD8-3010-43B4-B41D-ADDE30AC1440}" = TortoiseHg 2.0.3 (x64)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
    "{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
    "{3BC18EDA-5B69-44E5-9E1D-F674C60FD585}" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    "{3C42502E-F258-3199-9C91-5A5A1FC97A40}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier and Windows Debugging Tools (40715)
    "{3E039CB8-B17C-499B-A5A7-3A70FE6CCA30}" = Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367)
    "{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
    "{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
    "{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}" = Autodesk DirectConnect 2010 R1 (64-bit)
    "{47374ACF-9023-40e7-9830-ECED0DCBC3DC}" = Autodesk Maya 2011 English Documentation 64-bit
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D338DDA-35FC-4A11-9207-87FBC09661B8}" = Microsoft VC Redist 2008 (6001.18000.367)
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
    "{5A5AA07F-D389-4139-9320-D19197905079}" = Oracle VM VirtualBox 4.0.8
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{62350B4C-2E50-47F0-8787-7F232621F130}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367)
    "{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
    "{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
    "{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
    "{6AD611FB-C2FA-4E5A-8675-75D7BC87ADDC}" = Fractal eXtreme 64-bit
    "{6AEFA80E-A3F4-4874-B67D-1BD797FDF6AE}" = Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
    "{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}" = Autodesk Maya 2011 64-bit
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{9386FF70-637E-4F02-8DDA-40C209B2395E}" = Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
    "{93E9C904-CC86-486D-95CB-3FB66FAE3A40}" = Microsoft Document Explorer 2008 (6001.18000.367)
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A0ED01E-FD18-457A-AB9C-0835DCDB17BB}" = Microsoft Platform SDK (R2) (3790.2075)
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F313496-82E8-4A99-9D4C-311531023746}" = TortoiseSVN 1.6.7.18415 (64 bit)
    "{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
    "{AB1087B7-2F5E-45B1-A81B-8F3634A5FBC2}" = ActivePerl 5.10.1 Build 1006 (64-bit)
    "{ACE1FDAC-A526-4E1F-8E01-EBB248755372}" = Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367)
    "{ACFADBFE-9D58-4847-8921-B9FC95DD549F}" = Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
    "{ADE87029-6A91-4CE6-B2D3-148BA7E7F330}" = Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B49FFF4A-6C56-4EAE-A37E-726C59B1681A}" = MySQL Server 5.1
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
    "{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
    "{C314B796-6B67-4DCB-A318-70B14DE6A5C8}" = Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367)
    "{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
    "{CD590618-36BD-0710-AC86-F3B3C4AF201E}" = Microsoft Windows SDK .NET Framework Tools
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
    "{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}" = Autodesk MatchMover 2011 64-bit
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
    "{EAAD38CC-CCC7-4261-8438-21960705B093}" = Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
    "DCS A-10C_is1" = DCS A-10C
    "EPSON Printer and Utilities" = EPSON Printer Software
    "GCFScape_is1" = GCFScape 1.8.2
    "gogoc" = gogo6 gogoCLIENT
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Sandboxie" = Sandboxie 3.62 (64-bit)
    "SDKSetup_6.0.6001.18000" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
    "SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
    "Speccy" = Speccy
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "TortoiseCVS_is1" = TortoiseCVS 1.10.10
    "UDK-0b4d6f1b-badb-4a39-9428-7588a21c40af" = Unreal Development Kit: 2012-10
    "UDK-d88fc1cb-2b80-414b-9d14-b7392cb3b2f2" = My Game Long Name
    "Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
    "VLC media player" = VLC media player 2.1.0-git-20120411-0409
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
    "WinRAR archiver" = WinRAR archiver
    "ZScreen_is1" = ZScreen 4.1.0.2328
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk
    "{0210BA42-4AAC-11D7-B82E-00010225F9EC}" = Winsock Tester
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.3.0
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0D12D452-E402-4C9E-887C-13F8768A27B4}" = Microsoft Windows Debugging Symbols
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
    "{1759FA61-153B-436D-A663-E7C50D80D2D8}_is1" = Batman Arkham City
    "{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{19AFC1C2-B11B-3FFF-9C9F-05761BC244D9}" = Windows SDK Intellidocs
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{235A9BC7-9489-43ED-85A7-695667B91AEA}" = UE Explorer
    "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.2
    "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
    "{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java(TM) 6 Update 26
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MAPLESTORY)
    "{2B885437-7098-4409-8A94-F06990D32D76}" = NVIDIA PhysX Particle Fluid Demo
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C98363F-2000-4A52-8F95-DE1F5982B8DA}" = CodeSynthesis XSD 3.2.0
    "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
    "{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
    "{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Episode 1
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3205CBA3-B3DA-4392-9120-0619CF429372}" = Ragnarok
    "{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
    "{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17
    "{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java(TM) SE Development Kit 6 Update 27
    "{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{362D7F93-22EA-4CB2-87AF-C98D5C2F8C89}" = SOFTIMAGE CROSSWALK 2.05
    "{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
    "{3981D870-8B18-4254-A99B-35482F859267}" = Fractal eXtreme 32-bit
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3C3FDF98-57CF-4FF4-9C95-167AE920ECCE}" = Dark GDK
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2011.0.0
    "{3FBBB12C-63CF-4210-831D-29FF6FEEE460}" = Wowza Media Server 3.1.0
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
    "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
    "{4502F7B0-BEA5-4715-9044-A29FCE398807}" = Salamander .NET Decompiler
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4860EBB3-B9E5-4C1C-957E-5E65C334816A}" = SOFTIMAGE XSI 6 Mod Tool
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4FD6E6C2-9AA3-4991-9061-400F593F7E76}" = easyC Pro
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
    "{58344DA3-BE43-4B4F-8BF7-7DE69A9CBB77}" = DisSharp
    "{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
    "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
    "{5AD5C0A4-819D-4730-9A98-C0A95FDD0051}" = Remotesoft .NET Explorer
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4
    "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
    "{6151F634-A05E-4E5B-B975-007784703AD2}" = easyC V2 for Vex
    "{649BBBCC-CC26-4899-AD02-C1BC5F3AA7A1}" = SpView
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
    "{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D08BBDA-0BA2-4B15-BB58-EA6FFB8EABA7}" = Spices.Net 5 Evaluation
    "{6D4E68D0-31A7-40E8-B993-3713847B558D}" = Subversion
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{6FC0A4F8-8301-48C6-ADB7-B9EA8CF09C39}" = Ginipic
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{77EF1D1F-2D56-4748-852E-D868279B1AA5}" = Path of Exile
    "{78AA38A8-4791-40BC-955F-80AB41B5155F}" = Python 2.6 pygtk-2.24.0
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{7A450736-7AB6-4CAC-A8EE-BDB6E1A80EB8}" = Abyss Web Server X2
    "{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7C8C0AD7-74AB-4B3A-BDDC-D07B3D628B1A}" = The ToonTown Spoofer
    "{7CC83441-3760-456B-893B-5E545DEFA2C9}" = NVIDIA GPU Computing SDK
    "{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
    "{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}" = MapleStory
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{83012AA4-027F-3721-A0C5-0D31FD58C5DF}" = NVIDIA PhysX SDK 2.8.1
    "{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
    "{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
    "{87C97391-AEA5-4891-AFEC-2B7C4211D447}_is1" = Source Mod 1.3.0 BETA
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{896F132A-2494-469A-89FB-E34AA8E9E8D1}_is1" = Reaxxion
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E1CB809-7759-40C5-AD7F-19763DAEEDDC}" = Advanced Terrain Expansion Pack
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EC28FBE-59C4-4FBC-B707-F8FDAE3CCAEE}" = Dark Physics Expansion Pack
    "{8F014E72-8456-431B-A985-EBBBFEAE85ED}" = Game Creators Dark GDK
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90ED84D5-BF1B-48B3-81CD-A41278E7C5EF}" = easyC Pro
    "{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9769365A-CCB5-4E36-8803-042DA23C30CA}" = Dark Basic Professional Online
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{a3717ca4-b44e-422d-8268-ee4dabb332fd}" = Windows Software Development Kit
    "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A53872FB-C4CA-4851-9C03-520214E61724}" = Memoryze
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
    "{AEE307D5-9E65-4971-818E-C4D96DF55C64}" = Media Go
    "{AF68235B-7FA7-4B91-AD10-C22867154174}" = NVIDIA CUDA Toolkit
    "{B2F23819-54DB-4077-991E-1A322477253B}" = Python 2.6 PyGTK 2.24.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
    "{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
    "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
    "{BF84A6C6-B9F8-4F5A-8DC2-82D5EBB750C5}" = Xmarks for IE
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner X 2.2.2
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
    "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
    "{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DF78EBF9-0C4F-43D3-BD6F-5FC3E2A0E3A8}" = Photosynth 2.0109.1002.1657
    "{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    "{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
    "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
    "{E25138DD-B2E5-413B-B82C-B9E05633D7A0}" = wave-vs.net Client R2.5a for Vs 2010
    "{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
    "{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
    "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
    "{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E63A3353-003C-E4C2-230B-F155212D1479}" = SDK Debuggers
    "{E659EB8F-5535-4EB2-B884-0AD1062400BD}" = SOFTIMAGE XSI 6 Mod Tool
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC(TM)
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EBBAAC40-6F10-4D8D-8223-696E5157F0A6}" = easyC V2 for Vex
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}" = Microsoft DirectX SDK (August 2007)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}" = Image Resizer Powertoy Clone for Windows
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4C65A7E-B87E-78A4-DD8F-142D785D512F}" = Creeper World
    "{F7B9B60F-DBB3-4116-967B-BA93E278331E}" = ActivePerl 5.10.1 Build 1007
    "{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
    "{F98C3B67-9F22-4752-A877-0B8E3BAA4CE2}" = LightFrame 3
    "{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
    "{FB28E2FA-9D08-4006-A584-6E1273A8E036}" = KGB Archiver 2
    "{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
    "{FE82D73C-7A64-364F-819B-F4215F33A8A2}" = NVIDIA PhysX SDK 2.8.4
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
    "44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1" = FileSeek 2.1.3
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe flex sdk redistributed by sothink_is1" = 3.4.0.9271.1
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
    "Afterburner" = MSI Afterburner 2.2.4
    "Alan Wake_is1" = Alan Wake
    "Alice Greenfingers 21.001" = Alice Greenfingers 2
    "Anki" = Anki
    "Anope IRC Services" = Anope IRC Services 1.8.6
    "AptDiff_is1" = AptDiff 1.6.1.33
    "ASIO4ALL" = ASIO4ALL
    "AtomicTime" = AtomicTime
    "AutoItv3" = AutoIt v3.3.8.1
    "AviSynth" = AviSynth 2.5
    "BabylonToolbar" = Babylon toolbar on IE
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "Bastion_is1" = Bastion
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "BinMake" = BinMake Uninstall
    "BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
    "BI's Tools drive" = BI's Tools drive Uninstall
    "Blender" = Blender (remove only)
    "Bookworm Adventures Deluxe 1.00" = Bookworm Adventures Deluxe 1.00
    "boost_1_44" = Boost C++ Libraries 1.44
    "Borderlands 2_is1" = Borderlands 2
    "Bzip2-1.0.5_is1" = GnuWin32: Bzip2-1.0.5
    "Cain & Abel v4.9.39" = Cain & Abel v4.9.39
    "CCleaner" = CCleaner
    "Cheat Engine 5.5_is1" = Cheat Engine 5.5
    "Chicken Invaders UO BETA_is1" = Chicken Invaders UO v0.30 BETA
    "Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1" = Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.60
    "Chicken Invaders: Ultimate Omelette_is1" = Chicken Invaders: Ultimate Omelette v4.00
    "Cities XL 2011" = Cities XL 2011
    "CMake" = CMake 2.8 a cross-platform, open-source build system
    "Counter-Strike Source_is1" = Counter-Strike Source
    "CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1" = Creeper World
    "Darwinia_is1" = Darwinia v1.42
    "dBpoweramp Music Converter" = dBpowerAMP Music Converter
    "Defcon_is1" = Defcon Patch v1.6
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "Diablo II" = Diablo II
    "DiskCheckup_is1" = DiskCheckup V3.0
    "Disney Toontown Online" = Disney Toontown Online
    "Disney Toontown Online_TEST" = Disney Toontown Online TEST
    "Downloader" = Downloader
    "Driver Magician_is1" = Driver Magician 3.42
    "EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
    "Fallout New Vegas_is1" = Fallout New Vegas
    "FileZilla Client" = FileZilla Client 3.6.0.2
    "FMOD Programmers API Win32" = FMOD Programmers API Win32
    "FontToTga" = FontToTga Uninstall
    "Fraps" = Fraps (remove only)
    "FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
    "ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
    "Game Maker 7.0" = Game Maker 7.0
    "GCFScape_is1" = GCFScape 1.7.3
    "Gemsweeper 1.00" = Gemsweeper 1.00
    "Getif 2.2" = Getif 2.2
    "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
    "Git_is1" = Git version 1.7.3.1-preview20101002
    "Gobby_is1" = Gobby 0.4.12
    "Google Desktop" = Google Desktop
    "Grass" = Grass
    "Guild Wars" = Guild Wars
    "Guild Wars 2" = Guild Wars 2
    "Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
    "Hardcore" = Hardcore
    "HD Tune_is1" = HD Tune 2.55
    "HDD Health_is1" = HDD Health v3.3 Beta
    "Hex-Rays Decompiler_is1" = Hex-Rays Decompiler v1.0
    "HijackThis" = HijackThis 2.0.2
    "Hyperballoid Complete Edition" = Hyperballoid Complete Edition
    "HyperCam 2" = HyperCam 2
    "iCall_is1" = iCall
    "Icecast2 Win32_is1" = Icecast 2.3.2
    "IDA Pro_is1" = IDA Pro Advanced v5.1 with WinCE v5.1 debugger
    "I-Doser 4.50" = I-Doser 4.50
    "IL Download Manager" = IL Download Manager
    "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
    "InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC(TM)
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "Jardinains!" = Jardinains!
    "Jpcap" = Jpcap 0.7
    "Katawa Shoujo" = Katawa Shoujo
    "KRISTAL Audio Engine" = KRISTAL Audio Engine
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Maintenance Tool" = Maintenance Tool
    "MAME32k" = MAME32k (remove only)
    "ManiaPlanet_is1" = ManiaPlanet
    "ManyCam" = ManyCam 3.0.80 (remove only)
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
    "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "mIRC" = mIRC
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "Mozilla Thunderbird 17.0 (x86 en-US)" = Mozilla Thunderbird 17.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MsJavaVM" = Microsoft VM for Java
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "Multiwinia_is1" = Multiwinia v1.3.0
    "MUSHclient" = MUSHclient (remove only)
    "nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
    "Nmap" = Nmap 5.51
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "OpenSSL (32-bit)_is1" = OpenSSL 0.9.8l (32-bit)
    "ophcrack" = ophcrack 3.3.1
    "Oxygen 2 Personal Edition" = Oxygen 2 Personal Edition Uninstall
    "oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
    "Panda3D 1.7.0" = Panda3D 1.7.0
    "PoiZone" = PoiZone
    "Polipo" = Polipo 1.0.4.1
    "PrecisionX" = EVGA Precision X 3.0.3
    "Preconfigured PHP Package" = Preconfigured PHP Package 5.2.10
    "PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
    "PrivitizeVPN" = PrivitizeVPN
    "Product_Name" = Geneforge
    "Proxifier_is1" = Proxifier version 2.91
    "PS3 Media Server" = PS3 Media Server
    "PunkBusterSvc" = PunkBuster Services
    "RADVideo" = RAD Video Tools
    "RealArcade 1.2" = RealArcade
    "realMYST Interactive 3D Edition" = realMYST Interactive 3D Edition
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "Sawer" = Sawer
    "SciTE4AutoIt3" = SciTE4AutoIt3 1-6-2009
    "SFFixed" = SourceForts 1.9.4.1 Fixed
    "ShutdownGuard" = ShutdownGuard
    "Smart Defrag_is1" = Smart Defrag
    "Sonic Generations_is1" = Sonic Generations
    "Sonic the Hedgehog" = Sonic the Hedgehog
    "Sound Tools" = Sound Tools Uninstall
    "SQLite2009 Pro Enterprise Manager_is1" = SQLite2009 Pro Enterprise Manager [SQLite v3.6.16 - 2009.07.15]
    "StarCraft II" = StarCraft II
    "Steam App 105600" = Terraria
    "Steam App 10650" = Stormrise
    "Steam App 11440" = DiRT
    "Steam App 1250" = Killing Floor
    "Steam App 1260" = Killing Floor SDK
    "Steam App 12900" = Audiosurf
    "Steam App 15100" = Assassin's Creed
    "Steam App 18110" = Shattered Horizon
    "Steam App 19200" = Tank Universal
    "Steam App 202480" = Creation Kit
    "Steam App 205" = Source Dedicated Server
    "Steam App 20820" = Shatter
    "Steam App 209670" = Cortex Command
    "Steam App 211" = Source SDK
    "Steam App 218" = Source SDK Base - Orange Box
    "Steam App 21990" = Teenage Mutant Ninja Turtles
    "Steam App 220" = Half-Life 2
    "Steam App 2430" = The Ship Tutorial
    "Steam App 2620" = Call of Duty
    "Steam App 2820" = X3: Terran Conflict
    "Steam App 310" = Source Multiplayer Dedicated Server
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 33180" = Zombie Shooter 2
    "Steam App 3330" = Zuma Deluxe
    "Steam App 33900" = ARMA 2
    "Steam App 33930" = ARMA 2: Operation Arrowhead
    "Steam App 33970" = ARMA 2: Operation Arrowhead Demo
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 3620" = Zuma's Revenge
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 38050" = Risk
    "Steam App 38600" = Faerie Solitaire
    "Steam App 3900" = Sid Meier's Civilization IV
    "Steam App 400" = Portal
    "Steam App 4000" = Garry's Mod
    "Steam App 4010" = Garry's Mod 13
    "Steam App 40700" = Machinarium
    "Steam App 41210" = Eufloria
    "Steam App 41300" = Altitude
    "Steam App 41510" = Torchlight Demo
    "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 43110" = Metro 2033
    "Steam App 440" = Team Fortress 2
    "Steam App 48240" = Anno 2070
    "Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
    "Steam App 49600" = Beat Hazard
    "Steam App 550" = Left 4 Dead 2
    "Steam App 63700" = BIT.TRIP BEAT
    "Steam App 640" = Alien Swarm - SDK
    "Steam App 65800" = Dungeon Defenders
    "Steam App 70" = Half-Life
    "Steam App 70300" = VVVVVV
    "Steam App 70900" = Star Ruler
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 8200" = Sam & Max 101: Culture Shock
    "Steam App 9050" = DOOM 3
    "Steam App 91600" = Sanctum
    "Steam App 92800" = SpaceChem
    "Steam App 98800" = Dungeons of Dredmor
    "Steam App 99850" = Crysis 2 Demo
    "stunnel" = stunnel
    "Sublime Text_is1" = Sublime Text 1.4
    "Super-Charger_is1" = Super-Charger
    "SyncTERM_is1" = SyncTERM 0.9.3b-20090110
    "SystemRequirementsLab" = System Requirements Lab
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "TeamViewer 8" = TeamViewer 8
    "TechPowerUp GPU-Z" = TechPowerUp GPU-Z
    "TexView 2" = TexView 2 Uninstall
    "Tor" = Tor 0.2.1.30
    "Toxic Biohazard" = Toxic Biohazard
    "TreeSize Professional_is1" = TreeSize Professional 5.3.4
    "Tunngle beta_is1" = Tunngle beta
    "Universal Extractor_is1" = Universal Extractor 1.6
    "Universe Sandbox" = Universe Sandbox
    "UnrealIRCd_is1" = UnrealIRCd3.2.8.1
    "Uplink" = Uplink (remove only)
    "uTorrent" = µTorrent
    "VB Decompiler Lite_is1" = VB Decompiler Lite
    "VBReFormer 2007_is1" = VBReFormer 5.0 Professional Edition
    "VH Toolkit_is1" = VH Toolkit 1.0.44.0
    "Vidalia" = Vidalia 0.2.12
    "Vindictus" = Vindictus
    "Virtual Villagers 21.0" = Virtual Villagers 2
    "Virtual Villagers1.0" = Virtual Villagers
    "Visitor 3" = Visitor 3 Uninstall
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VLC media player" = VLC media player 2.0.3
    "vLite_is1" = vLite
    "VxtremeCaymon" = Vxtreme Personal Edition
    "WhatPulse" = WhatPulse 1.7.1
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "Winamp" = Winamp
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinISO_is1" = WinISO 5.3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
    "WinPcapInst" = WinPcap 4.1.2
    "Wireshark" = Wireshark 1.8.0 (64-bit)
    "WTA-f0c2c334-d6c0-424f-814f-c31c08b9a77c" = Build-a-lot
    "wxWidgets_is1" = wxWidgets 2.8.11
    "XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
    "Yahoo! Messenger" = Yahoo! Messenger
    "YTdetect" = Yahoo! Detect
     
    [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
     
    [HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
    "{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.91
    "{C2477B44-8AB4-4E65-AED0-46B67EFCC97A}_is1" = Obsidian Conflict Beta 1.35 Full
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "Bitcoin" = Bitcoin
    "Competition Arena" = Competition Arena
    "DigiCel FlipBook 6.8" = DigiCel FlipBook 6.8
    "Dropbox" = Dropbox
    "Flux" = F.lux
    "GameRanger" = GameRanger
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.1.0.880
    "Qt SDK" = Qt SDK
    "SOE-C:/Users/Maverick/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
    "SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
    "SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta
    "soe-PlanetSide 2" = PlanetSide 2
    "SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta
    "Tropico 4" = Tropico 4 1.00
    "uTorrent" = µTorrent
    "Wurm Online 2.7.5g" = Wurm Online 2.7.5g
     
    [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
     
    [HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Maverick
    "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
    "{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.91
    "{C2477B44-8AB4-4E65-AED0-46B67EFCC97A}_is1" = Obsidian Conflict Beta 1.35 Full
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "Bitcoin" = Bitcoin
    "BitTorrent DNA" = DNA
    "Competition Arena" = Competition Arena
    "DigiCel FlipBook 6.8" = DigiCel FlipBook 6.8
    "Dropbox" = Dropbox
    "Flux" = F.lux
    "GameRanger" = GameRanger
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.1.0.880
    "Qt SDK" = Qt SDK
    "SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta
    "Tank Universal Demo" = Tank Universal Demo
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent
    "Wurm Online 2.7.5g" = Wurm Online 2.7.5g
     
    [color=#E56717]========== Last 20 Event Log Errors ==========[/color]
     
    [ Application Events ]
    Error - 12/14/2012 2:54:55 AM | Computer Name = Maverick-7PC | Source = MsiInstaller | ID = 11706
    Description = 
     
    Error - 12/14/2012 2:55:04 AM | Computer Name = Maverick-7PC | Source = MsiInstaller | ID = 11706
    Description = 
     
    Error - 12/14/2012 8:01:30 AM | Computer Name = Maverick-7PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
     in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
     of binary 5767748drv.  System Error: The system cannot find the file specified.  .
     
    Error - 12/14/2012 10:48:24 PM | Computer Name = Maverick-7PC | Source = Application Hang | ID = 1002
    Description = The program Metro2033.exe version 1.0.0.1 stopped interacting with
     Windows and was closed. To see if more information about the problem is available,
     check the problem history in the Action Center control panel.    Process ID: 1428    Start
     Time: 01cdda5f68771e92    Termination Time: 916    Application Path: F:\SteamLibrary\steamapps\common\Metro
     2033\Metro2033.exe    Report Id: dfb7e92f-4661-11e2-b87f-deadbeef0123  
     
    Error - 12/15/2012 5:29:34 AM | Computer Name = Maverick-7PC | Source = Application Error | ID = 1000
    Description = Faulting application name: arma2oa.exe, version: 1.62.99.806, time
     stamp: 0x50c09c38  Faulting module name: arma2oa.exe, version: 1.62.99.806, time 
    stamp: 0x50c09c38  Exception code: 0xc0000005  Fault offset: 0x00043e16  Faulting process
     id: 0x1b5c  Faulting application start time: 0x01cdda96e4aa235f  Faulting application
     path: C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Faulting
     module path: C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Report
     Id: ef7b998f-4699-11e2-b87f-deadbeef0123
     
    Error - 12/15/2012 7:18:23 PM | Computer Name = Maverick-7PC | Source = Application Error | ID = 1000
    Description = Faulting application name: arma2oa.exe, version: 1.62.99.806, time
     stamp: 0x50c09c38  Faulting module name: arma2oa.exe, version: 1.62.99.806, time 
    stamp: 0x50c09c38  Exception code: 0xc0000005  Fault offset: 0x00624804  Faulting process
     id: 0x15ec  Faulting application start time: 0x01cddb182f7f4560  Faulting application
     path: C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Faulting
     module path: C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Report
     Id: b847f4cf-470d-11e2-b87f-deadbeef0123
     
    Error - 12/16/2012 5:52:41 AM | Computer Name = Maverick-7PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
     in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
     of binary 5767748drv.  System Error: The system cannot find the file specified.  .
     
    Error - 12/16/2012 5:53:37 AM | Computer Name = Maverick-7PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
     Visual Studio 9.0\VC\bin\ia64\pgocvt.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
     could not be found.  Please use sxstrace.exe for detailed diagnosis.
     
    Error - 12/16/2012 5:56:23 AM | Computer Name = Maverick-7PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
     Visual Studio 9.0\VC\bin\ia64\pgomgr.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
     could not be found.  Please use sxstrace.exe for detailed diagnosis.
     
    Error - 12/16/2012 5:57:41 AM | Computer Name = Maverick-7PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
     Visual Studio 9.0\VC\bin\ia64\pgosweep.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
     could not be found.  Please use sxstrace.exe for detailed diagnosis.
     
    [ System Events ]
    Error - 12/13/2012 11:34:25 PM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 1 time(s).  The following corrective action will be taken in 120000 milliseconds:
     Restart the service.
     
    Error - 12/13/2012 11:36:25 PM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
     the service) after the unexpected termination of the Windows Installer service,
     but this action failed with the following error:   %%1056
     
    Error - 12/13/2012 11:37:11 PM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 2 time(s).  The following corrective action will be taken in 300000 milliseconds:
     Restart the service.
     
    Error - 12/13/2012 11:39:08 PM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 3 time(s).
     
    Error - 12/13/2012 11:49:19 PM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 4 time(s).
     
    Error - 12/14/2012 2:51:18 AM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 1 time(s).  The following corrective action will be taken in 120000 milliseconds:
     Restart the service.
     
    Error - 12/14/2012 2:53:51 AM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 2 time(s).  The following corrective action will be taken in 300000 milliseconds:
     Restart the service.
     
    Error - 12/14/2012 2:55:06 AM | Computer Name = Maverick-7PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Installer service terminated unexpectedly.  It has done
     this 3 time(s).
     
    Error - 12/15/2012 1:03:01 PM | Computer Name = Maverick-7PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
     storage could not grow due to a user imposed limit.
     
    Error - 12/16/2012 2:11:10 PM | Computer Name = Maverick-7PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
     storage could not grow due to a user imposed limit.
     
     
    < End of report >
  • aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-16 14:38:47
    -----------------------------
    14:38:47.507    OS Version: Windows x64 6.1.7600 
    14:38:47.507    Number of processors: 4 586 0x2A07
    14:38:47.508    ComputerName: MAVERICK-7PC  UserName: Maverick
    14:38:50.154    Initialize success
    14:41:04.066    AVAST engine defs: 12121601
    14:41:09.808    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:41:09.810    Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476940MB BusType: 3
    14:41:09.938    Disk 0 MBR read successfully
    14:41:09.941    Disk 0 MBR scan
    14:41:09.944    Disk 0 Windows 7 default MBR code
    14:41:09.986    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS       467939 MB offset 2048
    14:41:10.064    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         8634 MB offset 958341510
    14:41:10.734    Disk 0 scanning C:\Windows\system32\drivers
    14:42:05.759    Service scanning
    14:42:57.928    Modules scanning
    14:42:57.933    Disk 0 trace - called modules:
    14:42:57.972    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
    14:42:57.976    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d35060]
    14:42:57.979    3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004aa8e40]
    14:42:57.983    5 ACPI.sys[fffff88000f53781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ac9060]
    14:42:59.428    AVAST engine scan C:\Windows
    14:43:03.543    AVAST engine scan C:\Windows\system32
    14:46:13.176    AVAST engine scan C:\Windows\system32\drivers
    14:46:30.568    AVAST engine scan C:\Users\Maverick
    15:00:11.825    File: C:\Users\Maverick\AppData\Local\Temp\iqcX5dMh.exe.part  **INFECTED** Win32:Trojan-gen //false-positive
    15:13:16.611    File: C:\Users\Maverick\Documents\Cavaj Java Decompiler\wpepro09x\WpeSpy.dll  **INFECTED** Win32:Malware-gen //false-positive
    15:15:40.146    File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\.svn\text-base\EngineBeta.exe.svn-base  **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
    15:15:41.213    File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\EngineBeta.exe  **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
    15:15:42.323    File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\pub\.svn\text-base\EngineBeta.exe.svn-base  **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
    15:15:42.442    File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\pub\EngineBeta.exe  **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
    15:43:08.998    File: C:\Users\Maverick\Downloads\antinat.exe  **INFECTED** Win32:Trojan-gen //false-positive
    15:43:14.650    File: C:\Users\Maverick\Downloads\Bin_CHimpREC_2008-6-24_13.59_CHimpREC\CHimpREC.exe  **INFECTED** Win32:Malware-gen //false-positive
    15:43:16.660    File: C:\Users\Maverick\Downloads\Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b\LordPE.EXE  **INFECTED** Win32:Spyware-gen [Spy] //false-positive
    16:03:02.810    File: C:\Users\Maverick\Downloads\litecoin-windows-client-0.5.0.8\litecoin-windows-client-0.5.0.8\minerd.exe  **INFECTED** Win32:BitCoinMiner-AL [Trj] //false-positive
    16:31:51.185    File: C:\Users\Maverick\Downloads\pwdump6-2.0.0-beta-exe-only\PwDump.exe.dat  **INFECTED** Win32:Malware-gen //false-positive
    16:34:35.756    File: C:\Users\Maverick\Downloads\Revelo\Revelo.exe  **INFECTED** Win32:Malware-gen //false-positive
    16:37:55.209    File: C:\Users\Maverick\Downloads\Sonic\Sonic 3D Blast.exe  **INFECTED** Win32:Poison-WI [Trj] //false-positive
    16:42:03.007    File: C:\Users\Maverick\Downloads\wpepro09x\WpeSpy.dll  **INFECTED** Win32:Malware-gen //false-positive
    16:43:03.943    File: C:\Users\Maverick\important bleep\apihijack_src\TestLauncher.exe  **INFECTED** Win32:Malware-gen //false-positive
    16:43:50.249    File: C:\Users\Maverick\important bleep\hxdef100_src\src\driver\driver.sys  **INFECTED** Win32:HacDef-LB [Rtk] //ignore this
    16:45:06.257    File: C:\Users\Maverick\important bleep\n00bkit_v0.9d\n00bkit\Release\n00bkit.exe  **INFECTED** Win32:Malware-gen //ignore this
    16:45:24.338    File: C:\Users\Maverick\important bleep\VB Decompiler_Cw2k\VB Decompiler_Cw2k.exe  **INFECTED** Win32:VBMod [Trj] //false-positive
    16:47:17.581    AVAST engine scan C:\ProgramData
    17:01:38.995    Scan finished successfully
    17:02:16.841    Disk 0 MBR has been saved successfully to "C:\Users\Maverick\Downloads\MBR.dat"
    17:02:16.846    The log file has been saved successfully to "C:\Users\Maverick\Downloads\aswMBR.txt"
    
  • Fine now except for the google redirect occasionaly, the aswMBR scan made it lag a bit, audio was choppy. Memory usage is abnormally high, no visible processes taking up that memory.

Edited by mmavipc, 16 December 2012 - 08:16 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:59 PM

Posted 17 December 2012 - 06:16 PM

Hi!

Please remove the following programs:

Java™ 6 Update 30 (64-bit)
Java™ 7 Update 3 (64-bit)
HiJackThis
Java™ 6 Update 26
Java™ 6 Update 27
J2SE Runtime Environment 5.0 Update 21
Java™ SE Development Kit 6 Update 17
Java™ SE Development Kit 6 Update 27
BabylonObjectInstaller
Babylon toolbar on IE
HijackThis 2.0.2


Do you recognize these files?

[2012/12/06 21:39:09 | 000,360,448 | ---- | M] () -- C:\1.id0
[2012/12/06 21:39:09 | 000,270,494 | ---- | M] () -- C:\3.i64
[2012/12/06 21:39:09 | 000,081,920 | ---- | M] () -- C:\1.id1
[2012/12/06 21:39:09 | 000,016,384 | ---- | M] () -- C:\1.nam
[2012/12/06 21:39:09 | 000,000,076 | ---- | M] () -- C:\1.til
[2012/12/06 21:37:34 | 000,090,270 | ---- | M] () -- C:\2.i64
[2012/12/06 21:37:01 | 000,336,030 | ---- | M] () -- C:\1.i64
[2011/11/07 16:11:50 | 000,001,372 | RHS- | C] () -- C:\Windows\SysWow64\sdmon.dll



Please comment on these files below:

5:00:11.825 File: C:\Users\Maverick\AppData\Local\Temp\iqcX5dMh.exe.part **INFECTED** Win32:Trojan-gen //false-positive
15:13:16.611 File: C:\Users\Maverick\Documents\Cavaj Java Decompiler\wpepro09x\WpeSpy.dll **INFECTED** Win32:Malware-gen //false-positive
15:15:40.146 File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\.svn\text-base\EngineBeta.exe.svn-base **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
15:15:41.213 File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\EngineBeta.exe **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
15:15:42.323 File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\pub\.svn\text-base\EngineBeta.exe.svn-base **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
15:15:42.442 File: C:\Users\Maverick\Documents\My Dropbox\ad\comp virus game\pub\EngineBeta.exe **INFECTED** Win32:Downloader-EPT [Trj] //false-positive
15:43:08.998 File: C:\Users\Maverick\Downloads\antinat.exe **INFECTED** Win32:Trojan-gen //false-positive
15:43:14.650 File: C:\Users\Maverick\Downloads\Bin_CHimpREC_2008-6-24_13.59_CHimpREC\CHimpREC.exe **INFECTED** Win32:Malware-gen //false-positive
15:43:16.660 File: C:\Users\Maverick\Downloads\Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b\LordPE.EXE **INFECTED** Win32:Spyware-gen [Spy] //false-positive
16:03:02.810 File: C:\Users\Maverick\Downloads\litecoin-windows-client-0.5.0.8\litecoin-windows-client-0.5.0.8\minerd.exe **INFECTED** Win32:BitCoinMiner-AL [Trj] //false-positive
16:31:51.185 File: C:\Users\Maverick\Downloads\pwdump6-2.0.0-beta-exe-only\PwDump.exe.dat **INFECTED** Win32:Malware-gen //false-positive
16:34:35.756 File: C:\Users\Maverick\Downloads\Revelo\Revelo.exe **INFECTED** Win32:Malware-gen //false-positive
16:37:55.209 File: C:\Users\Maverick\Downloads\Sonic\Sonic 3D Blast.exe **INFECTED** Win32:Poison-WI [Trj] //false-positive
16:42:03.007 File: C:\Users\Maverick\Downloads\wpepro09x\WpeSpy.dll **INFECTED** Win32:Malware-gen //false-positive
16:43:03.943 File: C:\Users\Maverick\important bleep\apihijack_src\TestLauncher.exe **INFECTED** Win32:Malware-gen //false-positive
16:43:50.249 File: C:\Users\Maverick\important bleep\hxdef100_src\src\driver\driver.sys **INFECTED** Win32:HacDef-LB [Rtk] //ignore this
16:45:06.257 File: C:\Users\Maverick\important bleep\n00bkit_v0.9d\n00bkit\Release\n00bkit.exe **INFECTED** Win32:Malware-gen //ignore this
16:45:24.338 File: C:\Users\Maverick\important bleep\VB Decompiler_Cw2k\VB Decompiler_Cw2k.exe **INFECTED** Win32:VBMod [Trj] //false-positive

Did you download these files from a trusted source?

+++++++++++++++++++++++++++++++++++++++++

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2012/12/03 18:36:02 | 000,004,045 | ---- | M] () (No name found) -- C:\Users\Maverick\AppData\Roaming\Mozilla\Firefox\Profiles\mrzc86y3.default-1351555155043\extensions\{dfcf1659-07f3-4298-92d5-01b16b1f1134}.xpi
    O2 - BHO: (no name) - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - No CLSID value found.
    O4 - Startup: C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_79858110.lnk = C:\Users\Maverick\AppData\Local\Temp\_uninst_79858110.bat ()
    O16:[b]64bit:[/b] - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
    O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/08/24 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\Maverick\AppData\Roaming\Babylon
    [2012/08/24 23:16:59 | 000,000,000 | ---D | M] -- C:\Users\Maverick\AppData\Roaming\BabylonToolbar
    :Files
    dir /s /a "C:\Users\Maverick\AppData\Roaming\Golly" /c
    dir /s /a "C:\Users\Maverick\AppData\Local\{9B1655AC-6299-4A7E-B13C-905AEDA4218B}" /c
    dir /s /a "C:\Users\Maverick\AppData\Local\{E7614366-F422-48DC-AEEC-E8ACA4E5827B}" /c
    dir /s /a "C:\Users\Maverick\AppData\Local\{2ECE7115-C326-42D0-84A3-8932F5DBD7B3}" /c
    dir /s /a "C:\Users\Maverick\AppData\Local\{3173A9AE-4B9E-43CE-B5FA-AAE6FC42BA0F}" /c
    dir /s /a "C:\Users\Maverick\AppData\Local\Temp\{c9853542-d4eb-41d4-a5f0-77ed6ef14383}\" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Answer to my questions posed above.
3. OTL fix log file.
4. ComboFix.txt log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 17 December 2012 - 06:20 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 December 2012 - 07:46 PM

  • O4 - Startup: C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_79858110.lnk = C:\Users\Maverick\AppData\Local\Temp\_uninst_79858110.bat ()
    Is to finalize the uninstallation of some software.
    Contents:
    @echo off
    if exist "C:\Users\Maverick\AppData\Local\Temp\0406280\5767748.exe" goto restart
    Rmdir /S /Q "C:\Users\Maverick\AppData\Local\Temp\RarSFX0\"
    del /F /Q "C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_79858110.lnk"
    del /F /Q %0
    exit 0
    :restart
    start /d"C:\Users\Maverick\AppData\Local\Temp\RarSFX0" 5767748.exe
    exit 0
    I'm going to restart now to get rid of it, then run OTL.
  • a. They've been uninstalled, well, most of them. Java™ SE Development Kit 6 Update 17 is uninstalled, but because of dumb stuff oracle did when they took over sun, the install entries in registry are still there, and it won't uninstall because there is nothing to be uninstalled. I'm too lazy to clean it out of the registry, so just ignore it in future logs.

    b. I recognize all of them but one, the last one. C:\Windows\SysWow64\sdmon.dll It's a 2kb file with the hidden attribute, I opened it up in IDA, and there was no PE Header. It couldn't disassemble anything meaningful. I'm guessing it's encrypted shellcode loaded by some malware during it's run-time. I see no legitimate use for it, so I'd delete it, but I'll let you decide what to do with it.

    c. There's comments at the end of the lines, starting with //, all of them should be ignored, I recognize them, and I dl'd them from a trusted source.


#8 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 December 2012 - 07:58 PM

I just rebooted and a bunch of bleep has been changed. UAC was enabled. When I started FF it told me it was not my default browser.

#9 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 December 2012 - 08:10 PM

3. OTL LOG
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
File C:\Users\Maverick\AppData\Roaming\Mozilla\Firefox\Profiles\mrzc86y3.default-1351555155043\extensions\{dfcf1659-07f3-4298-92d5-01b16b1f1134}.xpi not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2A71ABA-3939-43B2-BD8F-8C1767EF9020}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A71ABA-3939-43B2-BD8F-8C1767EF9020}\ not found.
File move failed. C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_79858110.lnk scheduled to be moved on reboot.
File C:\Users\Maverick\AppData\Local\Temp\_uninst_79858110.bat not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Users\Maverick\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Maverick\AppData\Roaming\BabylonToolbar\ not found.
========== FILES ==========
[color=#A23BEC]< dir /s /a "C:\Users\Maverick\AppData\Roaming\Golly" /c >[/color]
 Volume in drive C has no label.
 Volume Serial Number is DC9F-09C9
 Directory of C:\Users\Maverick\AppData\Roaming\Golly
08/15/2010  03:22 PM    <DIR>          .
08/15/2010  03:22 PM    <DIR>          ..
11/12/2009  12:47 PM             8,375 GollyPrefs
               1 File(s)          8,375 bytes
     Total Files Listed:
               1 File(s)          8,375 bytes
               2 Dir(s)  70,662,610,944 bytes free
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< dir /s /a "C:\Users\Maverick\AppData\Local\{9B1655AC-6299-4A7E-B13C-905AEDA4218B}" /c >[/color]
 Volume in drive C has no label.
 Volume Serial Number is DC9F-09C9
 Directory of C:\Users\Maverick\AppData\Local
07/29/2011  02:52 PM                 0 {9B1655AC-6299-4A7E-B13C-905AEDA4218B}
               1 File(s)              0 bytes
     Total Files Listed:
               1 File(s)              0 bytes
               0 Dir(s)  70,662,615,040 bytes free
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< dir /s /a "C:\Users\Maverick\AppData\Local\{E7614366-F422-48DC-AEEC-E8ACA4E5827B}" /c >[/color]
 Volume in drive C has no label.
 Volume Serial Number is DC9F-09C9
 Directory of C:\Users\Maverick\AppData\Local
12/20/2011  07:47 AM                 0 {E7614366-F422-48DC-AEEC-E8ACA4E5827B}
               1 File(s)              0 bytes
     Total Files Listed:
               1 File(s)              0 bytes
               0 Dir(s)  70,662,615,040 bytes free
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< dir /s /a "C:\Users\Maverick\AppData\Local\{2ECE7115-C326-42D0-84A3-8932F5DBD7B3}" /c >[/color]
 Volume in drive C has no label.
 Volume Serial Number is DC9F-09C9
 Directory of C:\Users\Maverick\AppData\Local
12/20/2011  07:25 AM                 0 {2ECE7115-C326-42D0-84A3-8932F5DBD7B3}
               1 File(s)              0 bytes
     Total Files Listed:
               1 File(s)              0 bytes
               0 Dir(s)  70,652,911,616 bytes free
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< dir /s /a "C:\Users\Maverick\AppData\Local\{3173A9AE-4B9E-43CE-B5FA-AAE6FC42BA0F}" /c >[/color]
 Volume in drive C has no label.
 Volume Serial Number is DC9F-09C9
 Directory of C:\Users\Maverick\AppData\Local
12/20/2011  07:24 AM                 0 {3173A9AE-4B9E-43CE-B5FA-AAE6FC42BA0F}
               1 File(s)              0 bytes
     Total Files Listed:
               1 File(s)              0 bytes
               0 Dir(s)  70,652,379,136 bytes free
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< dir /s /a "C:\Users\Maverick\AppData\Local\Temp\{c9853542-d4eb-41d4-a5f0-77ed6ef14383}\" /c >[/color]
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >[/color]
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Maverick\Desktop\cmd.bat deleted successfully.
C:\Users\Maverick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 20999257 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Git
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Maverick
->Temp folder emptied: 563768737 bytes
->Temporary Internet Files folder emptied: 189468746 bytes
->Java cache emptied: 45521745 bytes
->FireFox cache emptied: 455198881 bytes
->Google Chrome cache emptied: 279456125 bytes
->Flash cache emptied: 12682485 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: UpdatusUser.Maverick-7PC
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: UpdatusUser.Maverick-7PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 913408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19328 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37567200 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 976 bytes
RecycleBin emptied: 305761 bytes
 
Total Files Cleaned = 1,532.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Git
 
User: Maverick
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
User: UpdatusUser.Maverick-7PC
->Flash cache emptied: 0 bytes
 
User: UpdatusUser.Maverick-7PC.000
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Git
 
User: Maverick
->Java cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
User: UpdatusUser.Maverick-7PC
 
User: UpdatusUser.Maverick-7PC.000
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12172012_170147

Files\Folders moved on Reboot...
File\Folder C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_79858110.lnk not found!
C:\Users\Maverick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


#10 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 December 2012 - 08:14 PM

Teamspeak is crashing when I try to start it up, I opened up the dmp with visual studio and it's crashing because of a stack overflow. It was working fine before the OTL fix, about to run combofix now.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:59 PM

Posted 17 December 2012 - 08:28 PM

I'll await your response with the ComboFix log, and then respond to your posts.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 December 2012 - 08:48 PM

4. Combofix:
ComboFix 12-12-17.02 - Maverick 12/17/2012  17:18:34.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4067.1911 [GMT -8:00]
Running from: c:\users\Maverick\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1355020118.bdinstall.bin
c:\programdata\1355453831.bdinstall.bin
c:\programdata\boost_interprocess\20121209154931.738466
c:\users\Maverick\AppData\Local\Temp\_MEI34842\_ctypes.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\_elementtree.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\_hashlib.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\_socket.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\_ssl.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\pyexpat.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\pysqlite2._sqlite.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\python26.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\pythoncom26.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\PyWinTypes26.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\select.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\unicodedata.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32api.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32com.shell.shell.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32crypt.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32event.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32file.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32inet.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32pdh.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32process.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32profile.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32security.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\win32ts.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\windows._cacheinvalidation.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._controls_.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._core_.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._gdi_.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._html2.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._misc_.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._windows_.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wx._wizard.pyd
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wxbase293u_net_vc.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wxbase293u_vc.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wxmsw293u_adv_vc.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wxmsw293u_core_vc.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wxmsw293u_html_vc.dll
c:\users\Maverick\AppData\Local\Temp\_MEI34842\wxmsw293u_webview_vc.dll
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-18 to 2012-12-18  )))))))))))))))))))))))))))))))
.
.
2012-12-18 01:33 . 2012-12-18 01:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-18 01:33 . 2012-12-18 01:33	--------	d-----w-	c:\users\UpdatusUser.Maverick-7PC\AppData\Local\temp
2012-12-18 01:33 . 2012-12-18 01:33	--------	d-----w-	c:\users\UpdatusUser.Maverick-7PC.000\AppData\Local\temp
2012-12-18 01:33 . 2012-12-18 01:33	--------	d-----w-	c:\users\Git\AppData\Local\temp
2012-12-18 01:33 . 2012-12-18 01:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-18 01:33 . 2012-12-18 01:33	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-12-18 00:58 . 2012-12-18 00:58	--------	d-----w-	C:\_OTL
2012-12-14 21:46 . 2012-12-14 21:55	--------	d-----w-	C:\btcgame
2012-12-14 12:01 . 2012-11-19 09:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{46EF0AC7-6DF8-4395-BD5A-F277E8165DCB}\mpengine.dll
2012-12-14 03:13 . 2012-12-14 03:13	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-12-14 03:13 . 2012-12-11 23:16	460888	----a-w-	c:\windows\system32\drivers\79858110.sys
2012-12-13 21:07 . 2012-12-13 21:20	--------	d-----w-	C:\sfml_j
2012-12-13 03:29 . 2012-12-13 03:29	--------	d-----w-	c:\users\Maverick\AppData\Local\4A Games
2012-12-12 12:33 . 2012-12-12 12:33	587024	----a-w-	c:\windows\system32\drivers\avckf.sys
2012-12-12 12:27 . 2012-12-12 12:27	705552	----a-w-	c:\windows\system32\drivers\avc3.sys
2012-12-10 05:13 . 2012-12-10 05:13	--------	d-----w-	C:\hcprofiles
2012-12-10 02:06 . 2012-12-10 02:06	--------	d-----w-	c:\program files (x86)\Hand-Crafted Software
2012-12-09 23:58 . 2012-12-09 23:58	--------	d-----w-	c:\programdata\bdch
2012-12-09 02:38 . 2012-12-09 02:38	--------	d-----w-	c:\programdata\BDLogging
2012-12-09 02:29 . 2012-12-18 00:52	--------	d-----w-	c:\program files\Bitdefender
2012-12-09 02:29 . 2012-12-09 02:29	--------	d-----w-	c:\users\Maverick\AppData\Roaming\QuickScan
2012-12-09 02:28 . 2012-12-14 03:00	--------	d-----w-	c:\program files\Common Files\Bitdefender
2012-12-07 06:40 . 2012-12-07 06:40	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-12-07 06:40 . 2012-12-07 06:40	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-12-07 05:46 . 2012-12-07 05:46	--------	d-----w-	c:\programdata\Sophos
2012-12-07 05:46 . 2012-12-07 05:46	73728	----a-r-	c:\users\Maverick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-07 05:46 . 2012-12-07 05:46	73728	----a-r-	c:\users\Maverick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-07 05:46 . 2012-12-07 05:46	73728	----a-r-	c:\users\Maverick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-07 05:46 . 2012-12-07 05:46	--------	d-----w-	c:\program files (x86)\Sophos
2012-12-07 03:47 . 2012-12-07 05:00	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-12-06 05:14 . 2012-12-06 05:14	--------	d-----w-	c:\programdata\Orbit
2012-12-05 04:16 . 2012-12-05 04:17	--------	d-----w-	C:\arpspoof
2012-12-04 02:38 . 2012-12-04 02:38	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-12-02 22:24 . 2012-12-17 04:59	--------	d-----w-	C:\repos
2012-12-02 10:48 . 2012-12-02 10:48	--------	d-----w-	c:\users\Maverick\AppData\Local\MMavipc
2012-11-22 07:17 . 2012-12-02 02:33	--------	d-----w-	c:\users\Maverick\AppData\Roaming\ftblauncher
2012-11-22 03:53 . 2012-11-22 03:59	--------	d-----w-	c:\users\Maverick\AppData\Local\Sony Online Entertainment
2012-11-22 02:10 . 2012-12-07 06:35	--------	d-----w-	c:\users\Maverick\AppData\Local\PMB Files
2012-11-22 02:10 . 2012-11-22 02:11	--------	d-----w-	c:\programdata\PMB Files
2012-11-22 02:09 . 2012-11-22 02:09	--------	d-----w-	c:\users\Maverick\.swt
2012-11-20 07:29 . 2012-11-20 07:29	--------	d-----w-	c:\programdata\id Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 21:41 . 2009-08-22 21:44	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-12 21:41 . 2009-08-22 21:39	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-12 12:27 . 2011-11-25 23:00	261056	----a-w-	c:\windows\system32\drivers\avchv.sys
2012-12-07 01:50 . 2009-08-22 21:39	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-06 05:06 . 2009-08-22 21:39	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-14 07:52 . 2012-11-14 07:52	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 07:52 . 2012-04-02 04:17	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-28 20:11 . 2012-10-28 20:11	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-28 20:11 . 2012-06-05 22:34	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 20:11 . 2010-06-09 04:59	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-27 05:32 . 2012-10-27 04:04	20821	----a-w-	C:\mgobot.zip
2012-10-27 04:08 . 2012-10-27 04:08	12846	----a-w-	C:\mgobot.src.zip
2012-10-12 02:49 . 2012-11-07 23:40	2468520	----a-w-	c:\windows\SysWow64\BootMan.exe
2010-01-29 04:28 . 2010-01-29 04:28	774144	----a-w-	c:\program files (x86)\RngInterstitial.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-20 1021840]
"ShutdownGuard"="c:\program files (x86)\ShutdownGuard\ShutdownGuard.exe" [2009-09-05 38912]
"SandboxieControl"="c:\users\Maverick\Downloads\dcscrack\eatsx362\app\SbieCtrl.exe" [2011-11-23 652048]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-09 16070136]
"mapdisk"="c:\armawork\mapdisk.bat" [2012-08-15 26]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AtomicTime"="c:\users\Maverick\Documents\qs_toolkit\AtomicTime.exe" [2009-11-02 53248]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-01-25 303104]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-08-24 196784]
.
c:\users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Maverick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-30 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gogoc;gogo6 gogoCLIENT;c:\program files\gogo6\gogoCLIENT\gogoc.exe [2010-03-13 527688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 svnserver;Subversion;c:\svn\bin\svnserve.exe [2009-03-06 110678]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-03 31744]
R3 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-18 75048]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-10 1436424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gogoTunnelDevice;gogo6  Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\gogotun.sys [2010-03-13 27648]
R3 GPU-Z;GPU-Z;c:\users\Maverick\AppData\Local\Temp\GPU-Z.sys [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]
R3 Mandiant_Tools;Mandiant_Tools;c:\programdata\MANDIANT\Memoryze\mktools.sys [2010-11-20 24656]
R3 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [2012-03-10 15168]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2010-11-21 63696]
R3 rdtsc.sys;rdtsc;c:\users\Maverick\AppData\Local\Temp\rdtsc.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2006-09-27 29984]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-10-24 152640]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-23 718072]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-17 156912]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-05 1255736]
R3 WowzaMediaServer;Wowza Media Server;c:\program files (x86)\Wowza Media Systems\Wowza Media Server 3.1.0\bin\wrapper.exe [x]
R3 X6va005;X6va005;c:\users\Maverick\AppData\Local\Temp\005EBF7.tmp [x]
R4 alnsimpdx;{006A7A72-7319-460F-BE16-EF2C71CD74F7};c:\program files (x86)\ophcrack\pwdump\servpw.exe [2008-07-22 57344]
R4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-24 30192]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
R4 i2p;I2P Service;c:\program files (x86)\i2p\I2Psvc.exe [2011-11-19 375576]
R4 MSSQL$MAPLESTORY;SQL Server (MAPLESTORY);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R4 qrrdnib;{5E3ED219-CE56-4CCF-BC7B-7E363B0802A0};c:\program files (x86)\ophcrack\pwdump\servpw.exe [2008-07-22 57344]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R4 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-05-17 231600]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-05-17 56752]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-18 82416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-29 3463080]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2010-10-04 56832]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 10240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 35112]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-05-17 176560]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - regi
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-24 01:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maverick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-07 6612072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: Interfaces\{3EE619AC-0776-4FF7-8BDC-B4838F3BD1E2}: NameServer = 192.168.2.11
TCP: Interfaces\{556D641B-B5AE-4848-969B-788BE63A4111}: NameServer = 192.168.1.1,68.105.28.13
TCP: Interfaces\{F40E570E-BE74-4C0A-AD6E-3C8D1BAC25D3}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Maverick\AppData\Roaming\Mozilla\Firefox\Profiles\mrzc86y3.default-1351555155043\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-29 17:00; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Maverick\AppData\Roaming\Mozilla\Firefox\Profiles\mrzc86y3.default-1351555155043\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-07 15:35; es-MX@dictionaries.addons.mozilla.org; c:\users\Maverick\AppData\Roaming\Mozilla\Firefox\Profiles\mrzc86y3.default-1351555155043\extensions\es-MX@dictionaries.addons.mozilla.org
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
AddRemove-Alan Wake_is1 - c:\users\Maverick\Downloads\Alan.Wake-SKIDROW\install\unins000.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Bookworm Adventures Deluxe 1.00 - c:\users\Maverick\Downloads\Bookworm Games\bookworm deluxe\UNWISE.exe
AddRemove-Borderlands 2_is1 - c:\users\Maverick\Downloads\Borderlands.2-SKIDROW\game\unins000.exe
AddRemove-Cities XL 2011 - c:\program files (x86)\Focus Home Interactive\Cities XL 2011\uninst.exe
AddRemove-Counter-Strike Source_is1 - f:\downloads\css\unins000.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Fallout New Vegas_is1 - c:\program files (x86)\Bethesda Softworks\Fallout New Vegas\unins000.exe
AddRemove-Gemsweeper 1.00 - c:\users\Maverick\Downloads\Casual Games Collection G-K\Misc\Gemsweeper\game\Uninstall.exe
AddRemove-Jardinains! - c:\windows\system32\SpoonUninstall.exe
AddRemove-Panda3D 1.7.0 - c:\panda3d-1.7.0\uninst.exe
AddRemove-PrecisionX - c:\program files (x86)\EVGA Precision X\uninstall.exe
AddRemove-realMYST Interactive 3D Edition - c:\program files (x86)\Mattel Interactive\realMYST Interactive 3D Edition\Uninst.isu
AddRemove-Smart Defrag_is1 - c:\program files (x86)\IObit\IObit SmartDefrag\unins000.exe
AddRemove-Sonic Generations_is1 - c:\users\Maverick\Downloads\SonicGenerationsrt\unins000.exe
AddRemove-Steam App 105600 - c:\users\Maverick\Downloads\super-steam-action\steam.exe
AddRemove-wxWidgets_is1 - c:\wxwidgets-2.8.11\unins000.exe
AddRemove-{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1 - c:\program files (x86)\Penumbra\Episode 1\unins000.exe
AddRemove-{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1 - c:\program files (x86)\Phyxion.net\Driver Sweeper\unins000.exe
AddRemove-{87C97391-AEA5-4891-AFEC-2B7C4211D447}_is1 - c:\srcds\left4dead2\left4dead2\unins000.exe
AddRemove-{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} - c:\users\Maverick\Downloads\SimCity 4 Deluxe\install\EAUninstall.exe
AddRemove-{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1 - c:\program files (x86)\Mass Effect 2\Uninstall\unins000.exe
AddRemove-Competition Arena - c:\windows\system32\javaws.exe
AddRemove-Wurm Online 2.7.5g - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Maverick\AppData\Local\Temp\005EBF7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*t*u*m*b*l*e*U*p*o*n* \Computers]
"Order"=hex:08,00,00,00,02,00,00,00,c4,03,00,00,01,00,00,00,06,00,00,00,88,00,
   00,00,05,00,00,00,7a,00,32,00,cd,00,00,00,00,49,3d,0c,20,00,41,4e,54,49,57,\
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*t*u*m*b*l*e*U*p*o*n* \Hobbies]
"Order"=hex:08,00,00,00,02,00,00,00,e0,00,00,00,01,00,00,00,01,00,00,00,d4,00,
   00,00,00,00,00,00,c6,00,32,00,cd,00,00,00,00,c0,7a,1e,20,00,59,4f,55,54,55,\
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*t*u*m*b*l*e*U*p*o*n* \SciTech]
"Order"=hex:08,00,00,00,02,00,00,00,b4,00,00,00,01,00,00,00,01,00,00,00,a8,00,
   00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,ea,48,e1,20,00,53,57,49,46,54,\
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,18,61,7b,48,e3,5b,85,d9,ac,f5,49,9e,cc,44,ac,c8,9d,20,b8,f2,0b,bf,
   bf,82,2a,43,d1,95,5f,29,9e,89,24,4f,13,d0,b1,07,58,2a,e3,2a,00,12,e9,b5,fa,\
"??"=hex:b3,10,37,b9,42,af,bf,36,c7,66,07,5a,ac,0b,5c,cd
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,5b,74,20,25,cc,2e,c2,4d,fc,76,f7,98,75,bf,a6,83,12,f5,ec,e6,
   7e,52,d3,a3,37,f6,fe,b0,11,ef,a9,95,97,93,4f,e3,e7,e8,95,4e,71,4c,37,ab,6b,\
"rkeysecu"=hex:07,64,6d,27,ee,69,76,03,b0,5f,1c,b5,e7,0b,62,48
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1017\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*t*u*m*b*l*e*U*p*o*n* \Computers]
"Order"=hex:08,00,00,00,02,00,00,00,c4,03,00,00,01,00,00,00,06,00,00,00,88,00,
   00,00,05,00,00,00,7a,00,32,00,cd,00,00,00,00,49,3d,0c,20,00,41,4e,54,49,57,\
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1017\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*t*u*m*b*l*e*U*p*o*n* \Hobbies]
"Order"=hex:08,00,00,00,02,00,00,00,e0,00,00,00,01,00,00,00,01,00,00,00,d4,00,
   00,00,00,00,00,00,c6,00,32,00,cd,00,00,00,00,c0,7a,1e,20,00,59,4f,55,54,55,\
.
[HKEY_USERS\S-1-5-21-1396059951-3295089236-2484375307-1017\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*t*u*m*b*l*e*U*p*o*n* \SciTech]
"Order"=hex:08,00,00,00,02,00,00,00,b4,00,00,00,01,00,00,00,01,00,00,00,a8,00,
   00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,ea,48,e1,20,00,53,57,49,46,54,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-349986)
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-349986)
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-17  17:42:17 - machine was rebooted
ComboFix-quarantined-files.txt  2012-12-18 01:42
.
Pre-Run: 71,240,957,952 bytes free
Post-Run: 70,616,653,824 bytes free
.
- - End Of File - - 7CDD56E3F1149F1A1E317C8A284A80F3

5. Back to normal, now that I've re-disabled UAC. Teamspeak is running fine now, after combofix.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:59 PM

Posted 18 December 2012 - 07:55 PM

Hi!

I recognize all of them but one, the last one. C:\Windows\SysWow64\sdmon.dll It's a 2kb file with the hidden attribute, I opened it up in IDA, and there was no PE Header. It couldn't disassemble anything meaningful. I'm guessing it's encrypted shellcode loaded by some malware during it's run-time. I see no legitimate use for it, so I'd delete it, but I'll let you decide what to do with it.

We'll remove that shortly.

c. There's comments at the end of the lines, starting with //, all of them should be ignored, I recognize them, and I dl'd them from a trusted source.

okay.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
C:\Windows\SysWow64\sdmon.dll
FileLook::
c:\windows\system32\drivers\avc3.sys
c:\windows\system32\drivers\avckf.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. MalwareBytes' Anti-Malware log file.
4. ESET Online Virus Scan log file.
5. SecurityCheck log file.
6. An update on how your computer is currently running.

[b]It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 mmavipc

mmavipc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 21 December 2012 - 01:57 AM

Sorry I haven't replied, been busy. Might be another day or two.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:59 PM

Posted 21 December 2012 - 07:05 PM

Thanks for letting me know.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users