Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Malware still present after scan (Trojan?)


  • This topic is locked This topic is locked

#1
Slash12

Slash12

    Member

  • Member
  • PipPip
  • 49 posts
Regrettably I started getting lazy taking care of my computer and at one point I started noticing some weird symptoms. For a little while now my computer has just semi-frozen when doing certain tasks (Like refreshing browser windows sometimes). Its not a full freeze, but both the video and audio on my entire computer (All applications) stutter for a second before returning to normal. I also noticed my drives running while I wasn't using the computer and got more suspicious. I have McAfee running and it scans regularly but it's never found anything. I installed Malwayrebytes and scanned and found a few backdoor trojans which it said it removed. But since the removal I haven't noticed a change in the symptoms.

The thing that got me to post is that earlier today while playing an online game the game started to lag out (It's never done this before) and the application crashed saying I lost my internet connection. I checked my connection and when pinging from the command prompt I would always get a general error on the first hop to the router, which I've never seen before either. I checked the other computers on the network and they were all working fine at the same time, after a restart of my computer everything worked fine again.

These might be unrelated symptoms but I very highly doubt it and I feel like there's still something hiding in my computer that I can't pick up with any of the antivirus that I have right now, I'm hoping you guys might be able to help me out.

Thanks for any help in advance.


OTL Extras logfile created on: 9/12/2011 11:59:39 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 59.61% Memory free
11.98 Gb Paging File | 8.47 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.86 Gb Total Space | 498.90 Gb Free Space | 54.06% Space Free | Partition Type: NTFS
Drive D: | 81.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A8B177A5-2054-4FF6-8FB1-F3EFEE98E1AD}" = MySQL Server 5.1
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SMBus" = Intel® SMBus
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F5A525F-F00A-478B-B993-EC0DF06B0B76}_is1" = Futa Mistress 1.0
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1050
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars®
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars® Patch
"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4e3650fe-c655-488e-aa45-4677a290640b}" = Nero 9 Essentials
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEEC09B3-FC40-4841-9805-32ABC272945C}" = pyglet
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"APB North America" = APB North America
"APB Reloaded" = APB Reloaded
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crysis Wars®" = Crysis Wars®
"Crysis Wars® Patch" = Crysis Wars® Patch
"DivX Setup.divx.com" = DivX Setup
"Fences" = Fences
"Firestorm-Beta" = Firestorm-Beta (remove only)
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"GoToAssist" = GoToAssist 8.0.0.514
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IceChat_is1" = IceChat 7.70 (Build 20101031)
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"iRotate" = iRotate
"jGRASP" = jGRASP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee Internet Security
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"OUTLOOKR" = Microsoft Office Outlook 2007
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"RollerCoaster Tycoon Setup" = Roll
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SimPE_is1" = SimPE 0.72 (alpha)
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 12900" = Audiosurf
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 18700" = And Yet It Moves
"Steam App 220" = Half-Life 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 26500" = Cogs
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 29180" = Osmos
"Steam App 300" = Day of Defeat: Source
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
"Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
"Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
"Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 3700" = Sniper Elite
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38900" = Rhythm Zone
"Steam App 39000" = Moonbase Alpha
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40700" = Machinarium
"Steam App 41100" = Hammerfight
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 47900" = Dragon Age II
"Steam App 49600" = Beat Hazard
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 630" = Alien Swarm
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 67000" = The Polynomial
"Steam App 70300" = VVVVVV
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8190" = Just Cause 2
"Steam App 93200" = Revenge of the Titans
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 9740" = Indigo Prophecy
"Synthesia" = Synthesia (remove only)
"TeamSpeak_is1" = TeamSpeak
"TrueCrypt" = TrueCrypt
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VH Toolkit_is1" = VH Toolkit 1.0.44.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"winscp3_is1" = WinSCP 4.3.2
"World of Warcraft" = World of Warcraft
"XPort 360_is1" = XPort 360

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'remote_service_bindings', because it does
not exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_component_placements', because
it does not exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_wildcard_namespaces', because it
does not exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_wildcards', because it does not
exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_attributes', because it does not
exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_model_groups', because it does
not exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_elements', because it does not
exist or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_facets', because it does not exist
or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_types', because it does not exist
or you do not have permission.

Error - 9/10/2011 10:10:20 PM | Computer Name = Alex-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'xml_schema_components', because it does not
exist or you do not have permission.

[ Broadcom Wireless LAN Events ]
Error - 12/25/2009 11:58:46 AM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 10:58:46, Fri, Dec 25, 09 Error - Unable to switch user context, authentication
information not set correctly

Error - 12/25/2009 11:59:04 AM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 10:59:04, Fri, Dec 25, 09 Error - Unable to get current user admin
status

Error - 12/25/2009 11:59:17 AM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 10:59:17, Fri, Dec 25, 09 Error - Unable to get current user admin
status

Error - 12/25/2009 11:59:29 AM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 10:59:29, Fri, Dec 25, 09 Error - Unable to get current user admin
status

Error - 2/16/2010 3:23:57 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 14:23:57, Tue, Feb 16, 10 Error - Unable to get current user admin
status

Error - 2/16/2010 3:25:42 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 14:25:42, Tue, Feb 16, 10 Error - Unable to get current user admin
status

Error - 2/16/2010 3:27:28 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 14:27:28, Tue, Feb 16, 10 Error - Unable to get current user admin
status

Error - 6/16/2010 7:20:22 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 19:20:22, Wed, Jun 16, 10 Error - Unable to gain access to user store


Error - 6/22/2011 3:34:11 AM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 03:34:11, Wed, Jun 22, 11 Error - Unable to gain access to user store


Error - 6/29/2011 3:20:17 AM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0
Description = 03:20:17, Wed, Jun 29, 11 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 3/11/2010 9:31:07 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 8:31:05 AM - Error connecting to the internet. 8:31:05 AM - Unable
to contact server..

[ System Events ]
Error - 9/12/2011 9:15:57 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:15:57 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:16:08 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:20:08 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/12/2011 9:20:15 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:20:33 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:20:41 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:21:22 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:21:22 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/12/2011 9:21:24 PM | Computer Name = Alex-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

With regard to this you mentioned:-

I installed Malwayrebytes and scanned and found a few backdoor trojans which it said it removed. But since the removal I haven't noticed a change in the symptoms.

I would like to review the log if it is still available please... It can be found here(if present):

  • Launch/Start the application
  • Click on the Logs radio tab.
  • Post the contents of mbam-log-yyyy-mm-dd (tt-tt-tt).txt
Note: yyyy-mm-dd (tt-tt-tt) denote the date/time the log was created.
  • 0

#3
Slash12

Slash12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Sure no problem, thanks for the response.

Here you go:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7629

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/1/2011 10:36:17 AM
mbam-log-2011-09-01 (10-36-17).txt

Scan type: Quick scan
Objects scanned: 211923
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
c:\Users\Alex\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> 6900 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{488KI3UO-5Y03-JHF2-2L2F-2655K1D636F2} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{488KI3UO-5Y03-JHF2-2L2F-2655K1D636F2} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsnet (Trojan.Agent) -> Value: windowsnet -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost (Trojan.Agent.Gen) -> Value: winhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\ohokkds.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\local settings\temporary internet files\Content.IE5\DJROTOQM\winupdate[2].exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Roaming\dropped.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\WinDir\winupdt.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\vpzohaqldva.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi,

I have bad news I'm afraid. :)

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#5
Slash12

Slash12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I was hoping it wouldn't come to that but I took your advice and reformatted/reinstalled windows. I downloaded all the windows updates and driver updates, and installed a firewall and anti-virus again. The strange thing is that my computer still sometimes gets the weird stutter problem again. Do you think it might be an unrelated problem or could my computer still be infected somehow? I will note that I have noticed the stutter problem usually happens when refreshing something in my browser (Chrome).
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I was hoping it wouldn't come to that but I took your advice and reformatted/reinstalled windows

The most prudent course of action in the long run...if it had been one of my machines infected so I would not have hesitated to perform the same course of action.

The strange thing is that my computer still sometimes gets the weird stutter problem again. Do you think it might be an unrelated problem or could my computer still be infected somehow?

I doubt your machine is reinfected unless off course if you reapplied any backups and they were compromised. However the malware that was on-board should not have done such.

I will note that I have noticed the stutter problem usually happens when refreshing something in my browser (Chrome).

This appears to be a commen problem with the browser I have found of late. Personally I do not rate it at all and seems to be prone to all kinds of issues. If you have not done so it would be prudent to update Internet Explorer to version 9. It should be availble via Windows Update and or you can download it from here.

Now going back the the Chrome issue, it may be Adobe Flash Player related. So you could try installing the latest version from here and then uninstall the old version.

If still a issue:-

  • Type about:plugins into the address bar at the top of a Chrome browser window and depress the Enter key.
  • Click on Details at the upper-right corner of the page.
  • Find the Flash (or “Shockwave Flash”) listing on the Plug-ins page and click the corresponding Disable button. Then click on Enable.
  • Close all Chrome windows and restart the browser.
Let myself know the outcome please in your next reply, thank you.
  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP