LocalSystemNetworkRestricted high memory usage

[ImInfectedIThink]

Hi,

I have in some time know seen this svchost.exe -k LocalSystemNetworkRestricted have a high memory usage, is it normal ?

And is there a way to make it use less ?

Im using Windows 7 Ultimate with Truecrypt encryption.

Thanks in advance.

Attach.txt

DDS.txt

[Maurice Naggar]

Hello,

Did you only recently install MSE on 2012-04-27 ?

What antivirus app was installed before this? Has this system ever been without an antivirus?

Is this running in a VM ?

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
  
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.
  

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Edited May 25, 2012 by Maurice Naggar

[ImInfectedIThink]

No, i've had MSE since i bought the laptop. I think i may have reinstalled it that date because of an update fail.

My system have always had a antivirus system.

And no the pc is not running in a vm.

I could see that if i disabled the Superfetch service the svchost memory usage did fall to 25k, but i also have a problem with my network, my internet is sometime very slow and sometime it is at normal speed, i dont know if it have something to do with the svchost, but both problems occurred at the same time. And i know its not the router or the network, because my other computers works fine.

And after the diabled Superfetch service my pc have cut up to 2 minutes of its booting time.

But all these tests are made with Superfetch turned on.

Log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by My at 2012-05-27 22:58:13

Microsoft Windows 7 Ultimate Service Pack 1

System drive C: has 251 GB (53%) free of 477 GB

Total RAM: 12199 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:58:28, on 27-05-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\TrueCrypt\TrueCrypt.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\EazyPrint\EazyPrint.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\My\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\My.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon

O4 - HKCU\..\Run: [F.lux] "C:\Users\My\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKUS\S-1-5-21-1990530906-4165506631-22784256-1012\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1990530906-4165506631-22784256-1012\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: EazyPrint.lnk = C:\Program Files (x86)\EazyPrint\EazyPrint.exe

O4 - Startup: Skærmklipper og startprogram til OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Secunia PSI Tray.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: S&end til OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Atheros Bt&Wlan Coex Agent - Unknown owner - C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Tjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Unknown owner - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15931 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"

"C:\Windows\system32\Dwm.exe"

"C:\Program Files\Soluto\soluto.exe" /userinit

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"

C:\Windows\System32\spoolsv.exe

"taskhost.exe"

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"

ATKOSD.exe

taskeng.exe {0DA47BC9-1F80-491A-8D6B-D65DAC482914}

taskeng.exe {1C21ED62-619D-417D-99FD-EFABD9B7E5F9}

"C:\Program Files\P4G\BatteryLife.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

WDC.exe

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3

"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe"

"C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe"

"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon

"C:\Program Files (x86)\Secunia\PSI\psi_tray.exe"

"C:\Program Files (x86)\EazyPrint\EazyPrint.exe"

"C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE" /tsr

"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Intel\TurboBoost\TurboBoost.exe"

C:\ExpressGateUtil\VAWinService.exe

"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe"

"C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

"C:\ExpressGateUtil\VAWinAgent.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe" /a

"C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe" /n

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Elantech\ETDCtrlHelper.exe"

"C:\Program Files\Soluto\SolutoService.exe"

"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Skype\Phone\Skype.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=7532.1f1f5030.1072043329 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 7532 "\\.\pipe\gecko-crash-server-pipe.7532" plugin

"C:\Users\My\Local Settings\Apps\F.lux\flux.exe"

"C:\Program Files (x86)\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe"

"C:\Windows\system32\cmd.exe"

\??\C:\Windows\system32\conhost.exe "1714581121677463541-14741895221564062842-938854446713238358-10180780051288673071

"C:\Program Files\Process Hacker 2\ProcessHacker.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=7532.27773200.967098359 "C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 7532 "\\.\pipe\gecko-crash-server-pipe.7532" plugin

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:7052 CREDAT:203011

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:7052 CREDAT:137493

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe21_ Global\UsGthrCtrlFltPipeMssGthrPipe21 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540

"C:\Users\My\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990530906-4165506631-22784256-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990530906-4165506631-22784256-1000UA.job

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fc2e808a-148f-4135-b7c7-9874a743e35c.job

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fde3b548-7385-447a-b9c1-74fe1b2b19e1.job

=========Mozilla firefox=========

ProfilePath - C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "file:///C:/Users/My/Dropbox/Public/EIGHT-firefox%20start%20page+config/index.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=Registrer iTunes-tilbehør

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin]

"Description"=Canon MycameraPlugin

"Path"=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]

"Description"=Wolfram Mathematica Plug-in

"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files\UX\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\UX\components\

binary.manifest

browsercomps.dll

C:\Program Files\UX\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\

donottrackplus@abine.com

firefox@ghostery.com

foxmarks@kei.com

foxyproxy@eric.h.jung

https-everywhere@eff.org

support@lastpass.com

{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\searchplugins\

google-ssl.xml

[ImInfectedIThink]

Still Log.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-16 347424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-16 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19 164496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-16 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-04-04 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-16 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]

Microsoft Web Test Recorder 10.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]

SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-04-04 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19 164496]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-04-04 340384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-09-16 11485800]

"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-09-16 2168424]

"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-09-16 324096]

"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 649608]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-19 170264]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-19 398616]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-19 439064]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]

"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-09-18 499608]

"AtherosBtStack"=C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [2010-07-29 594080]

"AthBtTray"=C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [2010-07-29 377504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2012-03-31 1516496]

"F.lux"=C:\Users\My\Local Settings\Apps\F.lux\flux.exe [2009-08-29 966656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]

C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [2009-10-22 1233704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileREX Update Checker]

C:\Users\My\AppData\Local\Apps\2.0\APN956N4.WRQ\QOQMJ023.1J9\file..tion_619423b4ec51cb01_0002.0000_745701a5a2e893fa\FileREX.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive]

C:\Program Files (x86)\Livedrive\Livedrive.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RiccoVPN]

C:\Program Files (x86)\RiccoVPN\RiccoVPN.exe -autorun []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-23 1601536]

"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]

"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

"SonicMasterTray"=C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-09 984400]

"FLxHCIm"=C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-04-08 43008]

"VAWinAgent"=C:\ExpressGateUtil\VAWinAgent.exe [2011-04-07 45448]

"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2012-05-09 4464472]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

"KeyScrambler"=C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [2012-03-08 432952]

""= []

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

EazyPrint.lnk - C:\Program Files (x86)\EazyPrint\EazyPrint.exe

Skærmklipper og startprogram til OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-03-19 434688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-09-16 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"mixer2"=wdmaud.drv

"midi2"=wdmaud.drv

"wave3"=wdmaud.drv

"mixer3"=wdmaud.drv

"midi3"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.scr - open - C:\Windows\system32\notepad.exe "%1"

.scr - install -

.scr - config -

.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-05-27 22:58:13 ----D---- C:\rsit

2012-05-27 22:58:13 ----D---- C:\Program Files\trend micro

2012-05-27 22:56:35 ----D---- C:\Windows\ERDNT

2012-05-27 22:55:34 ----D---- C:\Program Files (x86)\ERUNT

2012-05-27 20:31:51 ----A---- C:\Windows\system32\network.txt

2012-05-27 20:23:58 ----D---- C:\Program Files (x86)\Xirrus

2012-05-27 20:23:02 ----D---- C:\Users\My\AppData\Roaming\Xirrus

2012-05-26 17:16:03 ----D---- C:\ProgramData\Roaming

2012-05-26 03:40:20 ----D---- C:\Program Files\Elantech

2012-05-26 03:33:37 ----A---- C:\Windows\ETDUninst.dll

2012-05-26 03:33:16 ----A---- C:\Windows\system32\drivers\ETD.sys

2012-05-26 03:28:55 ----A---- C:\Windows\system32\drivers\L1C62x64.sys

2012-05-24 02:00:35 ----D---- C:\ProgramData\Kaspersky Lab

2012-05-21 11:07:25 ----D---- C:\Program Files (x86)\Wondershare

2012-05-20 22:20:32 ----D---- C:\Users\My\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-05-20 22:20:09 ----D---- C:\Users\My\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2012-05-20 22:09:37 ----D---- C:\Program Files (x86)\Adobe Story

2012-05-20 22:08:16 ----D---- C:\Users\My\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-05-20 19:50:54 ----A---- C:\Windows\system32\drivers\vmx86.sys

2012-05-20 19:50:03 ----A---- C:\Windows\SYSWOW64\vmnetdhcp.exe

2012-05-20 19:50:02 ----A---- C:\Windows\SYSWOW64\vmnat.exe

2012-05-20 19:50:01 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys

2012-05-20 19:49:50 ----A---- C:\Windows\system32\vnetlib64.dll

2012-05-20 19:49:47 ----A---- C:\Windows\system32\drivers\VMkbd.sys

2012-05-20 19:49:47 ----A---- C:\Windows\system32\drivers\hcmon.sys

2012-05-20 19:48:30 ----D---- C:\Program Files\Common Files\VMware

2012-05-16 10:08:06 ----D---- C:\ProgramData\Ricoh

2012-05-15 22:39:15 ----A---- C:\Windows\Sandboxie.ini

2012-05-15 22:39:05 ----D---- C:\Program Files\Sandboxie

2012-05-09 23:45:21 ----A---- C:\Windows\SYSWOW64\DWrite.dll

2012-05-09 23:45:21 ----A---- C:\Windows\system32\DWrite.dll

2012-05-09 23:45:10 ----A---- C:\Windows\system32\win32k.sys

2012-05-09 23:45:10 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-05-09 23:45:09 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-05-09 23:45:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-05-09 23:45:03 ----A---- C:\Windows\system32\drivers\tcpip.sys

2012-05-09 23:44:53 ----A---- C:\Windows\system32\drivers\partmgr.sys

2012-05-05 15:33:33 ----D---- C:\Users\My\AppData\Roaming\ZoomBrowser EX

2012-05-05 15:02:12 ----D---- C:\ProgramData\ZoomBrowser

2012-05-05 15:01:39 ----D---- C:\Program Files (x86)\Canon

2012-04-30 18:26:28 ----A---- C:\Windows\SYSWOW64\vmnc.dll

2012-04-30 17:22:42 ----A---- C:\Windows\system32\vnetinst.dll

2012-04-30 17:22:42 ----A---- C:\Windows\system32\vmnetbridge.dll

2012-04-30 17:22:42 ----A---- C:\Windows\system32\drivers\vmnetbridge.sys

2012-04-30 17:22:42 ----A---- C:\Windows\system32\drivers\vmnetadapter.sys

2012-04-30 17:22:42 ----A---- C:\Windows\system32\drivers\vmnet.sys

2012-04-30 13:08:47 ----D---- C:\Program Files (x86)\EazyPrint

2012-04-29 12:11:54 ----D---- C:\Program Files\Soluto

2012-04-28 00:29:47 ----D---- C:\Program Files (x86)\Microsoft Security Client

======List of files/folders modified in the last 1 month======

2012-05-27 22:58:26 ----D---- C:\Windows\Prefetch

2012-05-27 22:58:13 ----RD---- C:\Program Files

2012-05-27 22:58:03 ----D---- C:\Windows\Temp

2012-05-27 22:56:35 ----D---- C:\Windows

2012-05-27 22:55:34 ----RD---- C:\Program Files (x86)

2012-05-27 22:52:49 ----D---- C:\Users\My\AppData\Roaming\Skype

2012-05-27 21:27:40 ----D---- C:\Windows\system32\config

2012-05-27 20:40:55 ----D---- C:\Windows\System32

2012-05-27 20:40:55 ----D---- C:\Windows\inf

2012-05-27 20:40:55 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-05-27 20:24:26 ----SHD---- C:\Windows\Installer

2012-05-27 20:24:25 ----D---- C:\Config.Msi

2012-05-27 20:24:22 ----D---- C:\Windows\winsxs

2012-05-27 20:23:16 ----SHD---- C:\System Volume Information

2012-05-27 03:50:58 ----D---- C:\Users\My\AppData\Roaming\vlc

2012-05-27 02:17:34 ----D---- C:\Windows\system32\NDF

2012-05-26 19:13:05 ----D---- C:\Windows\system32\Tasks

2012-05-26 19:11:49 ----D---- C:\ProgramData\VMware

2012-05-26 19:06:13 ----D---- C:\Windows\system32\catroot

2012-05-26 18:56:47 ----D---- C:\Users\My\AppData\Roaming\uTorrent

2012-05-26 18:24:48 ----D---- C:\Users\My\AppData\Roaming\Intel

2012-05-26 18:24:48 ----D---- C:\Program Files\Intel

2012-05-26 18:24:48 ----D---- C:\Program Files (x86)\Cisco

2012-05-26 18:24:47 ----D---- C:\ProgramData

2012-05-26 18:24:47 ----D---- C:\Program Files\Common Files\Intel

2012-05-26 18:24:38 ----D---- C:\Windows\system32\DriverStore

2012-05-26 16:33:05 ----D---- C:\Windows\system32\drivers

2012-05-26 03:36:15 ----D---- C:\Program Files (x86)\Atheros

2012-05-26 03:31:47 ----D---- C:\Windows\system32\zh-TW

2012-05-26 03:31:47 ----D---- C:\Windows\system32\zh-CN

2012-05-26 03:31:47 ----D---- C:\Windows\system32\tr-TR

2012-05-26 03:31:47 ----D---- C:\Windows\system32\sv-SE

2012-05-26 03:31:47 ----D---- C:\Windows\system32\ru-RU

2012-05-26 03:31:47 ----D---- C:\Windows\system32\pt-PT

2012-05-26 03:31:47 ----D---- C:\Windows\system32\pl-PL

2012-05-26 03:31:47 ----D---- C:\Windows\system32\nl-NL

2012-05-26 03:31:47 ----D---- C:\Windows\system32\ko-KR

2012-05-26 03:31:47 ----D---- C:\Windows\system32\ja-JP

2012-05-26 03:31:47 ----D---- C:\Windows\system32\it-IT

2012-05-26 03:31:47 ----D---- C:\Windows\system32\hu-HU

2012-05-26 03:31:47 ----D---- C:\Windows\system32\fr-FR

2012-05-26 03:31:47 ----D---- C:\Windows\system32\fi-FI

2012-05-26 03:31:47 ----D---- C:\Windows\system32\es-ES

2012-05-26 03:31:47 ----D---- C:\Windows\system32\en-US

2012-05-26 03:31:47 ----D---- C:\Windows\system32\el-GR

2012-05-26 03:31:47 ----D---- C:\Windows\system32\de-DE

2012-05-26 03:31:47 ----D---- C:\Windows\system32\da-DK

2012-05-26 03:31:47 ----D---- C:\Windows\system32\cs-CZ

2012-05-26 03:30:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2012-05-26 03:29:49 ----D---- C:\Windows\SysWOW64

2012-05-25 21:24:55 ----D---- C:\Program Files\PeerBlock

2012-05-25 20:08:23 ----D---- C:\Users\My\AppData\Roaming\dvdcss

2012-05-25 15:39:58 ----D---- C:\Windows\system32\catroot2

2012-05-25 08:32:29 ----SD---- C:\ProgramData\Microsoft

2012-05-24 19:32:44 ----D---- C:\Users\My\AppData\Roaming\nbs-irc

2012-05-24 04:01:14 ----D---- C:\Users\My\AppData\Roaming\MediaMonkey

2012-05-24 03:38:17 ----D---- C:\ProgramData\Atheros

2012-05-24 02:46:02 ----SD---- C:\Windows\Fonts

2012-05-24 02:45:52 ----D---- C:\Program Files (x86)\MathType

2012-05-21 17:58:24 ----D---- C:\Users\My\AppData\Roaming\Dropbox

2012-05-21 11:24:12 ----D---- C:\Users\My\AppData\Roaming\Adobe

2012-05-20 22:21:11 ----D---- C:\Program Files (x86)\Adobe

2012-05-20 22:04:21 ----D---- C:\Users\My\AppData\Roaming\VMware

2012-05-20 21:40:19 ----D---- C:\Windows\debug

2012-05-20 19:49:43 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2012-05-20 19:49:27 ----D---- C:\Windows\SYSWOW64\drivers

2012-05-20 19:49:05 ----D---- C:\Program Files (x86)\VMware

2012-05-20 19:49:03 ----D---- C:\Program Files (x86)\Common Files

2012-05-20 19:48:30 ----D---- C:\Program Files\Common Files

2012-05-15 22:54:54 ----SD---- C:\Users\My\AppData\Roaming\Microsoft

2012-05-14 13:13:11 ----SHD---- C:\$RECYCLE.BIN

2012-05-10 04:15:42 ----RSD---- C:\Windows\assembly

2012-05-10 04:15:42 ----D---- C:\Windows\Microsoft.NET

2012-05-10 00:13:28 ----D---- C:\Program Files\Microsoft Silverlight

2012-05-10 00:13:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-05-10 00:01:01 ----D---- C:\ProgramData\Microsoft Help

2012-05-09 23:58:04 ----A---- C:\Windows\system32\MRT.exe

2012-05-09 23:46:44 ----D---- C:\Program Files\Windows Journal

2012-05-09 23:02:43 ----D---- C:\Windows\Tasks

2012-05-09 23:02:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2012-05-09 22:56:52 ----D---- C:\Program Files\UX

2012-05-09 22:45:20 ----D---- C:\Windows\pss

2012-05-09 09:35:26 ----D---- C:\Windows\system32\wdi

2012-05-06 01:56:56 ----D---- C:\Users\My\AppData\Roaming\DAEMON Tools Lite

2012-05-05 21:05:47 ----D---- C:\Program Files (x86)\JDownloader

2012-05-05 00:07:16 ----D---- C:\Program Files (x86)\uTorrent

2012-05-02 22:20:30 ----D---- C:\Program Files\SUPERAntiSpyware

2012-05-01 02:22:01 ----D---- C:\Program Files (x86)\Google

2012-04-29 12:11:56 ----DC---- C:\Windows\system32\DRVSTORE

2012-04-28 00:30:02 ----D---- C:\Program Files\Microsoft Security Client

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-14 437272]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 Soluto;Soluto; C:\Windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]

R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-03-31 231376]

R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

R1 CbFs;CbFs; \??\C:\Windows\system32\drivers\cbfs.sys [2010-02-16 191960]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-03 283200]

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2011-12-06 140816]

R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-08-29 39024]

R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]

R2 PDFSfilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2012-02-28 81424]

R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 65152]

R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2010-07-29 36000]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2010-07-29 295072]

R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-07-29 28832]

R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-07-29 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-07-29 51872]

R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-07-29 154272]

R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-01-24 283136]

R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

R3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]

R3 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-19 14745600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-09-16 2515432]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2011-12-15 222904]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

R3 PrivacyProtectorMP;PrivacyProtectorMP; C:\Windows\system32\DRIVERS\PPFlt.sys [2012-03-08 27160]

R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2009-10-05 8152]

R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 29696]

R3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]

R4 KProcessHacker2;KProcessHacker2; \??\C:\Program Files\Process Hacker 2\kprocesshacker.sys [2011-08-25 36424]

S1 SASDIFSV;SASDIFSV; \??\C:\Users\My\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS []

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2011-09-16 44032]

S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2010-07-29 51872]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]

S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]

S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

S3 Passthru;PrivacyProtector Service; C:\Windows\system32\DRIVERS\PPFlt.sys [2012-03-08 27160]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-04-10 164528]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]

S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []

S4 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]

S4 RsFx0105;RsFx0105 Driver; C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-10-18 140672]

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]

R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-20 1431888]

R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2012-04-24 584224]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-09-22 154984]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

R2 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2011-03-25 91464]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe []

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2011-09-22 58345832]

S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-07-29 52896]

S3 Bonjour Service;Bonjour tjeneste; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]

S3 CGVPNCliSrvc;CyberGhost VPN Client; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2011-12-06 2430128]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

S3 gupdate;Google Update Tjeneste (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 116648]

S3 gupdatem;Google Update Tjeneste (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 116648]

S3 iPod Service;iPod-tjeneste; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 934760]

S3 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

S3 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager; C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2012-02-29 1890568]

S3 PDEngine;PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2012-02-29 3291912]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]

S3 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-04-10 97552]

S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S3 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]

S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]

-----------------EOF-----------------

[ImInfectedIThink]

Info.txt

info.txt logfile of random's system information tool 1.09 2012-05-27 22:58:31

======Uninstall list======

-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\setup.exe" /Action=RemovePatch /AllInstances

-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances

-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL

64 Bit HP CIO Components Installer-->MsiExec.exe /I{BC741628-0AFC-405C-8946-DD46D1005A0A}

ActivDriver x64 v5.4.6-->MsiExec.exe /I{F651E81A-6D79-4004-9D49-DB3DA159CDD7}

ActivInspire Help (DNK) v1-->MsiExec.exe /I{F069D2A4-D29D-4E6D-8FDA-3EBE399A3092}

ActivInspire HWR Resources (INT) v1-->MsiExec.exe /I{782E1916-7A78-47F7-9AF3-2233B83026F2}

ActivInspire v1-->MsiExec.exe /I{7970AA03-F817-4916-AE77-80DC801646CC}

Adobe Acrobat X Pro - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000005}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842}

Adobe Community Help-->msiexec /qb /x {A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}

Adobe Community Help-->MsiExec.exe /I{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}

Adobe Content Viewer-->msiexec /qb /x {4E33D05D-76CF-5D3C-4D5D-7727530FA161}

Adobe Content Viewer-->MsiExec.exe /I{4E33D05D-76CF-5D3C-4D5D-7727530FA161}

Adobe Creative Suite 5.5 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{D57FC112-312E-4D70-860F-2DB8FB6858F0}"

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe -maintain plugin

Adobe Story-->msiexec /qb /x {C8E6DE88-C7D8-FCD8-CC61-E7805D7A89C4}

Adobe Story-->MsiExec.exe /I{C8E6DE88-C7D8-FCD8-CC61-E7805D7A89C4}

Adobe Widget Browser-->msiexec /qb /x {BDE646E8-86E0-50E1-37BC-0AEBB2185D76}

Adobe Widget Browser-->MsiExec.exe /I{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}

Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}\Setup.exe -runfromtemp -l0x0409

Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}

Apple Mobile Device Support-->MsiExec.exe /I{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ASUS Power4Gear Hybrid-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}

ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}

ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}

Autodesk Design Review 2012-->C:\Program Files (x86)\Autodesk\Autodesk Design Review 2012\Setup\Setup.exe /P {A49BDCBE-590E-43A6-AB77-7C40E499B7C1} /M ADR /language en-US

Autodesk Inventor Content Center Libraries 2012 (Desktop Content)-->MsiExec.exe /X{B46DECD1-1664-4EF1-0000-22D71E81877C}

Autodesk Inventor Fusion 2012 Language Pack-->MsiExec.exe /X{FFF7F80F-929E-497F-A112-B070DE816128}

Autodesk Inventor Fusion 2012-->C:\Program Files\Autodesk\Inventor Fusion 2012\Setup\Setup.exe /P {FFF5619F-6669-4EC5-A85E-9994F70A9E5D} /M INVENTORFUSION /LANG en-US

Autodesk Inventor Fusion 2012-->MsiExec.exe /X{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}

Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack-->MsiExec.exe /I{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}

Autodesk Inventor Fusion for Inventor 2012 Add-in-->C:\Program Files\Autodesk\Inventor 2012\Bin\FUSION4INVADDINSSetup\Setup\Setup.exe /P {4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858} /M FUSION4INVADDINS /LANG en-US

Autodesk Inventor Fusion for Inventor 2012 Add-in-->MsiExec.exe /I{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}

Autodesk Inventor Professional 2012 English Language Pack-->MsiExec.exe /I{7F4DD591-1664-0409-0001-7107D70F3DB4}

Autodesk Inventor Professional 2012 English-->C:\Program Files\Autodesk\Inventor 2012\Setup\Setup.exe /P {7F4DD591-1664-0409-0000-7107D70F3DB4} /M INVENTOR /LANG en-US

Autodesk Inventor Professional 2012-->MsiExec.exe /I{7F4DD591-1664-0409-0000-7107D70F3DB4}

Autodesk Inventor Publisher 2012 Language Pack-->MsiExec.exe /X{6E542012-DD29-0001-B703-2376D4CC9C8F}

Autodesk Inventor Publisher 2012-->C:\Program Files\Autodesk\Inventor Publisher 2012\Setup\Setup.exe /P {6E542012-DD29-0000-B703-2376D4CC9C8F} /M Inventor_Publisher /LANG en-US

Autodesk Inventor Publisher 2012-->MsiExec.exe /X{6E542012-DD29-0000-B703-2376D4CC9C8F}

Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}

Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52}

Autodesk Material Library Low Resolution Image Library 2012-->MsiExec.exe /I{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}

Autodesk Vault 2012 (Client) English Language Pack-->MsiExec.exe /I{266597A9-1664-0000-0100-DCBF2B69166B}

Autodesk Vault 2012 (Client)-->C:\Program Files\Autodesk\Vault 2012\Setup\setup.exe /P {CF526A26-1664-0000-0000-02E95019B628} /M VAULT /language en-US

Autodesk Vault 2012 (Client)-->MsiExec.exe /X{CF526A26-1664-0000-0000-02E95019B628}

Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

CANON iMAGE GATEWAY MyCamera Download Plugin-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\MyCamera Download Plugin\MyCameraPluginUninstall.ini"

CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"

Canon MOV Decoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"

Canon MOV Encoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Utility\Uninst.ini"

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Video Snapshot Task\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\PhotoStitch\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"

Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.10.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Chicken Invaders 3 - Revenge of the Yolk - Easter Edition-->"C:\Program Files (x86)\Chicken Invaders 3 - Revenge of the Yolk - Easter Edition\uninstall.exe" "/U:C:\Program Files (x86)\Chicken Invaders 3 - Revenge of the Yolk - Easter Edition\Uninstall\uninstall.xml"

Cisco AnyConnect VPN Client-->MsiExec.exe /X{44257960-C5CC-45BA-8E83-524E4A0F3FD5}

CoreAVC Professional Edition (remove only)-->"C:\Program Files (x86)\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"

CrypTool 1.4.30-->C:\Program Files (x86)\CrypTool\uninstall.exe

Crystal Reports for Visual Studio-->MsiExec.exe /I{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}

CyberGhost VPN-->"C:\Program Files\CyberGhost VPN\unins000.exe"

DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{946F0E94-3B15-40B5-A04F-16A1C1234040}" "1030" "0"

Defraggler-->"C:\Program Files\Defraggler\uninst.exe"

Diagram Designer-->MsiExec.exe /X{576D94BB-CA4A-4487-BAF1-A2DC7C29BB23}

Dotfuscator Software Services - Community Edition-->MsiExec.exe /X{1AA5BD63-6614-44B2-88A7-605191EDB835}

DriverIdentifier 3.9-->"C:\Program Files (x86)\Driver Identifier\unins000.exe"

DWG TrueView 2012-->C:\Program Files\Autodesk\DWG TrueView 2012\Setup\Setup.exe /P {5783F2D7-A028-0409-0100-0060B0CE6BBA} /M AOEM /language en-US

EAGLE 6.0.0-->cmd.exe /c start "EAGLE Uninstaller" /min "C:\Program Files (x86)\EAGLE-6.0.0\bin\uninstall.bat" C:\Program Files (x86)\EAGLE-6.0.0\bin

EazyPrint 1.0-->C:\Program Files (x86)\EazyPrint\Uninst0.exe

Eco Materials Adviser (x64)-->MsiExec.exe /X{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

ETDWare PS/2-x64 7.0.5.15_WHQL-->%ProgramFiles%\Elantech\ETDUn_inst.exe

ExpressGateCloud-->"C:\Program Files (x86)\InstallShield Installation Information\{36B0DC39-3282-40EB-8587-B875CE46C3A7}\setup.exe" -runfromtemp -l0x0409 -removeonly

ExpressGateCloud-->MsiExec.exe /X{36B0DC39-3282-40EB-8587-B875CE46C3A7}

FileZilla Client 3.5.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe

Fresco Logic USB3.0 Host Controller-->MsiExec.exe /X{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}

GeoGebra-->"C:\Program Files (x86)\GeoGebra\uninstaller.exe"

Google Drive-->MsiExec.exe /X{8E3C0F37-2280-4043-BAD0-3C9E5EB723EC}

Google SketchUp 8-->MsiExec.exe /X{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Graphmatica-->MsiExec.exe /X{DAB49042-8178-4BCD-9E56-68CEB3D6EBB7}

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {32DC3D84-B359-3558-9CFF-7EA74EB7F0E3} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {90A659B3-6BB5-3E0D-ACE4-D72FF8D54783} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {3EE9D984-E7A6-30B9-8FF5-A1FE2242440A} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {40BA5965-82C8-3220-BAFA-B247A761053C} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {FB360275-493B-3BFB-B6EC-79FDB4EB05E2} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {A003ADF2-C209-378D-959B-4D93E75FD7A5} /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=""

Haali Media Splitter-->"C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"

inSSIDer 2.0-->MsiExec.exe /I{57019733-78E6-43DE-8E6D-55349F0FDE6F}

Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall

Intel® Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}

Intel® Turbo Boost Teknologi Monitor-->MsiExec.exe /X{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}

IObit Malware Fighter-->"C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe"

iTunes-->MsiExec.exe /I{CF8FFD12-602B-422D-AF1D-511B411E7632}

Java 6 Update 31 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416031FF}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe

KeyScrambler-->C:\Program Files (x86)\KeyScrambler\uninstall.exe

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mathematica Extras 8.0 (2063897)-->"C:\ProgramData\Mathematica\Applications\Extras\UninstallFiles\Windows\unins000.exe"

MathType 6-->"C:\Program Files (x86)\MathType\Setup.exe" -R

MediaMonkey 4.0-->"C:\Program Files (x86)\MediaMonkey\unins000.exe"

MediaPortal-->C:\Program Files (x86)\Team MediaPortal\MediaPortal\uninstall-mp.exe

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}

Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools-->MsiExec.exe /X{40416836-56CC-4C0E-A6AF-5C34BADCE483}

Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}

Microsoft Help Viewer 1.1-->c:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.1\install.exe

Microsoft Help Viewer 1.1-->MsiExec.exe /X{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}

Microsoft Mathematics (64-bit)-->MsiExec.exe /X{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}

Microsoft Mathematics Add-in (64-bit)-->MsiExec.exe /X{E2C98732-F973-4985-A9C5-DC06178E16EE}

Microsoft Office 2010 Primary Interop Assemblies-->MsiExec.exe /X{90140000-1105-0000-0000-0000000FF1CE}

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0406-1000-0000000FF1CE}" "{54897D82-0CE7-4A90-AEA6-AF0189AA02B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-1000-0000000FF1CE}" "{70A3169E-288F-454F-A08D-20DF66639B50}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041D-1000-0000000FF1CE}" "{735E1B03-44E8-4D55-A553-EA9E32C96F7C}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0406-1000-0000000FF1CE}" "{9473C55B-6F52-48FF-B5EE-8E60464B532A}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0406-1000-0000000FF1CE}" "{FD1730AD-3229-4682-BA0C-0451758B2864}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0406-1000-0000000FF1CE}" "{6773C535-2853-4D04-AC06-CEB15C125BFF}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0406-1000-0000000FF1CE}" "{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" "1030" "0"

Microsoft Office Access MUI (Danish) 2010-->MsiExec.exe /X{90140000-0015-0406-1000-0000000FF1CE}

Microsoft Office Excel MUI (Danish) 2010-->MsiExec.exe /X{90140000-0016-0406-1000-0000000FF1CE}

Microsoft Office Groove MUI (Danish) 2010-->MsiExec.exe /X{90140000-00BA-0406-1000-0000000FF1CE}

Microsoft Office InfoPath MUI (Danish) 2010-->MsiExec.exe /X{90140000-0044-0406-1000-0000000FF1CE}

Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (Danish) 2010-->MsiExec.exe /X{90140000-00A1-0406-1000-0000000FF1CE}

Microsoft Office Outlook MUI (Danish) 2010-->MsiExec.exe /X{90140000-001A-0406-1000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Danish) 2010-->MsiExec.exe /X{90140000-0018-0406-1000-0000000FF1CE}

Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}

Microsoft Office Professionel Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Proof (Danish) 2010-->MsiExec.exe /X{90140000-001F-0406-1000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}

Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-1000-0000000FF1CE}

Microsoft Office Proof (Swedish) 2010-->MsiExec.exe /X{90140000-001F-041D-1000-0000000FF1CE}

Microsoft Office Proofing (Danish) 2010-->MsiExec.exe /X{90140000-002C-0406-1000-0000000FF1CE}

Microsoft Office Publisher MUI (Danish) 2010-->MsiExec.exe /X{90140000-0019-0406-1000-0000000FF1CE}

Microsoft Office Shared 32-bit MUI (Danish) 2010-->MsiExec.exe /X{90140000-0043-0406-1000-0000000FF1CE}

Microsoft Office Shared MUI (Danish) 2010-->MsiExec.exe /X{90140000-006E-0406-1000-0000000FF1CE}

Microsoft Office Word MUI (Danish) 2010-->MsiExec.exe /X{90140000-001B-0406-1000-0000000FF1CE}

Microsoft Security Client-->MsiExec.exe /X{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2008 (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"

Microsoft SQL Server 2008 (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"

Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{5340A3B5-3853-4745-BED2-DD9FF5371331}

Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FA7394B8-CE65-4F9E-AC99-F372AD365424}

Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FBD367D1-642F-47CF-B79B-9BE48FB34007}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}

Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{DF167CE3-60E7-44EA-99EC-2507C51F37AE}

Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}

Microsoft SQL Server 2008 R2 Data-Tier Application Framework-->MsiExec.exe /I{BC537AE0-88AF-47ED-B762-33B0D62B5188}

Microsoft SQL Server 2008 R2 Data-Tier Application Project-->MsiExec.exe /I{7A56D81D-6406-40E7-9184-8AC1769C4D69}

Microsoft SQL Server 2008 R2 Management Objects (x64)-->MsiExec.exe /I{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}

Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}

Microsoft SQL Server 2008 R2 Transact-SQL Language Service-->MsiExec.exe /I{09C52940-A4D1-4409-A7CC-1AAE630CF578}

Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}

Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{6292D514-17A4-403F-98F9-E150F10C043D}

Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}

Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}

Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}

Microsoft SQL Server System CLR Types (x64)-->MsiExec.exe /I{1E6ED082-E32D-4B2B-8B6A-70B094815135}

Microsoft SQL Server System CLR Types-->MsiExec.exe /I{877B76B2-F83F-4F5A-B28D-3F398641ADB6}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5}

Microsoft Sync Framework Runtime v1.0 SP1 (x64)-->MsiExec.exe /I{8438EC02-B8A9-462D-AC72-1B521349C001}

Microsoft Sync Framework SDK v1.0 SP1-->MsiExec.exe /I{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}

Microsoft Sync Framework Services v1.0 SP1 (x64)-->MsiExec.exe /I{034106B5-54B7-467F-B477-5B7DBB492624}

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)-->MsiExec.exe /I{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}

Microsoft Team Foundation Server 2010 Object Model - ENU-->MsiExec.exe /I{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}

Microsoft Team Foundation Server 2010 Object Model - ENU-->MsiExec.exe /X{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319-->MsiExec.exe /X{F5079164-1DB9-3BDA-853B-F78AF67CE071}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219-->MsiExec.exe /X{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219-->MsiExec.exe /X{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}

Microsoft Visual F# 2.0 Runtime-->MsiExec.exe /X{85467CBC-7A39-33C9-8940-D72D9269B84F}

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}

Microsoft Visual Studio 2010 IntelliTrace Collection (x64)-->MsiExec.exe /I{88BAE373-00F4-3E33-828F-96E89E5E0CB9}

Microsoft Visual Studio 2010 Office Developer Tools (x64)-->MsiExec.exe /X{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}

Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU-->MsiExec.exe /I{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}

Microsoft Visual Studio 2010 Service Pack 1-->C:\ProgramData\VS\vs10sp1\SetupCache\Setup.exe

Microsoft Visual Studio 2010 Service Pack 1-->MsiExec.exe /X{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}

Microsoft Visual Studio 2010 SharePoint Developer Tools-->MsiExec.exe /X{0BE273CD-AAB9-361B-8C32-D955EAC929E3}

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}

Microsoft Visual Studio 2010 Ultimate - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual Studio 2010 Ultimate - ENU\setup.exe

Microsoft Visual Studio Macro Tools-->msiexec.exe /uninstall {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}

Microsoft Visual Studio Macro Tools-->MsiExec.exe /X{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}

Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}

Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

Microsoft_VC90_MFCLOC_x86_x64-->MsiExec.exe /I{90BF0360-A1DB-4599-A643-95AB90A52C1E}

Microsoft_VC90_MFCLOC_x86-->MsiExec.exe /I{B6D38690-755E-4F40-A35A-23F8BC2B86AC}

MioMore Desktop 2008-->C:\Program Files (x86)\InstallShield Installation Information\{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}\Setup.exe -runfromtemp -l0x0006 -removeonly

Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe

NVIDIA 3D Vision Controller Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB

NVIDIA Graphics Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA PhysX System Software 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

NVIDIA Update 1.7.11-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update

Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe

PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}

PeerBlock 1.1 (r518)-->"C:\Program Files\PeerBlock\unins000.exe"

PerfectDisk 12.5 Professional-->MsiExec.exe /I{FD310764-B3E5-430F-980E-D6C0016B2660}

Process Hacker 2.27 (r4957)-->"C:\Program Files\Process Hacker 2\unins000.exe"

ProxySwitcher Standard-->"C:\Program Files (x86)\Proxy Switcher Standard\unins000.exe"

PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}

Python 2.7.2 (64-bit)-->MsiExec.exe /I{2E295B5B-1AD4-4D36-97C2-A316084722C0}

Quick Uninstall Tool for Autodesk Inventor 2012-->MsiExec.exe /X{D25FF5C1-1664-469A-9794-69309387C193}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -removeonly

Sandboxie 3.68 (64-bit)-->"C:\Windows\Installer\SandboxieInstall64.exe" /remove

SDFormatter-->MsiExec.exe /X{A5355F15-F98B-4704-9BAE-E53B9FE48F48}

Secunia PSI (2.0.0.3003)-->"C:\Program Files (x86)\Secunia\PSI\uninstall.exe"

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended

Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{B8512624-C19C-49C0-ABFB-572ADF5F4972}" "1030" "0"

Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}" "1030" "0"

Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}" "1030" "0"

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{0F6C4F72-6084-437B-9B35-F59B09E3C1B0}" "1030" "0"

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{297E6E47-5F6E-4DD8-B880-75944B5C1C7C}" "1030" "0"

Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{3E112FB8-14E5-4088-80AC-574FC376BCFE}" "1030" "0"

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1030" "0"

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1030" "0"

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{C37E7477-0E37-465F-81B8-6085454CFEE2}" "1030" "0"

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)-->c:\Windows\SysWOW64\msiexec.exe /package {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} /uninstall {3A02AD1D-6903-3E0E-8EA9-A9121A0B06ED} /qb+ REBOOTPROMPT=""

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)-->c:\Windows\SysWOW64\msiexec.exe /package {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3} /uninstall {CA6C4E8E-CE86-4C78-B4BC-1E083E8E613A} /qb+ REBOOTPROMPT=""

Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2546951\ServicePack\setup.exe" /Action=RemovePatch /AllInstances

Skype™ 5.8-->MsiExec.exe /X{1845470B-EB14-4ABC-835B-E36C693DC07D}

Soluto-->MsiExec.exe /X{012C87CF-282E-4142-84F8-DCDD07F54182}

SonicMaster-->MsiExec.exe /I{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}

Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"

Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}

SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil-->"C:\Program Files (x86)\eRightSoft\SUPER\unins000.exe"

SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"

System Requirements Lab for Intel-->MsiExec.exe /I{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}

System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe

TeamViewer 7-->C:\Program Files (x86)\TeamViewer\Version7\uninstall.exe

TI-Nspire CAS Student Software-->C:\Program Files (x86)\TI Education\TI-Nspire CAS Student Software\Uninstall.exe

TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe"

tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}

tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}

tools-netware-->MsiExec.exe /X{197597A7-AD33-4898-9D8E-73066818B464}

tools-solaris-->MsiExec.exe /X{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}

tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}

tools-winPre2k-->MsiExec.exe /X{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}

Total Commander (Remove or Repair)-->C:\Program Files (x86)\totalcmd\tcuninst.exe

TreeSize Free V2.7-->"C:\Program Files (x86)\JAM Software\TreeSize Free\unins000.exe"

TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u

TunnelBear 1.0.28-->C:\Program Files (x86)\TunnelBear\uninst.exe

Unit Conversion Tool 5.1-->"C:\Program Files (x86)\Unit Conversion Tool\unins000.exe"

Unlocker 1.9.1-x64-->C:\Program Files\Unlocker\uninst.exe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended

Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{428CB7A0-1068-4CE1-8835-39C7ECD297ED}" "1030" "0"

Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{57CEB66B-DD29-4883-92A2-671331657B52}" "1030" "0"

Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1030" "0"

Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0406-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1030" "0"

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1030" "0"

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1030" "0"

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}" "1030" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0406-1000-0000000FF1CE}" "{785E375A-880E-439C-9717-FDC2275E772B}" "1030" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-1000-0000000FF1CE}" "{74D7080E-57AC-419D-9AA0-D277114D213F}" "1030" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{4EB7D2FF-CC3E-4FC1-B4DB-CE3DCCCC8559}" "1030" "0"

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041D-1000-0000000FF1CE}" "{2EC07C22-E2AA-465E-8E56-F64FDB66B8A1}" "1030" "0"

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}" "1030" "0"

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{16E045BF-8CE5-4F20-A0DA-F7F495D239D0}" "1030" "0"

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0406-1000-0000000FF1CE}" "{EDBC6672-1C74-44B1-87F5-DF947B3E0A9E}" "1030" "0"

Update for Microsoft Office 2010 (KB2553385) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{1AD9A591-B1A3-4B57-91A8-8E0CEDE538C1}" "1030" "0"

Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}" "1030" "0"

Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{BC9AC000-70B4-4941-AE86-AF12D036E076}" "1030" "0"

Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{BC9AC000-70B4-4941-AE86-AF12D036E076}" "1030" "0"

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0406-1000-0000000FF1CE}" "{633A0AAE-85AB-40F9-AED1-AED642C1E530}" "1030" "0"

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{93235108-E80B-4BFE-9BD2-176E5F14DCCF}" "1030" "0"

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{93235108-E80B-4BFE-9BD2-176E5F14DCCF}" "1030" "0"

Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{ABC643B5-0ADF-4511-B521-D99D9A822AD2}" "1030" "0"

Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0406-1000-0000000FF1CE}" "{69D1C8D4-D28E-4C37-9693-35B1BB6B3A0C}" "1030" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7861C766-2AA2-4A50-AB75-A57D451CEA76}" "1030" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0406-1000-0000000FF1CE}" "{A195F773-B89C-48FA-8355-530A8C286AD4}" "1030" "0"

UX 15.0a1 (x64 en-US)-->C:\Program Files\UX\uninstall\helper.exe

Visual Studio 2010 Prerequisites - English-->MsiExec.exe /X{662014D2-0450-37ED-ABAE-157C88127BEB}

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}

VLC media player 2.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

VmciSockets-->MsiExec.exe /I{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}

VMware Workstation-->C:\ProgramData\VMware\VMware Workstation\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Workstation\Uninstaller\"

VMware Workstation-->MsiExec.exe /I{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}

WampServer 2.2-->"c:\wamp\unins000.exe"

WCF RIA Services V1.0 SP1-->MsiExec.exe /X{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}

Web Deployment Tool-->MsiExec.exe /I{0F37D969-1260-419E-B308-EF7D29ABDE20}

WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}

WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe

WinRAR 4.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}

Wireshark 1.6.6-->"C:\Program Files\Wireshark\uninstall.exe"

Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)-->"C:\Program Files\Wolfram Research\Mathematica\8.0\SystemFiles\UninstallFiles\Windows\unins000.exe"

Wondershare PDF to Word (Build 3.6.0)-->"C:\Program Files (x86)\Wondershare\PDFtoWord\unins000.exe"

Xirrus Wi-Fi Inspector-->MsiExec.exe /I{BBB21AB1-2C45-435D-A05A-B563072E7B9B}

======Hosts File======

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 swupmf.adobe.com # added after Fiddler sniff

127.0.0.1 www.wip.adobe.com

127.0.0.1 www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com

127.0.0.1 www.wip3.adobe.com

127.0.0.1 www.wip4.adobe.com

127.0.0.1 *.google-analytics.com

127.0.0.1 199.7.52.190

======System event log======

Computer Name: My-PC

Event Code: 3

Message: A command sent to the adapter has timed out. The adapter did not respond.

Record Number: 60171

Source Name: BTHUSB

Time Written: 20120110110459.975609-000

Event Type: Warning

User:

Computer Name: My-PC

Event Code: 2001

Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.2495.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.7903.0

Error code: 0x80244017

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 60155

Source Name: Microsoft Antimalware

Time Written: 20120110073703.000000-000

Event Type: Error

User:

Computer Name: My-PC

Event Code: 36888

Message: The following fatal alert was generated: 10. The internal error state is 10.

Record Number: 60142

Source Name: Schannel

Time Written: 20120110072938.703384-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: My-PC

Event Code: 36888

Message: The following fatal alert was generated: 10. The internal error state is 10.

Record Number: 60141

Source Name: Schannel

Time Written: 20120110072936.503780-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: My-PC

Event Code: 3002

Message: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

Feature: Behavior Monitoring

Error Code: 0x80004005

Error description: Unspecified error

Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Record Number: 60134

Source Name: Microsoft Antimalware

Time Written: 20120110072849.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: My-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

6 user registry handles leaked from \Registry\User\S-1-5-21-1990530906-4165506631-22784256-1000:

Process 1308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1990530906-4165506631-22784256-1000\Software

Process 1308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Process 1308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Process 1308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Process 1308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Microsoft\Internet Explorer\Main

Process 1308 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Policies

Record Number: 23732

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20111129142510.729904-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: My-PC

Event Code: 1000

Message: Faulting application name: SSUPDATE64.EXE, version: 1.0.0.1072, time stamp: 0x4e456f7e

Faulting module name: SSUPDATE64.EXE, version: 1.0.0.1072, time stamp: 0x4e456f7e

Exception code: 0xc0000005

Fault offset: 0x0000000000023498

Faulting process id: 0x1e10

Faulting application start time: 0x01ccae99a687f40f

Faulting application path: C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE

Faulting module path: C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE

Report Id: eb40d1ff-1a8c-11e1-ba0e-005056c00008

Record Number: 23729

Source Name: Application Error

Time Written: 20111129132035.000000-000

Event Type: Error

User:

Computer Name: My-PC

Event Code: 1000

Message: Faulting application name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b

Faulting module name: RPCRT4.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba59

Exception code: 0xc0000005

Fault offset: 0x0003b565

Faulting process id: 0x1030

Faulting application start time: 0x01ccaddae2bbd8b0

Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Faulting module path: C:\Windows\syswow64\RPCRT4.dll

Report Id: 2c27bc3d-19da-11e1-ba0e-005056c00008

Record Number: 23644

Source Name: Application Error

Time Written: 20111128160104.000000-000

Event Type: Error

User:

Computer Name: My-PC

Event Code: 0

Message:

Record Number: 23577

Source Name: TurboBoost

Time Written: 20111128143248.000000-000

Event Type: Oplysninger

User:

Computer Name: My-PC

Event Code: 0

Message:

Record Number: 23459

Source Name: TurboBoost

Time Written: 20111128073907.000000-000

Event Type: Oplysninger

User:

=====Security event log=====

Computer Name: My-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 29282

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120128205409.597247-000

Event Type: Audit Success

User:

Computer Name: My-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: MY-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x304

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 29281

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120128205409.597247-000

Event Type: Audit Success

User:

Computer Name: My-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 29280

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120128205409.597247-000

Event Type: Audit Success

User:

Computer Name: My-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: MY-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x304

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 29279

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120128205409.597247-000

Event Type: Audit Success

User:

Computer Name: My-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 29278

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120128205407.974844-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Smart Projects\IsoBuster;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=8

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\

"ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\

"ILLDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\

"OMP_NUM_THREADS"=8

"VS100COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\

"asl.log"=Destination=file

-----------------EOF-----------------

[ImInfectedIThink]

Checkup.txt

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Spybot - Search & Destroy

Secunia PSI (2.0.0.3003)

Java 6 Update 31

Out of date Java installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

IObit IObit Malware Fighter IMFsrv.exe

IObit IObit Malware Fighter IMF.exe

``````````End of Log````````````

[ImInfectedIThink]

Bitdefender log file

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Sun May 27 23:37:44 2012

Machine ID: 9CC10049

No infection found.

-------------------

Processes

---------

(unsigned) EazyPrint 3332 C:\Program Files (x86)\EazyPrint\EazyPrint.exe

(unsigned) Wireless Console 3 3912 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(verified) ADSMSrv 1568 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(verified) Adobe® Flash® Player Installer/Uninstal 3896 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe

(verified) ATK Generic Function Service 1908 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(verified) ATK Hotkey 2140 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(verified) ATK Hotkey 1404 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(verified) ATK Hotkey 3944 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(verified) ATK Hotkey 2268 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(verified) ATK Media 3920 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(verified) ATKOSD2 2240 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(verified) flux.exe 5892 C:\Users\My\AppData\Local\Apps\F.lux\flux.exe

(verified) IObit Malware Fighter 2076 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(verified) Java Platform SE Auto Updater 2 0 4060 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(verified) KeyScrambler 4092 C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

(verified) MathType 10464 C:\Program Files (x86)\MathType\MathType.exe

(verified) NVIDIA Update Components 5256 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(verified) Secunia PSI Tray 3252 C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(verified) Skype 7592 C:\Program Files (x86)\Skype\Phone\Skype.exe

(verified) Sonic Focus Effects 3956 C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

(verified) TrueCrypt 3156 C:\Program Files\TrueCrypt\TrueCrypt.exe

(verified) VAWinAgent.exe 3996 C:\ExpressGateUtil\VAWinAgent.exe

(verified) VAWinService.exe 3640 C:\ExpressGateUtil\VAWinService.exe

(verified) VMware Workstation 3764 C:\Windows\SysWOW64\vmnat.exe

(verified) VMware Workstation 3904 C:\Windows\SysWOW64\vmnetdhcp.exe

(verified) Windows® Internet Explorer 796 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 5404 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 10044 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 10940 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (796) connected on port 80 (HTTP) --> 173.194.69.113

Process iexplore.exe (796) connected on port 80 (HTTP) --> 173.194.69.113

Process iexplore.exe (796) connected on port 80 (HTTP) --> 95.172.94.59

Process iexplore.exe (796) connected on port 80 (HTTP) --> 95.172.94.59

Process Skype.exe (7592) connected on port 443 (HTTP over SSL) --> 213.146.189.206

Process Skype.exe (7592) connected on port 40036 --> 213.199.179.157

Process Skype.exe (7592) listens on ports: 18726

Autoruns and critical files

---------------------------

(unsigned) EazyPrint C:\Program Files (x86)\EazyPrint\EazyPrint.exe

(unsigned) Windows ® Win 7 DDK driver C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

(unsigned) Wireless Console 3 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(verified) Adobe CS5.5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(verified) Adobe Updater Startup Utility C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

(verified) ATK Hotkey C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(verified) ATK Media C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(verified) Bluetooth Software C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe

(verified) Bluetooth Software C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe

(verified) ELAN Smart-Pad C:\Program Files\Elantech\ETDCtrl.exe

(verified) flux.exe C:\Users\My\Local Settings\Apps\F.lux\flux.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) Google Update C:\Users\My\AppData\Local\Google\Update\GoogleUpdate.exe

(verified) HD Audio Background Process C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(verified) IconUtility C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(verified) IObit Malware Fighter C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

(verified) Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(verified) KeyScrambler C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\BCSSync.exe

(verified) Microsoft OneNote C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(verified) Microsoft Security Client c:\Program Files\Microsoft Security Client\msseces.exe

(verified) Microsoft ® Windows Script Host C:\Windows\system32\wscript.exe

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) NVIDIA D3D shim drivers c:\windows\syswow64\nvinit.dll

(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(verified) SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

(verified) Sonic Focus Effects C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

(verified) SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SASTask.exe

(verified) TrueCrypt C:\Program Files\TrueCrypt\TrueCrypt.exe

(verified) VAWinAgent.exe C:\ExpressGateUtil\VAWinAgent.exe

(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

Browser plugins

---------------

(unsigned) ClickClean.exe C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe

(unsigned) IE Tab Plug-in C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

(unsigned) Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

(unsigned) Mixesoft Click&Clean Plug-In C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\npccch32.dll

(unsigned) VLC Web Plugin C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

(verified) Adobe Contribute CS5.1 c:\program files (x86)\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll

(verified) Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll

(verified) Bitdefender QuickScan C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\npqscan.dll

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

(verified) Google Update C:\Users\My\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDrop.ocx

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropCHS.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropCHT.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropCSY.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropDEU.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropENU.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropESP.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropFRA.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropHUN.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropITA.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropJPN.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropKOR.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropPLK.dll

(verified) i-drop control C:\Windows\Downloaded Program Files\IDropRUS.dll

(verified) Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\ssv.dll

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll

(verified) Microsoft® Visual Studio® 2010 c:\program files (x86)\microsoft visual studio 10.0\common7\ide\privateassemblies\microsoft.visualstudio.qualitytools.recorderbarbho100.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll

(verified) NPCIG.dll C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

(verified) npmathplugin.dll C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

(verified) NPSWF32_11_2_202_235.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

(verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

(verified) VMware Tools C:\Windows\system32\vsocklib.dll

(verified) Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

Missing files

-------------

File not found: C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Wondershare Helper Compact.exe"

Scan

----

MD5: 1ce818a13057e2289d4b88e28911e283 C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax

MD5: fd22b00049f775e952371e9c3dac631b C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

MD5: d3eab1f29ef7647c5d57905453fcdc9e C:\Program Files (x86)\EazyPrint\EazyPrint.exe

MD5: dd82eb68d97944b192c7803eb585b03c C:\Program Files (x86)\IObit\IObit Malware Fighter\rtl120.bpl

MD5: 773ebd87010a6f644869a59d98792c9c C:\Program Files (x86)\IObit\IObit Malware Fighter\vcl120.bpl

MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

MD5: 1f8ffde82c52353906244afdc6baf2ab C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

MD5: 94cf2d157c8fd9089afa5da78aa64c65 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

MD5: 8c01ae115e9e6806a25a9b5136fd6fc0 C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

MD5: dfaa68c2445c2a659aa122358e1219ba C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

MD5: 76cde058148d4b800fd15a1a7daa298a C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe

MD5: 4e1c01d224eb450ca5103a2f959b75ff C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\npccch32.dll

MD5: ad251b3187af5faa143dcd17d85b7df6 C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

MD5: 5cf6e9a685199445fee02fe8c191c9ba c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe

MD5: bc97fdacf084f4801eabd7d5e186b8aa c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe

MD5: c2335d714efafffb4c7a3c164f2024b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MD5: 71904b089f4a0d8f6bc46ce52a457836 C:\Windows\system32\TAKDSDecoder.ax

MD5: 6d8bdea7fb2e1a8461acd4970627e95a C:\Windows\system32\TAKDSDecoder.dll

MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

The following file(s) must be uploaded for server-side scanning:

C:\Program Files (x86)\EazyPrint\EazyPrint.exe

Upload started - 1 file(s)

EazyPrint.exe (164864)

Upload speed - 3 KB/s

Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 45 sec

Total traffic - 0.16 MB sent, 0.08 KB recvd

Scanned 486 files and modules - 50 seconds

==============================================================================

[Maurice Naggar]

The pc has µTorrent. I'd advise you to remove it.

filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

The pc has IObit Malware Fighter. Iobit has a dodgy reputation. I would recommend you unb-install it.

See IOBit Steals Malwarebytes' Intellectual Property

http://forums.malwarebytes.org/index.php?showtopic=29681

Download Dr.Web CureIt to the desktop.

• Turn OFF your antivirus program
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, chose the Complete Scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus when all done.

[ImInfectedIThink]

DrWeb.csv

Integrated_CT2776682.exe;C:\Users\My\Documents\Downloads;Program.BrotherSoft.4;Deleted.;

[ImInfectedIThink]

Hi again.

I use the P2P software to share recaps of video conferenceses, and other work stuff.

And i uninstalled IObit.

[Maurice Naggar]

Download OTL by OldTimer & SAVE to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %ALLUSERSPROFILE%\Application Data\*.dll /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %APPDATA%\*.dll /s
  %SYSTEMDRIVE%\*.exe
  /md5start
  chrome.exe
  themeui.dll
  beep.sys
  userinit.exe
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  /md5stop
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  CREATERESTOREPOINT
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on Run Scan.
  
• The scan won't take long.
  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt into a Reply so I can review

[ImInfectedIThink]

OTL.txt

OTL logfile created on: 30-05-2012 01:54:33 - Run 1

OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\My\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

11,91 Gb Total Physical Memory | 9,01 Gb Available Physical Memory | 75,59% Memory free

23,82 Gb Paging File | 20,68 Gb Available in Paging File | 86,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 244,38 Gb Free Space | 52,48% Space Free | Partition Type: NTFS

Drive H: | 100,00 Mb Total Space | 71,82 Mb Free Space | 71,82% Space Free | Partition Type: NTFS

Drive Z: | 460,00 Gb Total Space | 47,08 Gb Free Space | 10,23% Space Free | Partition Type: NTFS

Computer Name: MY-PC | User Name: My | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - [2012-05-30 01:44:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\My\Desktop\OTL.exe

PRC - [2012-04-30 20:56:16 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012-04-30 20:56:04 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012-04-29 11:35:56 | 000,164,864 | ---- | M] (Donform Software) -- C:\Program Files (x86)\EazyPrint\EazyPrint.exe

PRC - [2012-04-20 15:52:00 | 002,082,744 | ---- | M] (Design Science, Inc.) -- C:\Program Files (x86)\MathType\MathType.exe

PRC - [2012-03-31 16:18:47 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe

PRC - [2012-03-08 07:02:36 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

PRC - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2011-04-19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2011-04-07 21:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe

PRC - [2011-03-25 17:55:16 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe

PRC - [2010-10-07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010-10-07 09:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010-09-23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2010-08-17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010-07-09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

PRC - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\My\Local Settings\Apps\F.lux\flux.exe

PRC - [2009-06-19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009-06-19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008-12-22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

========== Modules (No Company Name) ==========

MOD - [2011-04-07 21:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe

MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010-09-23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\My\Local Settings\Apps\F.lux\flux.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-04-24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)

SRV:64bit: - [2012-04-10 12:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012-02-29 03:19:40 | 001,890,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2012-02-29 03:19:30 | 003,291,912 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)

SRV:64bit: - [2011-12-06 14:54:14 | 002,430,128 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV:64bit: - [2011-10-18 22:22:12 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011-09-22 21:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)

SRV:64bit: - [2011-09-20 10:53:32 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010-12-07 17:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)

SRV:64bit: - [2010-11-20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)

SRV:64bit: - [2010-04-16 17:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®

SRV:64bit: - [2009-07-22 10:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV:64bit: - [2009-07-14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)

SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012-04-30 20:56:16 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012-04-30 20:56:04 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012-04-30 19:53:30 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)

SRV - [2012-04-30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2012-04-24 23:36:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012-03-19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®

SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012-01-25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)

SRV - [2011-11-29 11:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011-09-26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)

SRV - [2011-09-22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2011-08-29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2011-04-19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011-04-19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011-03-25 17:55:16 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)

SRV - [2010-07-29 13:16:12 | 000,052,896 | ---- | M] (Atheros Commnucations) [On_Demand | Stopped] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010-06-25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009-07-14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)

SRV - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-30 20:56:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012-04-30 20:55:30 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012-04-30 20:54:56 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012-04-30 17:22:42 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012-04-30 17:22:42 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012-04-24 17:13:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)

DRV:64bit: - [2012-04-10 12:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012-04-03 03:03:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012-03-31 16:18:49 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012-03-19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012-03-08 16:47:51 | 000,027,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PPFlt.sys -- (PrivacyProtectorMP)

DRV:64bit: - [2012-03-08 16:47:51 | 000,027,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPFlt.sys -- (Passthru)

DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012-03-01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012-02-28 11:25:54 | 000,081,424 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSfilter)

DRV:64bit: - [2012-02-15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)

DRV:64bit: - [2011-12-06 14:04:14 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2011-12-06 04:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2011-09-22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)

DRV:64bit: - [2011-09-16 07:46:31 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2011-08-29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2011-08-08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2011-08-03 15:27:30 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011-07-12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011-06-27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011-04-08 15:46:08 | 000,177,152 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)

DRV:64bit: - [2011-04-08 15:46:08 | 000,056,320 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-01-24 05:31:10 | 000,283,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010-11-20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)

DRV:64bit: - [2010-10-19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010-09-14 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010-09-08 19:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010-09-01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)

DRV:64bit: - [2010-08-24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010-07-29 13:16:28 | 000,295,072 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2010-07-29 13:16:28 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2010-07-29 13:16:28 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2010-07-29 13:16:28 | 000,051,872 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2010-07-29 13:16:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2010-07-29 13:16:28 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010-07-29 13:16:26 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)

DRV:64bit: - [2010-06-25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2010-04-16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010-02-25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2010-02-16 13:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)

DRV:64bit: - [2010-02-08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009-10-05 18:56:58 | 000,008,152 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\activmouse.sys -- (prmvmouse)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009-07-14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)

DRV:64bit: - [2009-07-09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009-05-05 18:26:00 | 000,065,152 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\activhidsermini.sys -- (ActivHidSerMini)

DRV:64bit: - [2008-11-16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV - [2010-07-26 13:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009-07-02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da-DK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 41 CC 1A D3 3A CD 01 [binary data]

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {4BC3B9E4-CB95-4A0F-87C7-574395FF04AF}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190

IE - HKCU\..\SearchScopes\{4BC3B9E4-CB95-4A0F-87C7-574395FF04AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{5A08FE4E-12DC-48D1-8016-A7D955DB6262}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "file:///C:/Users/My/Dropbox/Public/EIGHT-firefox%20start%20page+config/index.htm"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\My\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\My\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\UX 15.0a1\extensions\\Components: C:\PROGRAM FILES\UX\COMPONENTS [2012-05-08 11:15:10 | 000,000,000 | ---D | M]

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\UX 15.0a1\extensions\\Plugins: C:\PROGRAM FILES\UX\PLUGINS

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-09-18 20:03:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-12 01:12:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-04-24 23:36:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-09-16 12:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\My\AppData\Roaming\Mozilla\Extensions

[2012-05-28 17:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions

[2012-01-04 04:00:35 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2012-03-30 11:26:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011-09-17 00:53:38 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2012-05-20 03:47:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012-05-24 03:05:23 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\donottrackplus@abine.com

[2012-03-15 00:33:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\firefox@ghostery.com

[2012-03-14 02:26:29 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\foxmarks@kei.com

[2012-05-22 14:36:28 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\foxyproxy@eric.h.jung

[2012-05-18 02:17:03 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\https-everywhere@eff.org

[2012-03-22 00:00:16 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\extensions\support@lastpass.com

[2012-05-12 22:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions

[2012-04-03 03:45:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2012-05-12 22:43:53 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}

[2012-04-03 03:45:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012-04-03 03:45:18 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2012-04-03 03:45:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012-04-03 03:44:53 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\donottrackplus@abine.com

[2012-04-03 03:44:55 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\firefox@ghostery.com

[2012-04-03 03:45:02 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\foxmarks@kei.com

[2012-04-03 03:45:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\foxyproxy@eric.h.jung

[2012-05-12 22:43:52 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\https-everywhere@eff.org

[2012-04-03 03:45:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\s2ayy0rx.UX\extensions\support@lastpass.com

[2011-09-17 00:48:20 | 000,002,523 | ---- | M] () -- C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\searchplugins\google-ssl.xml

[2012-02-20 09:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011-10-30 21:48:47 | 000,020,628 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{0C8FBD76-BDEB-4C52-9B24-D587CE7B9DC3}.XPI

[2012-02-29 01:18:17 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

[2011-09-17 00:53:36 | 000,050,631 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI

[2012-05-28 17:57:45 | 000,524,866 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012-05-02 10:21:05 | 000,080,872 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI

[2012-01-06 09:53:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012-01-21 15:13:27 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI

[2012-05-11 09:42:24 | 000,114,012 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\FORCETLS@SID.STAMM.XPI

[2011-09-17 00:53:35 | 000,246,802 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI

[2012-02-02 02:17:53 | 000,034,228 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\PRIV3@ICSI.BERKELEY.EDU.XPI

[2011-09-17 00:53:35 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI

[2012-03-01 02:49:20 | 000,049,540 | ---- | M] () (No name found) -- C:\USERS\MY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YKXI9EE.DEFAULT\EXTENSIONS\TRACKERBLOCK@PRIVACYCHOICE.ORG.XPI

[2012-04-24 23:36:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-02-19 03:46:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-02-19 03:46:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\My\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\My\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\My\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\My\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Xmarks Bookmark Sync = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\

CHR - Extension: Xmarks Bookmark Sync = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak

CHR - Extension: Web Developer = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\

CHR - Extension: YouTube = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Tampermonkey = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.4.2709_0\

CHR - Extension: Do Not Track Plus = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\

CHR - Extension: HTTPS Everywhere = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2012.5.1_0\

CHR - Extension: LastPass = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\

CHR - Extension: Lazarus: Form Recovery = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\

CHR - Extension: ScriptNo = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\

CHR - Extension: Gmail = C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-05-11 18:20:59 | 000,611,719 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 swupmf.adobe.com # added after Fiddler sniff

O1 - Hosts: 127.0.0.1 www.wip.adobe.com

O1 - Hosts: 127.0.0.1 www.wip1.adobe.com

O1 - Hosts: 127.0.0.1 www.wip2.adobe.com

O1 - Hosts: 127.0.0.1 www.wip3.adobe.com

O1 - Hosts: 127.0.0.1 www.wip4.adobe.com

O1 - Hosts: 127.0.0.1 *.google-analytics.com

O1 - Hosts: 127.0.0.1 199.7.52.190

O1 - Hosts: 127.0.0.1 199.7.52.190:80

O1 - Hosts: 127.0.0.1 199.7.54.72

O1 - Hosts: 127.0.0.1 199.7.54.72:80

O1 - Hosts: 127.0.0.1 209.34.83.67

O1 - Hosts: 127.0.0.1 209.34.83.67:43

O1 - Hosts: 127.0.0.1 209.34.83.67:443

O1 - Hosts: 127.0.0.1 209.34.83.73

O1 - Hosts: 127.0.0.1 209.34.83.73:43

O1 - Hosts: 127.0.0.1 209.34.83.73:443

O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net

O1 - Hosts: 127.0.0.1 3dns.adobe.com

O1 - Hosts: 127.0.0.1 3dns-1.adobe.com

O1 - Hosts: 127.0.0.1 3dns-1.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 20732 more lines...

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows ® Win 7 DDK provider)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)

O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found

O4 - HKCU..\Run: [F.lux] C:\Users\My\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)

O4 - Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EazyPrint.lnk = C:\Program Files (x86)\EazyPrint\EazyPrint.exe (Donform Software)

O4 - Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skærmklipper og startprogram til OneNote 2010.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)

O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.150.129.4 89.150.129.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2248C4CA-C55A-49D1-9B6D-D2FCDD30F85A}: DhcpNameServer = 89.150.129.4 89.150.129.10

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-09-27 17:17:16 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O34 - HKLM BootExecute: (PDBoot.exe)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: ActivControl - hkey= - key= - C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe (Promethean Technologies Group Ltd)

MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: FileREX Update Checker - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: Livedrive - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: RiccoVPN - hkey= - key= - File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: SolutoService - C:\Program Files\Soluto\SolutoService.exe (Soluto)

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[ImInfectedIThink]

Sinces the OTL.txt file is huge i have attached it insted because else i would have had to make 10-20 post

Ekstra.txt

OTL Extras logfile created on: 30-05-2012 01:54:33 - Run 1

OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\My\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

11,91 Gb Total Physical Memory | 9,01 Gb Available Physical Memory | 75,59% Memory free

23,82 Gb Paging File | 20,68 Gb Available in Paging File | 86,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 244,38 Gb Free Space | 52,48% Space Free | Partition Type: NTFS

Drive H: | 100,00 Mb Total Space | 71,82 Mb Free Space | 71,82% Space Free | Partition Type: NTFS

Drive Z: | 460,00 Gb Total Space | 47,08 Gb Free Space | 10,23% Space Free | Partition Type: NTFS

Computer Name: MY-PC | User Name: My | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)

.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.scr [@ = DWGTrueViewScriptFile] -- C:\Windows\SysWow64\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0173BE8C-AB87-4172-A10F-300127E8F7B5}" = rport=10243 | protocol=6 | dir=out | app=system |

"{04564B47-DAB2-4E11-82A6-67A850CB15E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{24C2C306-9643-4B2A-81C1-BFC7465A65E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{37ED16FC-E20D-47CD-BA0C-AB816DBC7D14}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{53886243-829B-494D-A777-23AAE19E39B1}" = lport=10243 | protocol=6 | dir=in | app=system |

"{54E386AE-AB5D-4415-8AE6-EA548617D478}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5BA5BFB4-BBBF-4789-A1A9-3500423E347A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6F174862-EF5E-4975-8A84-880CDA114F1C}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |

"{78B82995-86DB-4C6D-B051-D7EAAFEA9764}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7E30EEC7-462C-43D7-82B1-1F69209FEB13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8C20E5BE-FF93-48E7-AA39-D647CE27A4F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B9A8B16D-8039-4FD0-A3CF-C56C39824187}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C9E646AA-A201-41E7-9813-E1283E84232D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01D6F43B-9E3E-4571-A209-538627076E4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0FF2D75B-3669-4182-ABEB-AAE79264C703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{13D7581F-F3F2-4B95-8596-91E5832B9BE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{1442588C-21F2-42EC-AE61-AF1E40FE3F93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{18925ADF-A7C8-47EB-B6BD-D43C668D9306}" = protocol=6 | dir=in | app=h:\dl\solutoinstaller.exe |

"{1B2EADB1-7ADB-41B2-B90C-A1D91EF3D236}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1F553791-4757-4301-8EC0-5120B859809C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1F8AAD05-59EF-4AFD-B468-4C7CA6A4B174}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2856C7EA-93EB-4FF0-B9BA-8476025A6F2A}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"{2ADD83C5-6AE2-44F9-BE1C-15A34C1FB78F}" = protocol=6 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal\mediaportal.exe |

"{2C7AE5E0-6312-4314-A904-329037A48794}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2CA9EFB6-C554-4476-A67F-9AB6B07CC5DB}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |

"{2AA0096F-DCEB-4273-9B1E-21F9DE2109E1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{377B0080-115F-4A03-B446-C4D594B64923}" = protocol=17 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal\mediaportal.exe |

"{41D373AE-97D6-465C-B1C7-8DC4167A66D8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{45EA4DEA-5C13-473F-A4EC-3DC1C4FC332C}" = protocol=6 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |

"{460D9DAB-4151-4685-8743-A343E325C96E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |

"{4D544E00-C815-4190-ABF2-91E2DC526CA9}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |

"{4D5D050F-B1E7-4A4D-BC40-8DA904713083}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4EEC02BE-AB45-4E9F-944E-2ABF01244132}" = protocol=17 | dir=in | app=c:\program files (x86)\battlefield 3™\bf3.exe |

"{5BA05E33-1E87-4978-B3CC-58AB0420F9BC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{6044E2B0-476C-4DA7-8FC3-B5AF1D1F87BC}" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\dropbox\bin\dropbox.exe |

"{65F5A9D0-AFC2-4FAE-B2A4-624F3821F3A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{685E2736-6E85-4335-90A8-9F753A5243E5}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |

"{6AFCB094-38BC-49A4-98BC-95C7FE9B4B74}" = protocol=17 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |

"{6C84F827-E643-4946-8D40-48BD81591C71}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |

"{706D486F-E473-46D2-BB83-101C32A124C0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{71D1DB1C-230D-4386-A79C-A066621CB28C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{729C9F3F-D288-480C-84FF-C4F0CAABD727}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |

"{77C99F9B-871F-4AF7-8F33-A0C789FF21A7}" = protocol=6 | dir=out | app=system |

"{801E7C2E-E348-4BB4-82B5-EFC690D69DA2}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |

"{82EA8CD3-F65A-4F43-BAA3-773CCC849DD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8BCE0C0F-7500-4D17-AAC9-9BB96152C8FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{94FD1CBB-A633-4455-9852-847F8F55ACA2}" = protocol=17 | dir=in | app=h:\dl\solutoinstaller.exe |

"{999C24FC-B800-48D7-828D-C81AA3B22171}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |

"{9C6F21CD-9B5E-4486-AA20-D1E87C63CCC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{A69F9AC5-69DD-41F8-8259-8DD3195C4700}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{AED329E4-0231-4DC8-AB6D-32D0C06AD804}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{AEE1618C-B58A-4006-8B2F-0FCE33C3719F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B058ED4C-860F-4765-8C9E-81F5EC7701A7}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |

"{B1F54D5B-2EA8-4760-B4E6-6E0421B89FFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B390B41A-0C47-4021-A90C-F941A435F6A1}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |

"{BC05FF59-9634-4E88-9416-9EAF81E886CB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{C06ED8DB-AE09-43FA-84AE-9B30548AF7C3}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"{C891AB79-D7C0-4AFE-A80E-36BA7CFA1342}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |

"{CF1D31B0-D182-4C08-BFC8-97435F2F119E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CFCC647C-DF29-4372-AA15-749A6F2F9EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |

"{DE4B4BF4-132D-4F7D-9AED-190032D780B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{DF90F59E-FF30-4896-8A9A-F435F92A587B}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |

"{E12B1578-544C-484D-A9E9-BFC419A902CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E8C130DF-D3F8-4113-85E0-56DC02C4C6B6}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{E951B444-0F15-4F19-867B-C01B3C536474}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |

"{E96DCB6F-E260-4772-AA6A-E7BC549AD056}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{EA6BBB8B-DAB3-4D5C-9C2C-D02660568516}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |

"{ED45284D-AE74-4711-A6FD-AA8FC13BAB4B}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |

"{EDBC2B60-A3E5-438E-A6D9-25E275C25F98}" = protocol=6 | dir=in | app=c:\program files (x86)\battlefield 3™\bf3.exe |

"{EDFFD5E2-C3C6-4A75-A306-3ADF8A90C0B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{EF192941-5F8A-481E-B824-C05BA97BB77A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7571D5F-804C-486E-A97C-EC46BA1B17CF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |

"{F9786EA5-47D2-4AE3-880E-9420CAF941ED}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |

"{F9D105B4-9550-41E2-8B96-4193FDF1EFEE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{FA2FD04D-18C3-40A3-AE9D-7F1E35290B64}" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\dropbox\bin\dropbox.exe |

"{FD663373-DDFD-4E46-87D3-50CD7DAE03CC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{FF71ECD5-5B1A-4DCA-8CE0-5505220936FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{09399F58-8541-430E-AFDB-1DE0B9EC4E48}Z:\downloads\nexposesetup-windows64.exe" = protocol=6 | dir=in | app=z:\downloads\nexposesetup-windows64.exe |

"TCP Query User{1403EA20-3AC9-41EC-AACB-97C1B6660D47}C:\users\my\documents\mobil\5-nov-2011 v.3.0\anti\anti.exe" = protocol=6 | dir=in | app=c:\users\my\documents\mobil\5-nov-2011 v.3.0\anti\anti.exe |

"TCP Query User{1672019B-F1D0-4363-B191-390978DD9698}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe |

"TCP Query User{1A701426-B7DE-4B53-BFD3-F94D0CC2C445}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |

"TCP Query User{331DF89B-8A7E-4A80-8422-7CCF71B46CD5}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |

"TCP Query User{3C19A931-9B44-45C3-A62B-9B15E0DA94AC}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"TCP Query User{403B9939-8006-4EA7-872F-1D539918D0EA}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe |

"TCP Query User{45C4D078-36CE-49F9-911E-CD25C7E40647}C:\metasploit\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\metasploit\apache2\bin\httpd.exe |

"TCP Query User{617C7D84-947B-44F3-A8BA-A7C0E5DFBA5E}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe |

"TCP Query User{8673EFF3-56DE-41CD-A585-9B95433D0674}C:\users\my\appdata\local\mobione studio\mobione 1.3.2\mobione.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\local\mobione studio\mobione 1.3.2\mobione.exe |

"TCP Query User{9314CEA9-205D-4105-A1CA-2852B3F093AB}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |

"TCP Query User{975BE30F-5795-427B-8B18-95B061058DB2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"TCP Query User{9DF9D6C0-7B4E-4642-8092-DCA8DE201A73}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |

"TCP Query User{9AAFB2E3-1110-4F3B-9582-7D9AC1A61102}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

"TCP Query User{A2A39D6A-E5B7-4F66-9CB9-4A5F482FA942}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |

"TCP Query User{C4CFC22B-3AE9-4BB8-A36F-535694926795}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe |

"TCP Query User{C51791DD-9D16-4BAC-BCD9-6292D70D0FC9}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |

"TCP Query User{DB2CE80C-87F8-42B5-B585-360451BD00E5}C:\users\my\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{E2B94915-6687-41F8-BB5B-21A0648D019D}C:\users\my\desktop\ratiomaster.net\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\my\desktop\ratiomaster.net\ratiomaster.net.exe |

"TCP Query User{E7DE8603-6402-4519-9BF0-4D339C4FB235}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{F8374BD2-7271-4A34-AC6B-E1C2698785FE}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe |

"TCP Query User{FE653F88-65EC-4D3A-9541-849E30770E20}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{04190C6C-0588-41B8-9F33-912319071D62}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"UDP Query User{04211D74-702B-4293-9FC8-7B3BB8AC751B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"UDP Query User{2F658364-354D-4B1D-8C98-2277E9AFF726}Z:\downloads\nexposesetup-windows64.exe" = protocol=17 | dir=in | app=z:\downloads\nexposesetup-windows64.exe |

"UDP Query User{3531A9E8-D066-47AE-94B3-5300C7DC1F00}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |

"UDP Query User{38ADFB0B-0544-4FCA-9EF8-E9ADEA987ECB}C:\users\my\documents\mobil\5-nov-2011 v.3.0\anti\anti.exe" = protocol=17 | dir=in | app=c:\users\my\documents\mobil\5-nov-2011 v.3.0\anti\anti.exe |

"UDP Query User{42558518-C476-4178-AAD8-413397244275}C:\users\my\appdata\local\mobione studio\mobione 1.3.2\mobione.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\local\mobione studio\mobione 1.3.2\mobione.exe |

"UDP Query User{4E142D11-E236-42A4-8835-42C6CDD7EBAC}C:\users\my\desktop\ratiomaster.net\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\my\desktop\ratiomaster.net\ratiomaster.net.exe |

"UDP Query User{52ED453A-06B6-48BB-BE0D-49A6E0241F06}C:\users\my\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{5368FA15-201C-4365-A2E7-1D9F9479073E}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe |

"UDP Query User{546B0D22-D15B-4056-B82D-CE6C78F708DB}C:\metasploit\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\metasploit\apache2\bin\httpd.exe |

"UDP Query User{78C81533-51ED-4AEA-B37C-91197BE1E2D7}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |

"UDP Query User{84F03764-F974-4AFC-A455-6FD439A5979F}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |

"UDP Query User{8AB83000-0811-4C60-A0C2-9B13B1141F40}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{9EDD7D78-45EE-4F47-BE59-95F1375B619F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

"UDP Query User{9FC6A255-18F4-4361-9AD2-123C6F79ADD6}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe |

"UDP Query User{A4A47F43-23F3-4AC9-9BD4-E84A03B5855D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{C3EEC883-3827-47D2-9F15-A62F52806847}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |

"UDP Query User{C8A966C8-5762-459A-B248-151E0C5020FA}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |

"UDP Query User{CBDBCE25-7089-436D-8A42-24113824E795}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe |

"UDP Query User{DEB2B22E-0B23-4DA1-A963-10056516B180}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe |

"UDP Query User{EF71868A-9E3E-41D5-8137-38CFF5C98EE4}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe |

"UDP Query User{AA0FA7C5-115E-4B40-A03F-6A081F737BF8}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{012C87CF-282E-4142-84F8-DCDD07F54182}" = Soluto

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit)

"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client

"{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets

"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Teknologi Monitor

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack

"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E542012-DD29-0000-B703-2376D4CC9C8F}" = Autodesk Inventor Publisher 2012

"{6E542012-DD29-0001-B703-2376D4CC9C8F}" = Autodesk Inventor Publisher 2012 Language Pack

"{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012

"{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack

"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0406-1000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2010

"{90140000-0015-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0406-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2010

"{90140000-0016-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0406-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2010

"{90140000-0018-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0406-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2010

"{90140000-0019-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0406-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2010

"{90140000-001A-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0406-1000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2010

"{90140000-001B-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0406-1000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010

"{90140000-001F-0406-1000-0000000FF1CE}_Office14.PROPLUS_{54897D82-0CE7-4A90-AEA6-AF0189AA02B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010

"{90140000-001F-041D-1000-0000000FF1CE}_Office14.PROPLUS_{735E1B03-44E8-4D55-A553-EA9E32C96F7C}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0406-1000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2010

"{90140000-002C-0406-1000-0000000FF1CE}_Office14.PROPLUS_{9473C55B-6F52-48FF-B5EE-8E60464B532A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0406-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Danish) 2010

"{90140000-0043-0406-1000-0000000FF1CE}_Office14.PROPLUS_{FD1730AD-3229-4682-BA0C-0451758B2864}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0406-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2010

"{90140000-0044-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0406-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2010

"{90140000-006E-0406-1000-0000000FF1CE}_Office14.PROPLUS_{6773C535-2853-4D04-AC06-CEB15C125BFF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0406-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2010

"{90140000-00A1-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0406-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2010

"{90140000-00BA-0406-1000-0000000FF1CE}_Office14.PROPLUS_{579EB617-2CF7-4C40-BE4F-D1CE35F956B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver

"{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}" = Fresco Logic USB3.0 Host Controller

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer

"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)

"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (64-bit)

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)

"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F651E81A-6D79-4004-9D49-DB3DA159CDD7}" = ActivDriver x64 v5.4.6

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"{FD310764-B3E5-430F-980E-D6C0016B2660}" = PerfectDisk 12.5 Professional

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in

"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English

"Autodesk Inventor Publisher 2012" = Autodesk Inventor Publisher 2012

"A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897)

"CCleaner" = CCleaner

"CyberGhost VPN_is1" = CyberGhost VPN

"Defraggler" = Defraggler

"DWG TrueView 2012" = DWG TrueView 2012

"Elantech" = ETDWare PS/2-x64 7.0.5.15_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"M-WIN-L 8.0.1 2063990_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)

"Office14.PROPLUS" = Microsoft Office Professionel Plus 2010

"Process_Hacker2_is1" = Process Hacker 2.27 (r4957)

"Sandboxie" = Sandboxie 3.68 (64-bit)

"Unlocker" = Unlocker 1.9.1-x64

"UX 15.0a1 (x64 en-US)" = UX 15.0a1 (x64 en-US)

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader

"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 3.9

"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{576D94BB-CA4A-4487-BAF1-A2DC7C29BB23}" = Diagram Designer

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop 2008

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{782E1916-7A78-47F7-9AF3-2233B83026F2}" = ActivInspire HWR Resources (INT) v1

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7970AA03-F817-4916-AE77-80DC801646CC}" = ActivInspire v1

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{8E3C0F37-2280-4043-BAD0-3C9E5EB723EC}" = Google Drive

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil

"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector

"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C8E6DE88-C7D8-FCD8-CC61-E7805D7A89C4}" = Adobe Story

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DAB49042-8178-4BCD-9E56-68CEB3D6EBB7}" = Graphmatica

"{DE718DF0-3874-4873-9BC3-3A94944C916E}_is1" = Wondershare PDF to Word (Build 3.6.0)

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{F069D2A4-D29D-4E6D-8FDA-3EBE399A3092}" = ActivInspire Help (DNK) v1

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Autodesk Design Review 2012" = Autodesk Design Review 2012

"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Chicken Invaders 3 - Revenge of the Yolk - Easter Edition3.63" = Chicken Invaders 3 - Revenge of the Yolk - Easter Edition

"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)

"CrypTool" = CrypTool 1.4.30

"DAEMON Tools Lite" = DAEMON Tools Lite

"DSMT6" = MathType 6

"EAGLE 6.0.0" = EAGLE 6.0.0

"EazyPrint 1.0" = EazyPrint 1.0

"EOS Utility" = Canon Utilities EOS Utility

"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

"ERUNT_is1" = ERUNT 1.1j

"FileZilla Client" = FileZilla Client 3.5.3

"GeoGebra" = GeoGebra

"HaaliMkx" = Haali Media Splitter

"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader

"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud

"KeyScrambler" = KeyScrambler

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MediaMonkey_is1" = MediaMonkey 4.0

"MediaPortal" = MediaPortal

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"Notepad++" = Notepad++

"Origin" = Origin

"PhotoStitch" = Canon Utilities PhotoStitch

"ProxySwitcher Standard_is1" = ProxySwitcher Standard

"Secunia PSI" = Secunia PSI (2.0.0.3003)

"SystemRequirementsLab" = System Requirements Lab

"TeamViewer 7" = TeamViewer 7

"TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software

"TmNationsForever_is1" = TmNationsForever

"Totalcmd" = Total Commander (Remove or Repair)

"TreeSize Free_is1" = TreeSize Free V2.7

"TrueCrypt" = TrueCrypt

"TunnelBear" = TunnelBear 1.0.28

"Unit Conversion Tool_is1" = Unit Conversion Tool 5.1

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.1

"VMware_Workstation" = VMware Workstation

"WampServer 2_is1" = WampServer 2.2

"WinPcapInst" = WinPcap 4.1.2

"Wireshark" = Wireshark 1.6.6

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"8C1A28F014D5B1E4398987CA544BE8A2009D0228" = Autodesk Inventor Publisher 2012 Word Add-in

"Dropbox" = Dropbox

"Flux" = F.lux

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 22-02-2012 06:04:57 | Computer Name = My-PC | Source = Application Hang | ID = 1002

Description = The program MathType.exe version 2010.8.2.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 387c Start

Time: 01ccf0d34a7aa5e6 Termination Time: 4 Application Path: C:\Program Files (x86)\MathType\MathType.exe

Report

Id: aa4db820-5d3c-11e1-9e42-f46d04bc1ebe

Error - 22-02-2012 16:11:42 | Computer Name = My-PC | Source = Application Hang | ID = 1002

Description = The program mirc.exe version 7.22.0.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 89ec Start Time:

01ccf1987c0b96d5 Termination Time: 8 Application Path: C:\Program Files (x86)\mIRC\mirc.exe

Report

Id:

Error - 22-02-2012 16:37:23 | Computer Name = My-PC | Source = Application Error | ID = 1000

Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6109.5005, time

stamp: 0x4e79b6c8 Faulting module name: OUTLOOK.EXE, version: 14.0.6109.5005, time

stamp: 0x4e79b6c8 Exception code: 0xc0000005 Fault offset: 0x0000000000055545 Faulting

process id: 0x8560 Faulting application start time: 0x01ccf19f852605bb Faulting application

path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Report Id: 05750bff-5d95-11e1-9e42-f46d04bc1ebe

Error - 22-02-2012 16:39:12 | Computer Name = My-PC | Source = Application Error | ID = 1000

Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6109.5005, time

stamp: 0x4e79b6c8 Faulting module name: OUTLOOK.EXE, version: 14.0.6109.5005, time

stamp: 0x4e79b6c8 Exception code: 0xc0000005 Fault offset: 0x0000000000055545 Faulting

process id: 0x716c Faulting application start time: 0x01ccf1a1cb39fe6e Faulting application

path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Report Id: 46a3cad4-5d95-11e1-9e42-f46d04bc1ebe

Error - 23-02-2012 04:07:12 | Computer Name = My-PC | Source = Application Hang | ID = 1002

Description = The program MathType.exe version 2010.8.2.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 18f4 Start

Time: 01ccf2006b5f36fd Termination Time: 16 Application Path: C:\Program Files (x86)\MathType\MathType.exe

Report

Id: 62c2d035-5df5-11e1-b082-9356b64baaf3

Error - 24-02-2012 08:34:34 | Computer Name = My-PC | Source = Application Hang | ID = 1002

Description = The program psi.exe version 2.0.0.3003 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1be4 Start Time:

01ccf2f081d08584 Termination Time: 0 Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

Report

Id: e680a164-5ee3-11e1-a0a3-8505de88f160

Error - 28-02-2012 09:49:24 | Computer Name = My-PC | Source = Application Hang | ID = 1002

Description = The program vnetlib64.exe version 8.0.2.28060 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 468 Start

Time: 01ccf61f5ba8bd73 Termination Time: 0 Application Path: C:\Program Files (x86)\VMware\VMware

Workstation\vnetlib64.exe Report Id: 05779508-6213-11e1-aeda-f46d04bc1ebe

Error - 28-02-2012 09:50:50 | Computer Name = My-PC | Source = Application Error | ID = 1000

Description = Faulting application name: peerblock.exe, version: 1.0.0.484, time

stamp: 0x4cb7b102 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x17ac Faulting application start time: 0x01ccf61fee2347b4 Faulting application

path: C:\Program Files\PeerBlock\peerblock.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 38beecb1-6213-11e1-aeda-f46d04bc1ebe

Error - 29-02-2012 20:49:09 | Computer Name = My-PC | Source = Application Error | ID = 1000

Description = Faulting application name: firefox.exe, version: 10.0.2.4428, time

stamp: 0x4f3cdb2a Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process

id: 0x25e0 Faulting application start time: 0x01ccf70a6a4bf166 Faulting application

path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

Id: 5a57b349-6338-11e1-8cc9-f46d04bc1ebe

Error - 05-03-2012 17:03:15 | Computer Name = My-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,

time stamp: 0x4d672ee4 Faulting module name: GDI32.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7c651 Exception code: 0xc0000005 Fault offset: 0x00000000000067e0

Faulting

process id: 0x7b0 Faulting application start time: 0x01ccfacd3d86a8eb Faulting application

path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\GDI32.dll

Report

Id: 9f9466b2-6706-11e1-955b-9b8e8449010c

[ Cisco AnyConnect VPN Client Events ]

Error - 25-03-2012 20:08:13 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 25-03-2012 20:08:18 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:

2150 Invoked Function: CChangeRouteTable::FindDefaultRouteInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 25-03-2012 20:08:18 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 25-03-2012 20:08:18 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 25-03-2012 20:08:23 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:

2150 Invoked Function: CChangeRouteTable::FindDefaultRouteInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 25-03-2012 20:08:23 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 25-03-2012 20:08:23 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 25-03-2012 20:08:28 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:

2150 Invoked Function: CChangeRouteTable::FindDefaultRouteInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 25-03-2012 20:08:28 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 25-03-2012 20:08:28 | Computer Name = My-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

[ System Events ]

Error - 28-05-2012 17:18:53 | Computer Name = My-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the SQL

Server (SQLEXPRESS) service to connect.

Error - 28-05-2012 17:18:53 | Computer Name = My-PC | Source = Service Control Manager | ID = 7000

Description = The SQL Server (SQLEXPRESS) service failed to start due to the following

error: %%1053

Error - 28-05-2012 17:19:59 | Computer Name = My-PC | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 28-05-2012 17:21:01 | Computer Name = My-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SASDIFSV

Error - 28-05-2012 19:55:10 | Computer Name = My-PC | Source = Ntfs | ID = 262281

Description = The default transaction resource manager on volume Z: encountered

a non-retryable error and could not start. The data contains the error code.

Error - 29-05-2012 02:35:13 | Computer Name = My-PC | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 29-05-2012 02:35:30 | Computer Name = My-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SASDIFSV

Error - 29-05-2012 08:20:01 | Computer Name = My-PC | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%3

Error - 29-05-2012 16:20:00 | Computer Name = My-PC | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%3

Error - 29-05-2012 20:00:00 | Computer Name = My-PC | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%3

< End of report >

OTL1.Txt

[Maurice Naggar]

I regret the delay in getting back to you. Let's have you run the Combofix tool, so I can review its output.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Likewise, disable Superantispyware if you have it set to start with Windows

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Re-enable your antivirus when done.

Edited June 3, 2012 by Maurice Naggar

[ImInfectedIThink]

It okay, i had some stuff to do, so i woundn't have replayed to you before today.

But here's the combofic log:

Combofix.log

ComboFix 12-06-03.05 - My 04-06-2012 2:32.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.12199.9438 [GMT 2:00]

Kører fra: c:\users\My\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Dannede nyt systemgendannelsespunkt

.

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\My\0.6

c:\users\My\AppData\Local\assembly\tmp

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\drivers\etc\hosts.txt

c:\windows\SysWow64\avisynth.dll

c:\windows\SysWow64\devil.dll

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2012-05-04 til 2012-06-04 )))))))))))))))))))))))))))))))))))

.

.

2012-06-04 00:40 . 2012-06-04 00:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-04 00:40 . 2012-06-04 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 00:40 . 2012-06-04 00:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-06-04 00:03 . 2012-06-04 00:03 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94C5BD81-B985-4171-B6E5-576404F50B3A}\offreg.dll

2012-06-03 07:00 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94C5BD81-B985-4171-B6E5-576404F50B3A}\mpengine.dll

2012-06-03 02:01 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-31 14:02 . 2012-05-31 14:02 -------- d-----w- c:\program files\Wireshark

2012-05-28 11:25 . 2012-05-28 11:25 -------- d-----w- c:\users\My\DoctorWeb

2012-05-28 00:00 . 2012-05-28 00:00 -------- d-----w- c:\program files (x86)\MetaGeek

2012-05-27 21:33 . 2012-05-27 21:37 -------- d-----w- c:\users\My\AppData\Roaming\QuickScan

2012-05-27 20:58 . 2012-05-27 20:58 -------- d-----w- C:\rsit

2012-05-27 20:58 . 2012-05-27 20:58 -------- d-----w- c:\program files\trend micro

2012-05-27 20:55 . 2012-05-27 20:55 -------- d-----w- c:\program files (x86)\ERUNT

2012-05-27 18:23 . 2012-05-27 18:23 -------- d-----w- c:\program files (x86)\Xirrus

2012-05-27 18:23 . 2012-05-27 18:23 -------- d-----w- c:\users\My\AppData\Roaming\Xirrus

2012-05-27 15:28 . 2012-05-27 15:28 -------- d-----w- c:\users\My\AppData\Local\Apple

2012-05-26 15:16 . 2012-05-26 16:24 -------- d-----w- c:\users\UpdatusUser\Roaming

2012-05-26 15:16 . 2012-05-26 16:24 -------- d-----w- c:\users\Public\Roaming

2012-05-26 15:16 . 2012-05-26 16:24 -------- d-----w- c:\users\My\Roaming

2012-05-26 15:16 . 2012-05-26 16:24 -------- d-----w- c:\users\Default\Roaming

2012-05-26 15:16 . 2012-05-26 16:24 -------- d-----w- c:\users\Administrator\Roaming

2012-05-26 01:40 . 2012-05-26 01:40 -------- d-----w- c:\program files\Elantech

2012-05-26 01:33 . 2012-03-07 13:48 2212656 ----a-w- c:\windows\ETDUninst.dll

2012-05-26 01:33 . 2010-09-08 17:39 129024 ----a-w- c:\windows\system32\drivers\ETD.sys

2012-05-26 01:33 . 2010-06-14 12:37 4678024 ----a-w- c:\windows\system32\ETDUI.cpl

2012-05-26 01:28 . 2010-08-24 15:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys

2012-05-26 00:00 . 2012-05-31 13:19 -------- d-----w- c:\users\My\AppData\Local\Adobe

2012-05-24 01:38 . 2006-12-01 21:37 904704 ----a-w- c:\program files\Common Files\Microsoft Shared\VC\msdia80.dll

2012-05-24 00:00 . 2012-05-24 00:00 -------- d-----w- c:\programdata\Kaspersky Lab

2012-05-21 09:07 . 2012-05-21 09:07 -------- d-----w- c:\program files (x86)\Wondershare

2012-05-20 20:20 . 2012-05-20 20:20 -------- d-----w- c:\users\My\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-05-20 20:20 . 2012-05-20 20:20 -------- d-----w- c:\users\My\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2012-05-20 20:09 . 2012-05-20 20:09 -------- d-----w- c:\program files (x86)\Adobe Story

2012-05-20 20:08 . 2012-05-20 20:08 -------- d-----w- c:\users\My\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-05-20 17:50 . 2012-04-30 18:56 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys

2012-05-20 17:50 . 2012-04-30 18:56 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe

2012-05-20 17:50 . 2012-04-30 18:56 433264 ----a-w- c:\windows\SysWow64\vmnat.exe

2012-05-20 17:50 . 2012-04-30 18:54 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2012-05-20 17:49 . 2012-04-30 18:56 942192 ------w- c:\windows\system32\vnetlib64.dll

2012-05-20 17:49 . 2012-04-30 18:55 32880 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2012-05-20 17:49 . 2011-08-29 21:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys

2012-05-20 17:49 . 2012-05-20 17:49 -------- d-----w- c:\program files (x86)\Common Files\VMware

2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\Common Files\VMware

2012-05-16 08:08 . 2012-05-16 08:08 -------- d-----w- c:\programdata\Ricoh

2012-05-15 20:39 . 2012-05-15 20:39 -------- d-----w- c:\program files\Sandboxie

2012-05-09 21:45 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 21:45 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 21:45 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 21:45 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 21:45 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 21:45 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 21:45 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 21:45 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 21:45 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 21:45 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 21:45 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 21:45 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 21:44 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-07 15:10 . 2012-05-07 15:10 -------- d-----w- c:\users\Default\AppData\Local\Google

2012-05-05 13:33 . 2012-05-05 13:33 -------- d-----w- c:\users\My\AppData\Roaming\ZoomBrowser EX

2012-05-05 13:12 . 2012-05-05 13:12 -------- d-----w- c:\users\My\AppData\Local\CANON_INC

2012-05-05 13:02 . 2012-05-05 13:02 -------- d-----w- c:\programdata\ZoomBrowser

2012-05-05 13:01 . 2012-05-05 13:02 -------- d-----w- c:\program files (x86)\Canon

2012-05-05 12:33 . 2012-05-05 12:57 -------- d-----w- c:\program files (x86)\Common Files\Canon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 21:02 . 2012-04-03 01:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-09 21:02 . 2011-09-16 11:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-30 16:26 . 2012-04-30 16:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll

2012-04-30 15:22 . 2012-04-30 15:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll

2012-04-30 15:22 . 2012-04-30 15:22 48752 ----a-w- c:\windows\system32\vnetinst.dll

2012-04-30 15:22 . 2012-04-30 15:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2012-04-30 15:22 . 2012-04-30 15:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys

2012-04-30 15:22 . 2012-04-30 15:22 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2012-04-24 15:13 . 2011-09-16 11:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-04-11 16:48 . 2012-04-11 16:48 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys

2012-04-04 13:56 . 2011-09-18 12:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 01:03 . 2012-04-03 01:03 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-04-01 00:50 . 2012-04-01 00:50 388096 ----a-r- c:\users\My\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-31 14:18 . 2011-11-26 18:44 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2012-03-20 18:44 . 2011-04-27 13:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2011-04-18 11:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-19 21:44 . 2012-03-19 21:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-19 21:44 . 2012-03-19 21:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-03-19 21:44 . 2012-03-19 21:44 439064 ----a-w- c:\windows\system32\igfxpers.exe

2012-03-19 21:44 . 2012-03-19 21:44 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-03-19 21:44 . 2012-03-19 21:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-03-19 21:44 . 2012-03-19 21:44 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-03-19 21:44 . 2012-03-19 21:44 184600 ----a-w- c:\windows\system32\difx64.exe

2012-03-19 21:44 . 2012-03-19 21:44 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-03-19 21:42 . 2012-03-19 21:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll

2012-03-19 21:32 . 2012-03-19 21:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-03-19 21:31 . 2012-03-19 21:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll

2012-03-19 21:31 . 2012-03-19 21:31 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-03-19 21:26 . 2011-03-25 23:12 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-03-19 21:25 . 2012-03-19 21:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-03-19 21:22 . 2011-01-27 06:47 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-03-19 21:11 . 2012-02-17 08:13 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-03-19 20:31 . 2012-03-19 20:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll

2012-03-19 20:21 . 2012-03-19 20:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-03-19 20:18 . 2012-03-19 20:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-03-19 20:18 . 2012-03-19 20:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-03-19 20:18 . 2012-03-19 20:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-03-19 20:18 . 2012-03-19 20:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-03-19 20:18 . 2012-03-19 20:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-03-19 20:18 . 2012-03-19 20:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-03-19 20:18 . 2012-02-17 07:25 386560 ----a-w- c:\windows\system32\igfxpph.dll

2012-03-19 20:18 . 2012-03-19 20:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-03-19 20:17 . 2012-03-19 20:17 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-03-19 20:17 . 2011-01-27 06:24 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-03-19 20:17 . 2011-01-27 06:23 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-03-19 20:17 . 2012-03-19 20:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-19 20:17 . 2012-03-19 20:17 434688 ----a-w- c:\windows\system32\igfxdev.dll

2012-03-19 20:17 . 2012-03-19 20:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-19 20:16 . 2012-03-19 20:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-03-19 20:16 . 2012-03-19 20:16 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-03-19 20:16 . 2011-01-27 06:22 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-03-19 20:12 . 2012-03-19 20:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-03-19 20:11 . 2012-03-19 20:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-03-14 08:37 . 2011-10-24 23:19 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-03-09 05:57 . 2012-04-23 19:54 545 ----a-w- c:\windows\UC.PIF

2012-03-09 05:57 . 2012-04-23 19:54 545 ----a-w- c:\windows\RAR.PIF

2012-03-09 05:57 . 2012-04-23 19:54 545 ----a-w- c:\windows\NOCLOSE.PIF

2012-03-09 05:57 . 2012-04-23 19:54 545 ----a-w- c:\windows\LHA.PIF

2012-03-09 05:57 . 2012-04-23 19:54 545 ----a-w- c:\windows\ARJ.PIF

2012-03-08 14:47 . 2012-03-08 14:47 27160 ----a-w- c:\windows\system32\drivers\PPFlt.sys

2012-03-08 14:47 . 2011-12-12 11:51 458056 ----a-w- c:\windows\SysWow64\wodVPN.ocx

2012-03-08 14:47 . 2011-12-12 11:51 420680 ----a-w- c:\windows\SysWow64\wodVPN.dll

2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-03-31 1516496]

"F.lux"="c:\users\My\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-16 11921064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-09 984400]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-07 45448]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2012-03-08 432952]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EazyPrint.lnk - c:\program files (x86)\EazyPrint\EazyPrint.exe [2012-4-30 164864]

Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

R1 SASDIFSV;SASDIFSV;c:\users\My\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-07-29 52896]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-12-06 2430128]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 116648]

R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 116648]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]

R3 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-10-18 140672]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-20 1431888]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 PDFSfilter;PDFSfilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [x]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-25 91464]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]

S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]

S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [x]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 PrivacyProtectorMP;PrivacyProtectorMP;c:\windows\system32\DRIVERS\PPFlt.sys [x]

S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

.

.

Indhold af mappen 'Planlagte Opgaver'

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 00:13]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01 00:13]

.

2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990530906-4165506631-22784256-1000Core.job

- c:\users\My\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 11:40]

.

2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990530906-4165506631-22784256-1000UA.job

- c:\users\My\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 11:40]

.

2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task fc2e808a-148f-4135-b7c7-9874a743e35c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-06-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task fde3b548-7385-447a-b9c1-74fe1b2b19e1.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-05-16 15:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-05-16 15:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-05-16 15:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-05-16 15:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-16 11485800]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-09-16 2168424]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-09-16 324096]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-18 499608]

"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]

"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Yderligere scanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: S&end til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: %SystemRoot%\system32\vsocklib.dll

TCP: DhcpNameServer = 89.150.129.4 89.150.129.10

DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab

FF - ProfilePath - c:\users\My\AppData\Roaming\Mozilla\Firefox\Profiles\2ykxi9ee.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search

FF - prefs.js: browser.startup.homepage - file:///C:/Users/My/Dropbox/Public/EIGHT-firefox%20start%20page+config/index.htm

.

- - - - TOMME GENVEJE FJERNET - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-CrypTool - c:\program files (x86)\CrypTool\uninstall.exe

.

.

.

--------------------- LÅSTE REGISTRERINGS NøGLER ---------------------

.

[HKEY_USERS\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*k*v*í4x\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*)JZ]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1990530906-4165506631-22784256-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*)JZ\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Gennemført tid: 2012-06-04 02:43:38

ComboFix-quarantined-files.txt 2012-06-04 00:43

.

Pre-Kørsel: 258.756.587.520 bytes free

Post-Kørsel: 258.592.088.064 bytes free

.

- - End Of File - - D7199E589B6A52B9BDAAD098B29DD5BF

[ImInfectedIThink]

Bump

Anything ?

[Maurice Naggar]

Apologies for not getting back to you sooner. But so far, I have not seen an infection.

I do have some questions: Is this running in a "virtual" machine?

The Hosts file looks rather odd. Why and where did you get it that way?

We can do some other checks to see if perhaps there are some hidden malware.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan
  

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://go.eset.com/u...ine-scanner/faq

  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Step 4

Copy & Paste the contents of aswMBR log

TDSSKILLER log

ESET scan log

[ImInfectedIThink]

No, My pc is not running in a virtual machine.

The host file is from Spybot - Search & Destroy

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-14 02:03:01

-----------------------------

02:03:01.737 OS Version: Windows x64 6.1.7601 Service Pack 1

02:03:01.737 Number of processors: 8 586 0x2A07

02:03:01.737 ComputerName: MY-PC UserName: My

02:03:02.912 Initialize success

02:03:59.647 AVAST engine defs: 12061301

02:04:38.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

02:04:38.257 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3

02:04:38.257 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

02:04:38.257 Disk 1 Vendor: ST950032 0003 Size: 476940MB BusType: 3

02:04:38.272 Disk 0 MBR read successfully

02:04:38.277 Disk 0 MBR scan

02:04:38.287 Disk 0 unknown MBR code

02:04:38.297 Disk 0 Partition 1 00 07 HPFS/NTFS 100 MB offset 2048

02:04:38.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 476836 MB offset 206848

02:04:38.327 Disk 0 scanning C:\Windows\system32\drivers

02:04:38.332 Service scanning

02:05:26.995 Modules scanning

02:05:27.000 Scan finished successfully

02:05:50.520 Disk 0 MBR has been saved successfully to "C:\Users\My\Desktop\MBR.dat"

02:05:50.525 The log file has been saved successfully to "C:\Users\My\Desktop\aswMBR.txt"

Here is the TDSSKILLER log:

02:07:26.0420 7180 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

02:07:26.0535 7180 ============================================================

02:07:26.0535 7180 Current date / time: 2012/06/14 02:07:26.0535

02:07:26.0535 7180 SystemInfo:

02:07:26.0535 7180

02:07:26.0535 7180 OS Version: 6.1.7601 ServicePack: 1.0

02:07:26.0535 7180 Product type: Workstation

02:07:26.0535 7180 ComputerName: MY-PC

02:07:26.0535 7180 UserName: My

02:07:26.0535 7180 Windows directory: C:\Windows

02:07:26.0535 7180 System windows directory: C:\Windows

02:07:26.0535 7180 Running under WOW64

02:07:26.0535 7180 Processor architecture: Intel x64

02:07:26.0535 7180 Number of processors: 8

02:07:26.0535 7180 Page size: 0x1000

02:07:26.0535 7180 Boot type: Normal boot

02:07:26.0535 7180 ============================================================

02:07:26.0995 7180 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

02:07:27.0060 7180 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

02:07:27.0070 7180 ============================================================

02:07:27.0070 7180 \Device\Harddisk0\DR0:

02:07:27.0070 7180 MBR partitions:

02:07:27.0070 7180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

02:07:27.0070 7180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A3522A6

02:07:27.0070 7180 \Device\Harddisk1\DR1:

02:07:27.0070 7180 MBR partitions:

02:07:27.0070 7180 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

02:07:27.0070 7180 ============================================================

02:07:27.0095 7180 Initialize success

02:07:27.0095 7180 ============================================================

02:07:58.0670 9620 ============================================================

02:07:58.0670 9620 Scan started

02:07:58.0670 9620 Mode: Manual; SigCheck; TDLFS;

02:07:58.0670 9620 ============================================================

02:07:58.0895 9620 !SASCORE - ok

02:07:58.0935 9620 1394ohci - ok

02:07:58.0940 9620 ACPI - ok

02:07:58.0940 9620 AcpiPmi - ok

02:07:58.0970 9620 ActivHidSerMini - ok

02:07:59.0000 9620 AdobeFlashPlayerUpdateSvc - ok

02:07:59.0005 9620 adp94xx - ok

02:07:59.0010 9620 adpahci - ok

02:07:59.0015 9620 adpu320 - ok

02:07:59.0020 9620 AeLookupSvc - ok

02:07:59.0040 9620 AFD - ok

02:07:59.0040 9620 agp440 - ok

02:07:59.0050 9620 ALG - ok

02:07:59.0050 9620 aliide - ok

02:07:59.0055 9620 amdide - ok

02:07:59.0060 9620 AmdK8 - ok

02:07:59.0060 9620 AmdPPM - ok

02:07:59.0065 9620 amdsata - ok

02:07:59.0065 9620 amdsbs - ok

02:07:59.0070 9620 amdxata - ok

02:07:59.0090 9620 AmUStor - ok

02:07:59.0110 9620 AppID - ok

02:07:59.0115 9620 AppIDSvc - ok

02:07:59.0140 9620 Appinfo - ok

02:07:59.0175 9620 Apple Mobile Device - ok

02:07:59.0200 9620 AppMgmt - ok

02:07:59.0200 9620 arc - ok

02:07:59.0205 9620 arcsas - ok

02:07:59.0210 9620 ASLDRService - ok

02:07:59.0215 9620 ASMMAP64 - ok

02:07:59.0230 9620 aspnet_state - ok

02:07:59.0245 9620 AsyncMac - ok

02:07:59.0245 9620 atapi - ok

02:07:59.0255 9620 AthBTPort - ok

02:07:59.0270 9620 ATHDFU - ok

02:07:59.0270 9620 Atheros Bt&Wlan Coex Agent - ok

02:07:59.0275 9620 AtherosSvc - ok

02:07:59.0280 9620 athr - ok

02:07:59.0280 9620 ATKGFNEXSrv - ok

02:07:59.0305 9620 ATKWMIACPIIO - ok

02:07:59.0320 9620 AudioEndpointBuilder - ok

02:07:59.0320 9620 AudioSrv - ok

02:07:59.0335 9620 AxInstSV - ok

02:07:59.0345 9620 b06bdrv - ok

02:07:59.0365 9620 b57nd60a - ok

02:07:59.0375 9620 BDESVC - ok

02:07:59.0395 9620 Beep - ok

02:07:59.0420 9620 BFE - ok

02:07:59.0425 9620 BITS - ok

02:07:59.0435 9620 blbdrive - ok

02:07:59.0460 9620 Bonjour Service - ok

02:07:59.0470 9620 bowser - ok

02:07:59.0490 9620 BrFiltLo - ok

02:07:59.0490 9620 BrFiltUp - ok

02:07:59.0530 9620 BridgeMP - ok

02:07:59.0535 9620 Browser - ok

02:07:59.0535 9620 Brserid - ok

02:07:59.0540 9620 BrSerWdm - ok

02:07:59.0540 9620 BrUsbMdm - ok

02:07:59.0545 9620 BrUsbSer - ok

02:07:59.0550 9620 BTATH_A2DP - ok

02:07:59.0565 9620 BTATH_BUS - ok

02:07:59.0565 9620 BTATH_HCRP - ok

02:07:59.0570 9620 BTATH_LWFLT - ok

02:07:59.0575 9620 BTATH_RCP - ok

02:07:59.0575 9620 BtFilter - ok

02:07:59.0595 9620 BthEnum - ok

02:07:59.0595 9620 BTHMODEM - ok

02:07:59.0600 9620 BthPan - ok

02:07:59.0600 9620 BTHPORT - ok

02:07:59.0615 9620 bthserv - ok

02:07:59.0630 9620 BTHUSB - ok

02:07:59.0665 9620 catchme - ok

02:07:59.0695 9620 CbFs - ok

02:07:59.0705 9620 cdfs - ok

02:07:59.0725 9620 cdrom - ok

02:07:59.0740 9620 CertPropSvc - ok

02:07:59.0750 9620 CGVPNCliSrvc - ok

02:07:59.0750 9620 circlass - ok

02:07:59.0765 9620 CLFS - ok

02:07:59.0770 9620 clr_optimization_v2.0.50727_32 - ok

02:07:59.0790 9620 clr_optimization_v2.0.50727_64 - ok

02:07:59.0800 9620 clr_optimization_v4.0.30319_32 - ok

02:07:59.0805 9620 clr_optimization_v4.0.30319_64 - ok

02:07:59.0815 9620 CmBatt - ok

02:07:59.0815 9620 cmdide - ok

02:07:59.0820 9620 CNG - ok

02:07:59.0835 9620 Compbatt - ok

02:07:59.0855 9620 CompositeBus - ok

02:07:59.0865 9620 COMSysApp - ok

02:07:59.0880 9620 cphs - ok

02:07:59.0910 9620 cpuz135 - ok

02:07:59.0920 9620 crcdisk - ok

02:07:59.0925 9620 CryptSvc - ok

02:07:59.0930 9620 CSC - ok

02:07:59.0930 9620 CscService - ok

02:07:59.0940 9620 CVirtA - ok

02:07:59.0960 9620 DcomLaunch - ok

02:07:59.0975 9620 DefragFS - ok

02:07:59.0985 9620 defragsvc - ok

02:08:00.0015 9620 DfsC - ok

02:08:00.0030 9620 dg_ssudbus - ok

02:08:00.0045 9620 Dhcp - ok

02:08:00.0050 9620 discache - ok

02:08:00.0055 9620 Disk - ok

02:08:00.0060 9620 DNE - ok

02:08:00.0065 9620 Dnscache - ok

02:08:00.0070 9620 dot3svc - ok

02:08:00.0080 9620 dot4 - ok

02:08:00.0095 9620 Dot4Print - ok

02:08:00.0100 9620 dot4usb - ok

02:08:00.0100 9620 DPS - ok

02:08:00.0110 9620 drmkaud - ok

02:08:00.0110 9620 dtsoftbus01 - ok

02:08:00.0115 9620 DXGKrnl - ok

02:08:00.0125 9620 EapHost - ok

02:08:00.0125 9620 ebdrv - ok

02:08:00.0130 9620 EFS - ok

02:08:00.0130 9620 ehRecvr - ok

02:08:00.0135 9620 ehSched - ok

02:08:00.0150 9620 elxstor - ok

02:08:00.0150 9620 ErrDev - ok

02:08:00.0170 9620 ETD - ok

02:08:00.0185 9620 EventSystem - ok

02:08:00.0205 9620 exfat - ok

02:08:00.0210 9620 fastfat - ok

02:08:00.0225 9620 Fax - ok

02:08:00.0225 9620 fdc - ok

02:08:00.0230 9620 fdPHost - ok

02:08:00.0230 9620 FDResPub - ok

02:08:00.0235 9620 FileInfo - ok

02:08:00.0235 9620 Filetrace - ok

02:08:00.0240 9620 FLEXnet Licensing Service 64 - ok

02:08:00.0240 9620 flpydisk - ok

02:08:00.0245 9620 FltMgr - ok

02:08:00.0260 9620 FLxHCIc - ok

02:08:00.0265 9620 FLxHCIh - ok

02:08:00.0270 9620 FontCache - ok

02:08:00.0275 9620 FontCache3.0.0.0 - ok

02:08:00.0285 9620 FsDepends - ok

02:08:00.0290 9620 Fs_Rec - ok

02:08:00.0300 9620 fvevol - ok

02:08:00.0315 9620 gagp30kx - ok

02:08:00.0330 9620 GEARAspiWDM - ok

02:08:00.0335 9620 gpsvc - ok

02:08:00.0350 9620 gupdate - ok

02:08:00.0360 9620 gupdatem - ok

02:08:00.0370 9620 hcmon - ok

02:08:00.0370 9620 hcw85cir - ok

02:08:00.0385 9620 HdAudAddService - ok

02:08:00.0395 9620 HDAudBus - ok

02:08:00.0400 9620 HidBatt - ok

02:08:00.0400 9620 HidBth - ok

02:08:00.0405 9620 HidIr - ok

02:08:00.0410 9620 hidserv - ok

02:08:00.0455 9620 HidUsb - ok

02:08:00.0455 9620 hkmsvc - ok

02:08:00.0470 9620 HomeGroupListener - ok

02:08:00.0485 9620 HomeGroupProvider - ok

02:08:00.0485 9620 HpSAMD - ok

02:08:00.0490 9620 HTTP - ok

02:08:00.0490 9620 hwpolicy - ok

02:08:00.0510 9620 i8042prt - ok

02:08:00.0525 9620 iaStor - ok

02:08:00.0530 9620 iaStorV - ok

02:08:00.0530 9620 idsvc - ok

02:08:00.0535 9620 igfx - ok

02:08:00.0540 9620 iirsp - ok

02:08:00.0540 9620 IKEEXT - ok

02:08:00.0555 9620 IntcAzAudAddService - ok

02:08:00.0565 9620 IntcDAud - ok

02:08:00.0570 9620 intelide - ok

02:08:00.0580 9620 intelppm - ok

02:08:00.0595 9620 IPBusEnum - ok

02:08:00.0600 9620 IpFilterDriver - ok

02:08:00.0600 9620 iphlpsvc - ok

02:08:00.0605 9620 IPMIDRV - ok

02:08:00.0605 9620 IPNAT - ok

02:08:00.0635 9620 iPod Service - ok

02:08:00.0640 9620 IRENUM - ok

02:08:00.0655 9620 isapnp - ok

02:08:00.0660 9620 iScsiPrt - ok

02:08:00.0665 9620 kbdclass - ok

02:08:00.0665 9620 kbdhid - ok

02:08:00.0670 9620 KeyIso - ok

02:08:00.0695 9620 KeyScrambler - ok

02:08:00.0695 9620 KSecDD - ok

02:08:00.0700 9620 KSecPkg - ok

02:08:00.0705 9620 ksthunk - ok

02:08:00.0705 9620 KtmRm - ok

02:08:00.0710 9620 L1C - ok

02:08:00.0715 9620 LanmanServer - ok

02:08:00.0720 9620 LanmanWorkstation - ok

02:08:00.0730 9620 lltdio - ok

02:08:00.0730 9620 lltdsvc - ok

02:08:00.0735 9620 lmhosts - ok

02:08:00.0740 9620 LSI_FC - ok

02:08:00.0745 9620 LSI_SAS - ok

02:08:00.0745 9620 LSI_SAS2 - ok

02:08:00.0750 9620 LSI_SCSI - ok

02:08:00.0750 9620 luafv - ok

02:08:00.0755 9620 MBAMProtector - ok

02:08:00.0760 9620 MBAMService - ok

02:08:00.0760 9620 Mcx2Svc - ok

02:08:00.0765 9620 megasas - ok

02:08:00.0765 9620 MegaSR - ok

02:08:00.0770 9620 MEIx64 - ok

02:08:00.0780 9620 Microsoft SharePoint Workspace Audit Service - ok

02:08:00.0795 9620 mitsijm2012 - ok

02:08:00.0795 9620 MMCSS - ok

02:08:00.0800 9620 Modem - ok

02:08:00.0800 9620 monitor - ok

02:08:00.0810 9620 mouclass - ok

02:08:00.0815 9620 mouhid - ok

02:08:00.0835 9620 mountmgr - ok

02:08:00.0880 9620 MozillaMaintenance - ok

02:08:00.0885 9620 MpFilter - ok

02:08:00.0885 9620 mpio - ok

02:08:00.0890 9620 mpsdrv - ok

02:08:00.0890 9620 MpsSvc - ok

02:08:00.0895 9620 MRxDAV - ok

02:08:00.0900 9620 mrxsmb - ok

02:08:00.0900 9620 mrxsmb10 - ok

02:08:00.0905 9620 mrxsmb20 - ok

02:08:00.0905 9620 msahci - ok

02:08:00.0910 9620 msdsm - ok

02:08:00.0910 9620 MSDTC - ok

02:08:00.0915 9620 Msfs - ok

02:08:00.0920 9620 mshidkmdf - ok

02:08:00.0925 9620 msisadrv - ok

02:08:00.0935 9620 MSiSCSI - ok

02:08:00.0940 9620 msiserver - ok

02:08:00.0965 9620 MSKSSRV - ok

02:08:00.0980 9620 MsMpSvc - ok

02:08:00.0985 9620 MSPCLOCK - ok

02:08:00.0990 9620 MSPQM - ok

02:08:00.0990 9620 MsRPC - ok

02:08:00.0995 9620 mssmbios - ok

02:08:01.0010 9620 MSSQL$SQLEXPRESS - ok

02:08:01.0025 9620 MSSQLServerADHelper100 - ok

02:08:01.0030 9620 MSTEE - ok

02:08:01.0035 9620 MTConfig - ok

02:08:01.0035 9620 Mup - ok

02:08:01.0040 9620 napagent - ok

02:08:01.0055 9620 NativeWifiP - ok

02:08:01.0065 9620 NDIS - ok

02:08:01.0065 9620 NdisCap - ok

02:08:01.0075 9620 NdisTapi - ok

02:08:01.0080 9620 Ndisuio - ok

02:08:01.0085 9620 NdisWan - ok

02:08:01.0095 9620 NDProxy - ok

02:08:01.0125 9620 Net Driver HPZ12 - ok

02:08:01.0130 9620 NetBIOS - ok

02:08:01.0130 9620 NetBT - ok

02:08:01.0135 9620 Netlogon - ok

02:08:01.0140 9620 Netman - ok

02:08:01.0155 9620 NetMsmqActivator - ok

02:08:01.0160 9620 NetPipeActivator - ok

02:08:01.0160 9620 netprofm - ok

02:08:01.0165 9620 NetTcpActivator - ok

02:08:01.0170 9620 NetTcpPortSharing - ok

02:08:01.0185 9620 nfrd960 - ok

02:08:01.0185 9620 NisDrv - ok

02:08:01.0200 9620 NisSrv - ok

02:08:01.0205 9620 NlaSvc - ok

02:08:01.0220 9620 NPF - ok

02:08:01.0220 9620 Npfs - ok

02:08:01.0225 9620 nsi - ok

02:08:01.0225 9620 nsiproxy - ok

02:08:01.0230 9620 Ntfs - ok

02:08:01.0235 9620 Null - ok

02:08:01.0255 9620 nvlddmkm - ok

02:08:01.0280 9620 nvpciflt - ok

02:08:01.0290 9620 nvraid - ok

02:08:01.0295 9620 nvstor - ok

02:08:01.0335 9620 nvsvc - ok

02:08:01.0365 9620 nvUpdatusService - ok

02:08:01.0375 9620 nv_agp - ok

02:08:01.0375 9620 ohci1394 - ok

02:08:01.0395 9620 ose64 - ok

02:08:01.0395 9620 osppsvc - ok

02:08:01.0400 9620 p2pimsvc - ok

02:08:01.0400 9620 p2psvc - ok

02:08:01.0405 9620 Parport - ok

02:08:01.0405 9620 partmgr - ok

02:08:01.0440 9620 Passthru - ok

02:08:01.0440 9620 PcaSvc - ok

02:08:01.0445 9620 pci - ok

02:08:01.0445 9620 pciide - ok

02:08:01.0450 9620 pcmcia - ok

02:08:01.0450 9620 pcw - ok

02:08:01.0455 9620 PDAgent - ok

02:08:01.0470 9620 PDEngine - ok

02:08:01.0475 9620 PDFSfilter - ok

02:08:01.0475 9620 PEAUTH - ok

02:08:01.0480 9620 PeerDistSvc - ok

02:08:01.0485 9620 PerfHost - ok

02:08:01.0490 9620 pla - ok

02:08:01.0505 9620 PlugPlay - ok

02:08:01.0530 9620 Pml Driver HPZ12 - ok

02:08:01.0530 9620 PNRPAutoReg - ok

02:08:01.0535 9620 PNRPsvc - ok

02:08:01.0535 9620 PolicyAgent - ok

02:08:01.0540 9620 Power - ok

02:08:01.0550 9620 PptpMiniport - ok

02:08:01.0555 9620 PrivacyProtectorMP - ok

02:08:01.0570 9620 prmvmouse - ok

02:08:01.0575 9620 Processor - ok

02:08:01.0575 9620 ProfSvc - ok

02:08:01.0580 9620 ProtectedStorage - ok

02:08:01.0580 9620 Psched - ok

02:08:01.0585 9620 PSI - ok

02:08:01.0590 9620 PxHlpa64 - ok

02:08:01.0600 9620 ql2300 - ok

02:08:01.0600 9620 ql40xx - ok

02:08:01.0605 9620 QWAVE - ok

02:08:01.0610 9620 QWAVEdrv - ok

02:08:01.0610 9620 RasAcd - ok

02:08:01.0615 9620 RasAgileVpn - ok

02:08:01.0615 9620 RasAuto - ok

02:08:01.0620 9620 Rasl2tp - ok

02:08:01.0630 9620 RasMan - ok

02:08:01.0635 9620 RasPppoe - ok

02:08:01.0635 9620 RasSstp - ok

02:08:01.0640 9620 rdbss - ok

02:08:01.0640 9620 rdpbus - ok

02:08:01.0645 9620 RDPCDD - ok

02:08:01.0650 9620 RDPDR - ok

02:08:01.0665 9620 RDPENCDD - ok

02:08:01.0670 9620 RDPREFMP - ok

02:08:01.0680 9620 RdpVideoMiniport - ok

02:08:01.0685 9620 RDPWD - ok

02:08:01.0685 9620 rdyboost - ok

02:08:01.0690 9620 RemoteAccess - ok

02:08:01.0695 9620 RemoteRegistry - ok

02:08:01.0695 9620 RFCOMM - ok

02:08:01.0710 9620 rpcapd - ok

02:08:01.0715 9620 RpcEptMapper - ok

02:08:01.0715 9620 RpcLocator - ok

02:08:01.0720 9620 RpcSs - ok

02:08:01.0770 9620 RsFx0105 - ok

02:08:01.0780 9620 rspndr - ok

02:08:01.0785 9620 s3cap - ok

02:08:01.0785 9620 SamSs - ok

02:08:01.0795 9620 SASDIFSV - ok

02:08:01.0800 9620 SASKUTIL - ok

02:08:01.0805 9620 SbieDrv - ok

02:08:01.0810 9620 SbieSvc - ok

02:08:01.0815 9620 sbp2port - ok

02:08:01.0825 9620 SCardSvr - ok

02:08:01.0830 9620 scfilter - ok

02:08:01.0830 9620 Schedule - ok

02:08:01.0835 9620 SCPolicySvc - ok

02:08:01.0835 9620 SDRSVC - ok

02:08:01.0840 9620 secdrv - ok

02:08:01.0840 9620 seclogon - ok

02:08:01.0845 9620 Secunia PSI Agent - ok

02:08:01.0845 9620 Secunia Update Agent - ok

02:08:01.0850 9620 SENS - ok

02:08:01.0850 9620 SensrSvc - ok

02:08:01.0855 9620 Serenum - ok

02:08:01.0865 9620 Serial - ok

02:08:01.0875 9620 sermouse - ok

02:08:01.0880 9620 SessionEnv - ok

02:08:01.0885 9620 sffdisk - ok

02:08:01.0885 9620 sffp_mmc - ok

02:08:01.0890 9620 sffp_sd - ok

02:08:01.0890 9620 sfloppy - ok

02:08:01.0905 9620 SharedAccess - ok

02:08:01.0905 9620 ShellHWDetection - ok

02:08:01.0925 9620 SiSRaid2 - ok

02:08:01.0925 9620 SiSRaid4 - ok

02:08:01.0940 9620 Smb - ok

02:08:01.0950 9620 SNMPTRAP - ok

02:08:01.0980 9620 Soluto - ok

02:08:01.0985 9620 SolutoService - ok

02:08:01.0985 9620 spldr - ok

02:08:01.0990 9620 Spooler - ok

02:08:01.0990 9620 sppsvc - ok

02:08:01.0995 9620 sppuinotify - ok

02:08:02.0010 9620 SQLAgent$SQLEXPRESS - ok

02:08:02.0015 9620 SQLBrowser - ok

02:08:02.0020 9620 SQLWriter - ok

02:08:02.0020 9620 srv - ok

02:08:02.0025 9620 srv2 - ok

02:08:02.0025 9620 srvnet - ok

02:08:02.0040 9620 SSDPSRV - ok

02:08:02.0045 9620 SstpSvc - ok

02:08:02.0050 9620 ssudmdm - ok

02:08:02.0050 9620 stexstor - ok

02:08:02.0060 9620 stisvc - ok

02:08:02.0065 9620 storflt - ok

02:08:02.0065 9620 storvsc - ok

02:08:02.0070 9620 swenum - ok

02:08:02.0085 9620 SwitchBoard - ok

02:08:02.0090 9620 swprv - ok

02:08:02.0095 9620 Synth3dVsc - ok

02:08:02.0100 9620 SysMain - ok

02:08:02.0105 9620 TabletInputService - ok

02:08:02.0115 9620 tap0901 - ok

02:08:02.0120 9620 TapiSrv - ok

02:08:02.0125 9620 TBS - ok

02:08:02.0125 9620 Tcpip - ok

02:08:02.0130 9620 TCPIP6 - ok

02:08:02.0135 9620 tcpipreg - ok

02:08:02.0135 9620 TDPIPE - ok

02:08:02.0140 9620 TDTCP - ok

02:08:02.0145 9620 tdx - ok

02:08:02.0170 9620 TeamViewer7 - ok

02:08:02.0175 9620 TermDD - ok

02:08:02.0175 9620 TermService - ok

02:08:02.0180 9620 Themes - ok

02:08:02.0180 9620 THREADORDER - ok

02:08:02.0185 9620 TrkWks - ok

02:08:02.0225 9620 truecrypt - ok

02:08:02.0230 9620 TrustedInstaller - ok

02:08:02.0235 9620 tssecsrv - ok

02:08:02.0235 9620 TsUsbFlt - ok

02:08:02.0240 9620 tsusbhub - ok

02:08:02.0245 9620 tunnel - ok

02:08:02.0250 9620 TurboB - ok

02:08:02.0255 9620 TurboBoost - ok

02:08:02.0255 9620 uagp35 - ok

02:08:02.0260 9620 udfs - ok

02:08:02.0265 9620 UI0Detect - ok

02:08:02.0280 9620 uliagpkx - ok

02:08:02.0285 9620 umbus - ok

02:08:02.0290 9620 UmPass - ok

02:08:02.0295 9620 UmRdpService - ok

02:08:02.0295 9620 upnphost - ok

02:08:02.0310 9620 USBAAPL64 - ok

02:08:02.0315 9620 usbccgp - ok

02:08:02.0320 9620 usbcir - ok

02:08:02.0320 9620 usbehci - ok

02:08:02.0325 9620 usbhub - ok

02:08:02.0330 9620 usbohci - ok

02:08:02.0335 9620 usbprint - ok

02:08:02.0335 9620 USBSTOR - ok

02:08:02.0340 9620 usbuhci - ok

02:08:02.0350 9620 usbvideo - ok

02:08:02.0350 9620 UxSms - ok

02:08:02.0355 9620 VaultSvc - ok

02:08:02.0360 9620 vdrvroot - ok

02:08:02.0360 9620 vds - ok

02:08:02.0365 9620 vga - ok

02:08:02.0370 9620 VgaSave - ok

02:08:02.0370 9620 VGPU - ok

02:08:02.0375 9620 vhdmp - ok

02:08:02.0375 9620 viaide - ok

02:08:02.0390 9620 VideAceWindowsService - ok

02:08:02.0405 9620 VMAuthdService - ok

02:08:02.0410 9620 vmbus - ok

02:08:02.0410 9620 VMBusHID - ok

02:08:02.0425 9620 vmci - ok

02:08:02.0440 9620 vmkbd - ok

02:08:02.0445 9620 VMnetAdapter - ok

02:08:02.0450 9620 VMnetBridge - ok

02:08:02.0455 9620 VMnetDHCP - ok

02:08:02.0460 9620 VMnetuserif - ok

02:08:02.0460 9620 VMUSBArbService - ok

02:08:02.0470 9620 VMware NAT Service - ok

02:08:02.0475 9620 VMwareHostd - ok

02:08:02.0485 9620 vmx86 - ok

02:08:02.0495 9620 volmgr - ok

02:08:02.0500 9620 volmgrx - ok

02:08:02.0500 9620 volsnap - ok

02:08:02.0515 9620 vpnagent - ok

02:08:02.0520 9620 vpnva - ok

02:08:02.0525 9620 vsmraid - ok

02:08:02.0530 9620 VSPerfDrv100 - ok

02:08:02.0530 9620 VSS - ok

02:08:02.0535 9620 vstor2-mntapi10-shared - ok

02:08:02.0540 9620 vwifibus - ok

02:08:02.0555 9620 VWiFiFlt - ok

02:08:02.0570 9620 vwifimp - ok

02:08:02.0585 9620 W32Time - ok

02:08:02.0585 9620 WacomPen - ok

02:08:02.0605 9620 wampapache - ok

02:08:02.0615 9620 wampmysqld - ok

02:08:02.0635 9620 WANARP - ok

02:08:02.0640 9620 Wanarpv6 - ok

02:08:02.0645 9620 WatAdminSvc - ok

02:08:02.0645 9620 wbengine - ok

02:08:02.0650 9620 WbioSrvc - ok

02:08:02.0655 9620 wcncsvc - ok

02:08:02.0655 9620 WcsPlugInService - ok

02:08:02.0660 9620 Wd - ok

02:08:02.0660 9620 Wdf01000 - ok

02:08:02.0665 9620 WdiServiceHost - ok

02:08:02.0670 9620 WdiSystemHost - ok

02:08:02.0670 9620 WebClient - ok

02:08:02.0675 9620 Wecsvc - ok

02:08:02.0675 9620 wercplsupport - ok

02:08:02.0680 9620 WerSvc - ok

02:08:02.0685 9620 WfpLwf - ok

02:08:02.0685 9620 WIMMount - ok

02:08:02.0690 9620 WinDefend - ok

02:08:02.0695 9620 WinHttpAutoProxySvc - ok

02:08:02.0700 9620 Winmgmt - ok

02:08:02.0705 9620 WinRM - ok

02:08:02.0710 9620 WinUsb - ok

02:08:02.0710 9620 Wlansvc - ok

02:08:02.0715 9620 WmiAcpi - ok

02:08:02.0720 9620 wmiApSrv - ok

02:08:02.0725 9620 WMPNetworkSvc - ok

02:08:02.0730 9620 WPCSvc - ok

02:08:02.0730 9620 WPDBusEnum - ok

02:08:02.0735 9620 ws2ifsl - ok

02:08:02.0735 9620 wscsvc - ok

02:08:02.0755 9620 WSDPrintDevice - ok

02:08:02.0755 9620 WSearch - ok

02:08:02.0760 9620 wuauserv - ok

02:08:02.0765 9620 WudfPf - ok

02:08:02.0770 9620 WUDFRd - ok

02:08:02.0775 9620 wudfsvc - ok

02:08:02.0780 9620 WwanSvc - ok

02:08:02.0840 9620 MBR (0x1B8) (422af79487a55c27ce4bfd48d84ce830) \Device\Harddisk0\DR0

02:08:03.0240 9620 \Device\Harddisk0\DR0 - ok

02:08:03.0245 9620 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1

02:08:04.0980 9620 \Device\Harddisk1\DR1 - ok

02:08:05.0035 9620 Boot (0x1200) (f7f1ae29cd48c43bb4d1b26e8462753b) \Device\Harddisk0\DR0\Partition0

02:08:05.0035 9620 \Device\Harddisk0\DR0\Partition0 - ok

02:08:05.0045 9620 Boot (0x1200) (b90e7c7f988f92e5cf9ce246da049f6b) \Device\Harddisk0\DR0\Partition1

02:08:05.0050 9620 \Device\Harddisk0\DR0\Partition1 - ok

02:08:05.0080 9620 Boot (0x1200) (8dc0c43575d09bc70c5d1cff6c9635aa) \Device\Harddisk1\DR1\Partition0

02:08:05.0085 9620 \Device\Harddisk1\DR1\Partition0 - ok

02:08:05.0085 9620 ============================================================

02:08:05.0085 9620 Scan finished

02:08:05.0085 9620 ============================================================

02:08:05.0090 8580 Detected object count: 0

02:08:05.0090 8580 Actual detected object count: 0

The ESET software didn't leave any log, and didn't find anything.

[ImInfectedIThink]

If you dont finde anthing in the logs, I just think the pc needs a reinstallation of windows. Eve had the pc around 2 years were I many times had both of my hdd's fuld of stuff, and deleted stuff. But thansk for the help.

[Maurice Naggar]

The aswMBR & TDSSKILLER results are ok. If you have decided on a fresh/clean install of Windows 7, let me know that.

If you want to do a MBAM scan before that (just to see what may be overlooked), then first turn OFF MSE antivirus.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

[ImInfectedIThink]

I think I just want to do a clean install, but thanks you many times. You guys have a very good service !

[Maurice Naggar]

You are welcome.

Needless to say, with a clean install you will lose personal documents, files, etc.

So be sure you have saved those to offline media. Have also the setup program for your antivirus app on-hand, saved offile as well.

You may use this document as a guide on clean install of Winndows 7 http://www.sevenforu...=General%20Tips

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.