Jump to content

hunts

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by hunts

  1. ComboFix 12-07-10.01 - Rich 07/10/2012 8:07.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.2416 [GMT -4:00] Running from: c:\users\Rich\Desktop\Virus Utilities\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\explorer c:\program files\explorer\AddressParser\AddressParserConfiguration.xml c:\program files\explorer\AddressParser\parser_andorra.xml c:\program files\explorer\AddressParser\parser_austria.xml c:\program files\explorer\AddressParser\parser_belgium.xml c:\program files\explorer\AddressParser\parser_canada.xml c:\program files\explorer\AddressParser\parser_denmark.xml c:\program files\explorer\AddressParser\parser_france.xml c:\program files\explorer\AddressParser\parser_germany.xml c:\program files\explorer\AddressParser\parser_ireland.xml c:\program files\explorer\AddressParser\parser_italy.xml c:\program files\explorer\AddressParser\parser_liechtenstein.xml c:\program files\explorer\AddressParser\parser_luxembourg.xml c:\program files\explorer\AddressParser\parser_monaco.xml c:\program files\explorer\AddressParser\parser_netherlands.xml c:\program files\explorer\AddressParser\parser_norway.xml c:\program files\explorer\AddressParser\parser_portugal.xml c:\program files\explorer\AddressParser\parser_spain.xml c:\program files\explorer\AddressParser\parser_sweden.xml c:\program files\explorer\AddressParser\parser_switzerland.xml c:\program files\explorer\AddressParser\parser_uk.xml c:\program files\explorer\AddressParser\parser_usa.xml c:\program files\explorer\basemaps\basemaps.de.xml c:\program files\explorer\basemaps\basemaps.es.xml c:\program files\explorer\basemaps\basemaps.fr.xml c:\program files\explorer\basemaps\basemaps.ja-jp.xml c:\program files\explorer\basemaps\basemaps.xml c:\program files\explorer\basemaps\basemaps.zh-CN.xml c:\program files\explorer\basemaps\Server\basemap0.nmf c:\program files\explorer\basemaps\Server\basemap0.png c:\program files\explorer\basemaps\Server\basemap1.nmf c:\program files\explorer\basemaps\Server\basemap1.png c:\program files\explorer\basemaps\Server\basemap10.nmf c:\program files\explorer\basemaps\Server\basemap10.png c:\program files\explorer\basemaps\Server\basemap11.nmf c:\program files\explorer\basemaps\Server\basemap11.png c:\program files\explorer\basemaps\Server\basemap2.nmf c:\program files\explorer\basemaps\Server\basemap2.png c:\program files\explorer\basemaps\Server\basemap3.nmf c:\program files\explorer\basemaps\Server\basemap3.png c:\program files\explorer\basemaps\Server\basemap4.nmf c:\program files\explorer\basemaps\Server\basemap4.png c:\program files\explorer\basemaps\Server\basemap5.nmf c:\program files\explorer\basemaps\Server\basemap5.png c:\program files\explorer\basemaps\Server\basemap6.nmf c:\program files\explorer\basemaps\Server\basemap6.png c:\program files\explorer\basemaps\Server\basemap7.nmf c:\program files\explorer\basemaps\Server\basemap7.png c:\program files\explorer\basemaps\Server\basemap8.nmf c:\program files\explorer\basemaps\Server\basemap8.png c:\program files\explorer\basemaps\Server\basemap9.nmf c:\program files\explorer\basemaps\Server\basemap9.png c:\program files\explorer\basemaps\Server\basemaps.de.xml c:\program files\explorer\basemaps\Server\basemaps.es.xml c:\program files\explorer\basemaps\Server\basemaps.fr.xml c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml c:\program files\explorer\basemaps\Server\basemaps.xml c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml c:\program files\explorer\bin\3dAnalystUtil.dll c:\program files\explorer\bin\3DSymbols.dll c:\program files\explorer\bin\3DSymbolsLib.dll c:\program files\explorer\bin\AfCore.dll c:\program files\explorer\bin\AfUtil.dll c:\program files\explorer\bin\AGSClient.dll c:\program files\explorer\bin\aibase.dll c:\program files\explorer\bin\aifeat.dll c:\program files\explorer\bin\AISClient.dll c:\program files\explorer\bin\AISGlobalLib.dll c:\program files\explorer\bin\aishape.dll c:\program files\explorer\bin\Animation.dll c:\program files\explorer\bin\AnnoLayer.dll c:\program files\explorer\bin\Annotation.dll c:\program files\explorer\bin\AnnotationLib.dll c:\program files\explorer\bin\AoInitializer.dll c:\program files\explorer\bin\AppInitializerLib.dll c:\program files\explorer\bin\ApplicationConfigurationManager.exe c:\program files\explorer\bin\ArcGISExplorer.ISCConfig c:\program files\explorer\bin\atl71.dll c:\program files\explorer\bin\BasemapLayer.dll c:\program files\explorer\bin\BasicRasterPicture.dll c:\program files\explorer\bin\BGLAPI.dll c:\program files\explorer\bin\BGLAPILib.dll c:\program files\explorer\bin\BGLFontEngine.dll c:\program files\explorer\bin\BGLGeomChestLib.dll c:\program files\explorer\bin\BGLGeometricEffects.dll c:\program files\explorer\bin\BGLImageCoders.dll c:\program files\explorer\bin\BGLRasterizerLib.dll c:\program files\explorer\bin\BGLRasterizerSW.dll c:\program files\explorer\bin\BGLSymbols.dll c:\program files\explorer\bin\BGLSymbolsLib.dll c:\program files\explorer\bin\BGLToGDIHelper.dll c:\program files\explorer\bin\bin.zreg c:\program files\explorer\bin\CacheRasterDB.dll c:\program files\explorer\bin\CadastralFabric.dll c:\program files\explorer\bin\CadastralFabricLayer.dll c:\program files\explorer\bin\CadEngine.dll c:\program files\explorer\bin\CadFDB.dll c:\program files\explorer\bin\CadLayer.dll c:\program files\explorer\bin\CadWorkspaceFactory.dll c:\program files\explorer\bin\Camera.dll c:\program files\explorer\bin\CartoControlsLib.dll c:\program files\explorer\bin\CartoConverter.dll c:\program files\explorer\bin\CartoXLib.dll c:\program files\explorer\bin\CIM.dll c:\program files\explorer\bin\CIMLib.dll c:\program files\explorer\bin\Color.dll c:\program files\explorer\bin\ComplexSymbols.dll c:\program files\explorer\bin\CompressedDataFile.dll c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg c:\program files\explorer\bin\DADFLib.dll c:\program files\explorer\bin\DaeLib.dll c:\program files\explorer\bin\DataConverterLib.dll c:\program files\explorer\bin\dbghelp.dll c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll c:\program files\explorer\bin\de\DADFRes.dll c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll c:\program files\explorer\bin\de\ResToolkitPro.dll c:\program files\explorer\bin\DECoreLib.dll c:\program files\explorer\bin\DFORRT.DLL c:\program files\explorer\bin\Display.dll c:\program files\explorer\bin\DisplayFeedback.dll c:\program files\explorer\bin\DisplayGraph.dll c:\program files\explorer\bin\DisplayLib.dll c:\program files\explorer\bin\DistributedGeodbLib.dll c:\program files\explorer\bin\DynamicDisplay.dll c:\program files\explorer\bin\e3.config.xml c:\program files\explorer\bin\E3.exe c:\program files\explorer\bin\E3.exe.config c:\program files\explorer\bin\E3Control.dll c:\program files\explorer\bin\E3EmailHelper.exe c:\program files\explorer\bin\EngineGraphics.dll c:\program files\explorer\bin\EnginePackager.dll c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll c:\program files\explorer\bin\es\DADFRes.dll c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll c:\program files\explorer\bin\es\ResToolkitPro.dll c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll c:\program files\explorer\bin\ESRI.DADF.Core.dll c:\program files\explorer\bin\ESRI.DADF.dll c:\program files\explorer\bin\esrizip.exe c:\program files\explorer\bin\Export.dll c:\program files\explorer\bin\ExtTopoEngine.dll c:\program files\explorer\bin\FdaCore.dll c:\program files\explorer\bin\FdaCoreLib.dll c:\program files\explorer\bin\FdaRel.dll c:\program files\explorer\bin\FeatureDataConverter.dll c:\program files\explorer\bin\FeatureDataElements.dll c:\program files\explorer\bin\FeatureLayer.dll c:\program files\explorer\bin\FeatureLayerLib.dll c:\program files\explorer\bin\FgdbRasterDB.dll c:\program files\explorer\bin\FgdbUtilLib.dll c:\program files\explorer\bin\FileDataElements.dll c:\program files\explorer\bin\FileDBCoreLib.dll c:\program files\explorer\bin\FileGDB.dll c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll c:\program files\explorer\bin\fr\DADFRes.dll c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll c:\program files\explorer\bin\fr\ResToolkitPro.dll c:\program files\explorer\bin\FunctionRasterDB.dll c:\program files\explorer\bin\gdal16.dll c:\program files\explorer\bin\GdalRasterDB.dll c:\program files\explorer\bin\GdbCatalog.dll c:\program files\explorer\bin\GdbCore.dll c:\program files\explorer\bin\GdbCoreLib.dll c:\program files\explorer\bin\GdbNet.dll c:\program files\explorer\bin\GdbTopo.dll c:\program files\explorer\bin\GeoDataExtraction.dll c:\program files\explorer\bin\GeoDataServer.dll c:\program files\explorer\bin\GeoDataTransfer.dll c:\program files\explorer\bin\Geometry.dll c:\program files\explorer\bin\GeoprocessingLib.dll c:\program files\explorer\bin\GeoProcessor.dll c:\program files\explorer\bin\GeoRSSPlugin.dll c:\program files\explorer\bin\glew32.dll c:\program files\explorer\bin\Globe.dll c:\program files\explorer\bin\GlobeCamera.dll c:\program files\explorer\bin\GlobeClient.dll c:\program files\explorer\bin\GlobeCoreLib.dll c:\program files\explorer\bin\GlobeDisplay.dll c:\program files\explorer\bin\GlobeLayers.dll c:\program files\explorer\bin\GlobeServer.dll c:\program files\explorer\bin\GlobeServerLayer.dll c:\program files\explorer\bin\GlobeViewerCoreLib.dll c:\program files\explorer\bin\GPClient.dll c:\program files\explorer\bin\GpObjects.dll c:\program files\explorer\bin\GpPythonCore.dll c:\program files\explorer\bin\GPRasterFunctions.dll c:\program files\explorer\bin\GraphicElements.dll c:\program files\explorer\bin\hd420m.dll c:\program files\explorer\bin\hdf5dll.dll c:\program files\explorer\bin\hm420m.dll c:\program files\explorer\bin\icudt40.dll c:\program files\explorer\bin\icuin40.dll c:\program files\explorer\bin\icuio40.dll c:\program files\explorer\bin\icule40.dll c:\program files\explorer\bin\icuuc40.dll c:\program files\explorer\bin\ImageAccessLib.dll c:\program files\explorer\bin\ImageClient.dll c:\program files\explorer\bin\ImageServer.dll c:\program files\explorer\bin\ImageServerLayer.dll c:\program files\explorer\bin\IMSConnector.dll c:\program files\explorer\bin\ImsFDB.dll c:\program files\explorer\bin\IMSLayer.dll c:\program files\explorer\bin\IMSLayerLib.dll c:\program files\explorer\bin\IMSServiceLib.dll c:\program files\explorer\bin\ImsWorkspaceFactory.dll c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll c:\program files\explorer\bin\InputDevice3Dx.dll c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll c:\program files\explorer\bin\ja-JP\DADFRes.dll c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll c:\program files\explorer\bin\kdu61.dll c:\program files\explorer\bin\KmlLayer.dll c:\program files\explorer\bin\LabelPlacement.dll c:\program files\explorer\bin\Layer.dll c:\program files\explorer\bin\LayerLib.dll c:\program files\explorer\bin\lcms117lib.dll c:\program files\explorer\bin\libcollada14dom21.dll c:\program files\explorer\bin\libcurl.dll c:\program files\explorer\bin\lti_dsdk_dll.dll c:\program files\explorer\bin\Map.dll c:\program files\explorer\bin\MapClient.dll c:\program files\explorer\bin\MapDB.dll c:\program files\explorer\bin\MapElements.dll c:\program files\explorer\bin\MaplexEngineLib.dll c:\program files\explorer\bin\MapLib.dll c:\program files\explorer\bin\MappingCore.dll c:\program files\explorer\bin\MappingCoreLib.dll c:\program files\explorer\bin\MappingServicesLib.dll c:\program files\explorer\bin\MapServer.dll c:\program files\explorer\bin\MapServerLayer.dll c:\program files\explorer\bin\Marker3DFile.dll c:\program files\explorer\bin\MessageSupport.dll c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll c:\program files\explorer\bin\MosaicDB.dll c:\program files\explorer\bin\msvcp71.dll c:\program files\explorer\bin\msvcr71.dll c:\program files\explorer\bin\Navigation.dll c:\program files\explorer\bin\NetEngine80.dll c:\program files\explorer\bin\Network.dll c:\program files\explorer\bin\NetworkAnalystSolvers.dll c:\program files\explorer\bin\NetworkDataset.dll c:\program files\explorer\bin\OGCClient.dll c:\program files\explorer\bin\OleFDB.dll c:\program files\explorer\bin\OutputLib.dll c:\program files\explorer\bin\PageLayout.dll c:\program files\explorer\bin\pe.dll c:\program files\explorer\bin\PlugInDataSource.dll c:\program files\explorer\bin\PlugInWorkspaceFactory.dll c:\program files\explorer\bin\PrintOut.dll c:\program files\explorer\bin\RasterAnalysisUtilLib.dll c:\program files\explorer\bin\RasterCatalog.dll c:\program files\explorer\bin\RasterCoreLib.dll c:\program files\explorer\bin\RasterDB.dll c:\program files\explorer\bin\RasterEngine.dll c:\program files\explorer\bin\RasterFormats.dat c:\program files\explorer\bin\RasterGraphicElements.dll c:\program files\explorer\bin\RasterIO.dll c:\program files\explorer\bin\RasterLayer.dll c:\program files\explorer\bin\RasterRenderer.dll c:\program files\explorer\bin\RasterWorkspaceFactory.dll c:\program files\explorer\bin\Renderers.dll c:\program files\explorer\bin\RepresentationDB.dll c:\program files\explorer\bin\RepresentationEffects.dll c:\program files\explorer\bin\RepresentationLayer.dll c:\program files\explorer\bin\RepresentationLib.dll c:\program files\explorer\bin\RepresentationSymbols.dll c:\program files\explorer\bin\SceneFilters.dll c:\program files\explorer\bin\SceneGraph.dll c:\program files\explorer\bin\sdcdbx.dll c:\program files\explorer\bin\SDCPlugIn.dll c:\program files\explorer\bin\sde.dll c:\program files\explorer\bin\SdeFDB.dll c:\program files\explorer\bin\SdeRasterDB.dll c:\program files\explorer\bin\sdesetup.dll c:\program files\explorer\bin\SdeWorkspaceFactory.dll c:\program files\explorer\bin\ServerStyleGallery.dll c:\program files\explorer\bin\sg.dll c:\program files\explorer\bin\ShapefileFDB.dll c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll c:\program files\explorer\bin\SimpleDataConverter.dll c:\program files\explorer\bin\StyleGalleryClasses.dll c:\program files\explorer\bin\SystemUIUtil.dll c:\program files\explorer\bin\Terrain.dll c:\program files\explorer\bin\TerrainLayer.dll c:\program files\explorer\bin\TextFileWorkspaceFactory.dll c:\program files\explorer\bin\TextureCookerService.exe c:\program files\explorer\bin\TinDb.dll c:\program files\explorer\bin\TinEngine.dll c:\program files\explorer\bin\TinLayer.dll c:\program files\explorer\bin\TinRenderer.dll c:\program files\explorer\bin\TinWorkspaceFactory.dll c:\program files\explorer\bin\ViewerCoreLib.dll c:\program files\explorer\bin\VpfFDB.dll c:\program files\explorer\bin\VpfWorkspaceFactory.dll c:\program files\explorer\bin\WebServices.dll c:\program files\explorer\bin\WMSLayer.dll c:\program files\explorer\bin\xerces-c_2_7.dll c:\program files\explorer\bin\XmlSupport.dat c:\program files\explorer\bin\XMLSupport.dll c:\program files\explorer\bin\XYEvents.dll c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll c:\program files\explorer\bin\zh-CN\DADFRes.dll c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll c:\program files\explorer\bin\zlib1.dll c:\program files\explorer\bin\zlibwapi.dll c:\program files\explorer\ColorProfiles\esriGray22.icc c:\program files\explorer\ColorProfiles\Lab2Lab.icm c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm c:\program files\explorer\com\com.zreg c:\program files\explorer\com\esriE3.olb c:\program files\explorer\license\ExplorerEnglishLicense.pdf c:\program files\explorer\license\ExplorerFrenchLicense.pdf c:\program files\explorer\license\ExplorerGermanLicense.pdf c:\program files\explorer\license\ExplorerJapaneseLicense.pdf c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf c:\program files\explorer\license\ExplorerSpanishLicense.pdf c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet c:\program files\explorer\PackageTemplates\Package931.template c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt c:\program files\explorer\pedata\gdaldata\ecw_cs.dat c:\program files\explorer\pedata\gdaldata\ellipsoid.csv c:\program files\explorer\pedata\gdaldata\epsg.wkt c:\program files\explorer\pedata\gdaldata\esri_extra.wkt c:\program files\explorer\pedata\gdaldata\gcs.csv c:\program files\explorer\pedata\gdaldata\gdal_datum.csv c:\program files\explorer\pedata\gdaldata\gdalicon.png c:\program files\explorer\pedata\gdaldata\pcs.csv c:\program files\explorer\pedata\gdaldata\prime_meridian.csv c:\program files\explorer\pedata\gdaldata\projop_wparm.csv c:\program files\explorer\pedata\gdaldata\s57attributes.csv c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv c:\program files\explorer\pedata\gdaldata\seed_2d.dgn c:\program files\explorer\pedata\gdaldata\seed_3d.dgn c:\program files\explorer\pedata\gdaldata\stateplane.csv c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv c:\program files\explorer\plugins\explorerCore.ecfg c:\program files\explorer\schemas\ExplorerAddIn.xsd c:\program files\explorer\schemas\ExplorerGeometry.xsd c:\program files\explorer\schemas\NmfDocument.xsd c:\program files\explorer\Styles\default.css c:\program files\explorer\Styles\Directions\CheckeredFlag16.png c:\program files\explorer\Styles\Directions\GreenFlag16.png c:\program files\explorer\Styles\Directions\Print16.png c:\program files\explorer\Styles\ExplorerColors.de.xml c:\program files\explorer\Styles\ExplorerColors.es.xml c:\program files\explorer\Styles\ExplorerColors.fr.xml c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml c:\program files\explorer\Styles\ExplorerColors.xml c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml c:\program files\explorer\Styles\ExplorerSymbols.de.xml c:\program files\explorer\Styles\ExplorerSymbols.es.xml c:\program files\explorer\Styles\ExplorerSymbols.fr.xml c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml c:\program files\explorer\Styles\ExplorerSymbols.xml c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml c:\program files\explorer\Styles\kml.css c:\program files\explorer\Styles\KMLIcons\american-flag.png c:\program files\explorer\Styles\KMLIcons\arrow.png c:\program files\explorer\Styles\KMLIcons\asian-flag.png c:\program files\explorer\Styles\KMLIcons\auto-service.png c:\program files\explorer\Styles\KMLIcons\auto.png c:\program files\explorer\Styles\KMLIcons\bang.png c:\program files\explorer\Styles\KMLIcons\bars.png c:\program files\explorer\Styles\KMLIcons\building.png c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png c:\program files\explorer\Styles\KMLIcons\crosshair.png c:\program files\explorer\Styles\KMLIcons\dining.png c:\program files\explorer\Styles\KMLIcons\dining_16.png c:\program files\explorer\Styles\KMLIcons\dot.png c:\program files\explorer\Styles\KMLIcons\fast-food.png c:\program files\explorer\Styles\KMLIcons\four-dollars.png c:\program files\explorer\Styles\KMLIcons\french-flag.png c:\program files\explorer\Styles\KMLIcons\hand.png c:\program files\explorer\Styles\KMLIcons\high_res_places.png c:\program files\explorer\Styles\KMLIcons\highway_16.png c:\program files\explorer\Styles\KMLIcons\italian-flag.png c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png c:\program files\explorer\Styles\KMLIcons\mexican-flag.png c:\program files\explorer\Styles\KMLIcons\misc_dining.png c:\program files\explorer\Styles\KMLIcons\note.png c:\program files\explorer\Styles\KMLIcons\one-dollar.png c:\program files\explorer\Styles\KMLIcons\palette-2.png c:\program files\explorer\Styles\KMLIcons\palette-3.png c:\program files\explorer\Styles\KMLIcons\palette-4.png c:\program files\explorer\Styles\KMLIcons\palette-5.png c:\program files\explorer\Styles\KMLIcons\parks.png c:\program files\explorer\Styles\KMLIcons\recreation.png c:\program files\explorer\Styles\KMLIcons\school_16.png c:\program files\explorer\Styles\KMLIcons\search.png c:\program files\explorer\Styles\KMLIcons\streamed_layer.png c:\program files\explorer\Styles\KMLIcons\streamed_layers.png c:\program files\explorer\Styles\KMLIcons\terrain_16.png c:\program files\explorer\Styles\KMLIcons\three-dollars.png c:\program files\explorer\Styles\KMLIcons\transportation.png c:\program files\explorer\Styles\KMLIcons\two-dollars.png c:\program files\explorer\Styles\KMLIcons\webcam_16.png c:\program files\explorer\Styles\SlideTitleStyles.de.xml c:\program files\explorer\Styles\SlideTitleStyles.es.xml c:\program files\explorer\Styles\SlideTitleStyles.fr.xml c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml c:\program files\explorer\Styles\SlideTitleStyles.xml c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml c:\program files\explorer\Styles\StyleSheet.xsl c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png c:\program files\explorer\Styles\SymbolImages\Civic\City.png c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png c:\program files\explorer\Styles\SymbolImages\Civic\Office.png c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png c:\program files\explorer\Styles\SymbolImages\Civic\School.png c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png c:\program files\explorer\Styles\SymbolImages\Health\Health.png c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png c:\program files\explorer\Styles\Template.ncfg c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml c:\program files\explorer\TilingSchemes\Yahoo.xml c:\users\Public\Lightroom_4_LS11.exe c:\users\Rich\g2mdlhlpx.exe c:\windows\assembly\GAC\Desktop.ini D:\Autorun.inf . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 12:16 . 2012-07-10 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-09 19:30 . 2012-07-09 19:30 -------- d-----w- C:\_OTL 2012-07-07 17:12 . 2012-07-07 17:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-07-06 22:32 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-06 22:32 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-07-06 22:32 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 22:31 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-07-06 22:31 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-06 22:31 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-07-06 22:31 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-06 22:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-06 22:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-07-06 22:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-06 22:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-07-06 22:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-07-06 22:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-07-06 22:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-07-06 22:28 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-06 22:28 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-07-06 22:21 . 2012-07-06 22:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-05 21:59 . 2012-07-05 21:59 -------- d-----w- c:\program files\ESET 2012-07-03 23:10 . 2012-07-03 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-03 23:10 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 22:30 . 2012-07-03 22:30 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-26 09:10 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C18E7156-8E6B-492B-A744-92DFD4179302}\mpengine.dll 2012-06-19 18:40 . 2012-06-19 18:40 -------- d-----w- c:\users\Rich\AppData\Roaming\SUPERAntiSpyware.com 2012-06-19 18:40 . 2012-06-25 19:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-19 18:40 . 2012-06-19 18:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-13 07:00 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 07:00 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 07:00 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-10 21:06 . 2000-03-07 03:00 278581 ----a-w- c:\windows\system32\temp.010 2012-06-10 21:06 . 1999-10-27 04:00 995383 ----a-w- c:\windows\system32\temp.00F 2012-06-10 21:06 . 1998-06-17 03:00 77878 ----a-w- c:\windows\system32\temp.011 2012-06-10 21:05 . 2006-08-31 19:56 1208320 ----a-w- c:\windows\system32\spr32d70.dll 2012-06-10 21:04 . 1996-04-14 16:55 14336 ----a-w- c:\windows\system32\WEBDIAL.EXE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 12:18 . 2011-06-22 23:08 17488 ----a-w- c:\windows\gdrv.sys 2012-06-05 01:49 . 2012-06-05 01:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-05 01:49 . 2011-06-22 23:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-21 18:26 . 2012-05-21 18:26 10 ----a-w- c:\windows\Fonts\wfonts.key . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}] 2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a011d643-4a67-4934-a775-46139847d7f2}"= "mscoree.dll" [2010-11-20 297808] . [HKEY_CLASSES_ROOT\clsid\{a011d643-4a67-4934-a775-46139847d7f2}] [HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 1750528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Rich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Synchronizer] 2012-04-04 05:54 1261472 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-03-30 12:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager] 2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams] 2012-02-24 07:29 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] 2010-05-12 21:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2010-10-12 18:56 979328 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2011-03-26 05:29 176664 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices] 2012-02-23 16:22 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2011-03-26 05:30 143384 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant] 2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2011-03-26 05:30 178200 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2011-02-11 06:06 10025576 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync] 2012-03-19 20:32 9413712 ----a-w- c:\program files\SugarSync\SugarSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [x] R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] R4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R4 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [x] R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] R4 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [x] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] R4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x] R4 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 13:10] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 13:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-Google Update - c:\users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2716) c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\SugarSync\SugarSyncShellExt.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\taskhost.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\msiexec.exe c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-07-10 08:25:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-10 12:25 . Pre-Run: 56,901,214,208 bytes free Post-Run: 57,503,571,968 bytes free . - - End Of File - - 06A7E47BBCD6F57304D3F8FC465180E8
  2. OTL Fix log as requested: All processes killed ========== OTL ========== C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@ moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@ moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@ moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@ moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ moved successfully. ========== FILES ========== C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} scheduled to be moved on reboot. C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Rich\Desktop\cmd.bat deleted successfully. C:\Users\Rich\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Rich ->Temp folder emptied: 1521663944 bytes ->Temporary Internet Files folder emptied: 330027303 bytes ->Java cache emptied: 11081663 bytes ->Apple Safari cache emptied: 60134400 bytes ->Flash cache emptied: 57673 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 678450936 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 651630195 bytes Total Files Cleaned = 3,102.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07092012_153056 Files\Folders moved on Reboot... C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. PendingFileRenameOperations files... File C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} not found! Registry entries deleted on Reboot...
  3. Here's the files requested: OTL logfile created on: 7/7/2012 9:58:39 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.42 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 50.79% Memory free 6.84 Gb Paging File | 5.09 Gb Available in Paging File | 74.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.38 Gb Total Space | 59.72 Gb Free Space | 26.62% Space Free | Partition Type: NTFS Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 5.00% Space Free | Partition Type: FAT32 Unable to calculate disk information. Computer Name: GIGABYTEGAZ68 | User Name: Rich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/07 09:42:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/20 21:28:54 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/08/12 14:38:58 | 001,841,504 | ---- | M] (Gigabyte Technology CO.) -- C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe ========== Modules (No Company Name) ========== MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/20 17:29:12 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Win32 Services (SafeList) ========== SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011/07/06 18:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/06/23 08:42:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer) SRV - [2011/04/24 19:00:00 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) EPSON V3 Service4(05) SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- C:\Program Files\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WN111.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x) DRV - [2012/07/07 09:25:34 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/06/23 08:51:34 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2011/03/07 05:22:00 | 000,052,992 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI) DRV - [2011/03/07 05:22:00 | 000,033,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3) DRV - [2011/01/10 18:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010/12/18 13:42:00 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2010/12/18 13:42:00 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/10/14 12:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/09/21 09:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel® DRV - [2007/09/11 03:23:46 | 000,015,360 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrveap32.sys -- (Mrvleap) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 0C 81 64 31 31 CC 01 [binary data] IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS438 IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/05 00:15:36 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000..\Run: [AdobeBridge] File not found O4 - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.nationalgeomatica.com/mgaxctrl.cab (Autodesk MapGuide ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{877155DC-C721-4C11-81CE-8E40FE96C4E1}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/20 16:05:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/07 09:42:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe [2012/07/07 09:39:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rich\Desktop\dds.com [2012/07/06 18:32:02 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/07/06 18:29:45 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/07/06 18:29:45 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/07/06 18:29:17 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/07/06 18:29:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/07/06 18:29:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/07/06 18:28:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/07/06 18:28:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/07/06 18:21:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/05 17:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/07/03 19:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/03 19:10:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/03 19:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/03 18:30:52 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012/07/03 18:11:24 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/06/19 14:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\SUPERAntiSpyware.com [2012/06/19 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/06/19 14:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/06/19 14:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/06/18 16:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011 [2012/06/13 03:01:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/06/13 03:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/06/13 03:01:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/06/13 03:01:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/06/13 03:01:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/06/13 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/06/13 03:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/06/13 03:00:38 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012/06/13 03:00:38 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012/06/13 03:00:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012/06/10 17:13:54 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\Wrightsoft HVAC [2012/06/10 17:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wrightsoft HVAC [2012/06/10 17:06:15 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00F [2012/06/10 17:06:15 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.010 [2012/06/10 17:06:15 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.011 [2012/06/10 17:05:48 | 001,208,320 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\System32\spr32d70.dll [2012/06/10 17:03:30 | 001,045,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL [2012/06/10 17:03:30 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vbar332.dll [2012/06/10 17:03:30 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msrd2x35.dll [2012/06/10 17:03:30 | 000,246,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00A [2012/06/10 17:03:30 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00D [2012/06/10 17:03:30 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjint35.dll [2012/06/10 17:03:30 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Odbctl32.dll [2012/06/10 17:03:30 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00C [2012/06/10 17:03:30 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjter35.dll [2012/06/10 17:03:30 | 000,018,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00E [2012/06/10 17:03:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00B [2012/06/10 17:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Wrightsoft HVAC [2012/06/10 17:03:29 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003 [2012/06/10 17:03:29 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007 [2012/06/10 17:03:29 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.008 [2012/06/10 17:03:29 | 000,093,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006 [2012/06/10 17:03:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000 [2012/06/10 17:03:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.009 [2012/06/10 17:03:29 | 000,026,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004 [2012/06/10 17:03:29 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ODBCCP32.CPL [2012/06/10 17:03:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005 [2012/06/10 17:03:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002 [2012/06/10 17:03:29 | 000,004,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001 [2012/06/07 15:50:45 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes [2012/06/07 15:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/07 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 ========== Files - Modified Within 30 Days ========== [2012/07/07 09:42:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe [2012/07/07 09:41:30 | 000,050,477 | ---- | M] () -- C:\Users\Rich\Desktop\Defogger.exe [2012/07/07 09:41:11 | 000,881,475 | ---- | M] () -- C:\Users\Rich\Desktop\SecurityCheck.exe [2012/07/07 09:39:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rich\Desktop\dds.com [2012/07/07 09:37:36 | 000,000,000 | ---- | M] () -- C:\Users\Rich\defogger_reenable [2012/07/07 09:32:28 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/07 09:32:28 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/07 09:29:31 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/07/07 09:29:31 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/07/07 09:29:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/07 09:25:34 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys [2012/07/07 09:25:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/07 09:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/07 09:25:04 | 2754,961,408 | -HS- | M] () -- C:\hiberfil.sys [2012/07/06 18:41:57 | 000,000,600 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\winscp.rnd [2012/07/06 18:37:55 | 003,713,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/07/06 18:16:12 | 268,164,445 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/07/05 18:51:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2012/07/05 18:51:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012/07/03 19:10:15 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/03 18:45:01 | 000,001,422 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/19 14:40:13 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/06/18 16:26:46 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk [2012/06/18 16:25:31 | 000,000,574 | ---- | M] () -- C:\Users\Rich\Desktop\Division of Revenue Business Records Service.website [2012/06/12 17:08:37 | 000,095,774 | ---- | M] () -- C:\Users\Rich\Desktop\New Home ENERGY STAR Builder Agreement.pdf [2012/06/10 17:06:16 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\Right-Suite® Universal.lnk [2012/06/10 17:03:30 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI ========== Files Created - No Company Name ========== [2012/07/07 09:41:30 | 000,050,477 | ---- | C] () -- C:\Users\Rich\Desktop\Defogger.exe [2012/07/07 09:41:04 | 000,881,475 | ---- | C] () -- C:\Users\Rich\Desktop\SecurityCheck.exe [2012/07/07 09:37:36 | 000,000,000 | ---- | C] () -- C:\Users\Rich\defogger_reenable [2012/07/07 09:34:11 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ [2012/07/07 09:29:42 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ [2012/07/05 18:50:49 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2012/07/05 18:50:49 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012/07/03 19:10:15 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/03 18:18:48 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@ [2012/07/03 18:18:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@ [2012/07/03 18:18:48 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@ [2012/07/03 18:18:47 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@ [2012/06/19 14:40:13 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/06/18 16:26:46 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk [2012/06/12 17:08:36 | 000,095,774 | ---- | C] () -- C:\Users\Rich\Desktop\New Home ENERGY STAR Builder Agreement.pdf [2012/06/10 17:06:16 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\Right-Suite® Universal.lnk [2012/06/10 17:04:35 | 000,014,336 | ---- | C] () -- C:\Windows\System32\WEBDIAL.EXE [2012/06/05 20:31:54 | 000,007,613 | -H-- | C] () -- C:\Users\Rich\AppData\Local\Resmon.ResmonCfg [2012/04/10 22:17:41 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/02/03 18:56:03 | 000,000,600 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\winscp.rnd [2012/01/31 13:55:44 | 000,072,080 | -H-- | C] () -- C:\Users\Rich\g2mdlhlpx.exe [2012/01/24 19:01:28 | 000,000,107 | ---- | C] () -- C:\Windows\EWF845.ini [2012/01/11 22:02:27 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2012/01/11 22:02:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2011/12/29 18:44:17 | 000,160,392 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/12/19 14:27:38 | 000,000,000 | -H-- | C] () -- C:\Users\Rich\AppData\Local\{74E551CB-4C23-484D-933E-39DDAA7DAC06} [2011/10/21 18:44:13 | 000,000,182 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\burnaware.ini [2011/06/27 11:35:52 | 000,030,720 | -H-- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/24 09:04:31 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini [2011/06/23 15:03:34 | 000,000,132 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011/06/23 11:57:24 | 000,000,132 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011/06/22 19:08:10 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011/06/22 16:29:57 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/06/22 15:42:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2011/06/22 15:42:12 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2011/06/22 15:42:12 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2011/06/22 15:40:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/06/22 15:38:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/06/22 15:38:58 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011/06/22 15:38:58 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011/06/22 15:38:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011/06/22 15:15:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011/03/26 01:10:22 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011/03/26 00:33:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll < End of report > OTL Extras logfile created on: 7/7/2012 9:58:39 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.42 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 50.79% Memory free 6.84 Gb Paging File | 5.09 Gb Available in Paging File | 74.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.38 Gb Total Space | 59.72 Gb Free Space | 26.62% Space Free | Partition Type: NTFS Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 5.00% Space Free | Partition Type: FAT32 Unable to calculate disk information. Computer Name: GIGABYTEGAZ68 | User Name: Rich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 30 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1221.1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard "{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{70F1348F-F94F-4FFB-A5D0-CE5575312A88}" = TurboTax 2011 wnjpbpm "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7346B4A0-1200-0100-0409-705C0D862004}" = Revit Architecture 2012 "{7346B4A0-1200-0101-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English "{73C213C0-DD1F-4A71-9F5F-896838953DD1}" = Cause of the Month Reminder by We-Care.com v5.0.6.2 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer Desktop "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80A17ED7-059E-40FF-B5D6-F37C737CA693}" = Adobe Photoshop Lightroom 4 "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}" = Microsoft Online Services Sign-in Assistant "{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{3AED81FF-F443-4D34-A103-5EB05C954265}" = "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine "{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{ABD650AB-CF97-4FD8-837A-3EFBE3924BB1}" = TurboTax 2010 wnjpbpm "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web) "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1 "{CA19AEA3-B949-41DA-AFBA-692356230F6E}" = TurboTax 2010 wnjiper "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport "{DCED0AD4-784D-4667-B4A0-6FE953FAC4BB}" = TurboTax 2011 wnjiper "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F03DFD59-5FFB-4306-9731-BD2863545EEB}}_is1" = OptiMiser v2.0.5710 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop "Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012 "BurnAware Free_is1" = BurnAware Free 3.5 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "EPSON Scanner" = EPSON Scan "EPSON WorkForce 845 Series" = EPSON WorkForce 845 Series Printer Uninstall "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1 "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1 "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Office14.OUTLOOK" = Microsoft Outlook 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Picasa 3" = Picasa 3 "Right-Suite Universal" = Right-Suite Universal "sp6" = Logitech SetPoint 6.30 "SugarSync" = SugarSync Manager "TurboTax 2010" = TurboTax 2010 "TurboTax 2011" = TurboTax 2011 "TurboTax Business 2010" = TurboTax Business 2010 "TurboTax Business 2011" = TurboTax Business 2011 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/5/2012 6:35:59 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 7:32:54 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/5/2012 9:15:41 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/6/2012 5:48:30 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/6/2012 6:17:47 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/6/2012 6:24:18 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/6/2012 6:27:11 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/6/2012 6:37:25 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/6/2012 8:13:09 PM | Computer Name = GigabyteGAZ68 | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\EPSON Software\Download Navigator\Resource01\E_UPBW01.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/6/2012 9:30:08 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = Error - 7/7/2012 9:26:49 AM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 6/25/2012 7:50:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:50:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:50:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:55:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:55:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:55:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:57:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:57:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 7:57:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 6/25/2012 8:02:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 < End of report >
  4. Malwarebytes finds BCMINER but it keeps comming back, your help is appreciated!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.