Jump to content

Bobc11

Honorary Members
  • Posts

    814
  • Joined

  • Last visited

Everything posted by Bobc11

  1. Does anyone have a reccomendation for this? I know about mibbit but Im not too happy with it. Thanks, Bobc11
  2. Only happens on 1 mouse. I prefer to use this mouse though. Is it possibly a driver issue?
  3. Windows 7 64bit SP1 Hey everyone, I reinstalled this PC to a 64 bit edition of windows, now when I do a single click, the program will act as if I did a double click. Why might this be happening? I checked the folder options setting and it is set to double click. Any ideas?
  4. Thanks for your help. By the way, your dogs are really cute! :)

  5. Thanks MrC. I think I might have a bad driver or something for this. Thanks for your help.
  6. It appears to be running ok... however the mouse still freezes every couple of seconds and then unfreezes after 1 second. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.04.04 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 angelo :: SHERRY-DELL [administrator] 6/4/2012 11:15:05 AM mbam-log-2012-06-04 (11-15-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 190845 Time elapsed: 3 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. ComboFix 12-06-03.01 - angelo 06/03/2012 11:18:57.2.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1404 [GMT -4:00] Running from: c:\users\angelo\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 ))))))))))))))))))))))))))))))) . . 2012-06-03 15:23 . 2012-06-03 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-03 13:37 . 2012-06-03 13:37 -------- d-----w- C:\_OTL 2012-06-03 03:06 . 2012-06-03 03:06 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{196EF7A5-B355-4D27-861C-2C0C3B4919FC}\offreg.dll 2012-06-03 01:43 . 2012-06-03 01:43 -------- d-----w- c:\users\angelo\AppData\Local\Diagnostics 2012-06-02 23:48 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{196EF7A5-B355-4D27-861C-2C0C3B4919FC}\mpengine.dll 2012-06-01 20:31 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-06-01 19:31 . 2012-06-01 19:31 -------- d-----w- c:\program files\TeamViewer 2012-06-01 01:34 . 2012-06-01 01:34 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-06-01 01:34 . 2012-06-01 01:34 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-01 01:34 . 2012-06-01 01:34 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-06-01 01:30 . 2012-06-01 01:30 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-06-01 01:28 . 2012-06-01 01:30 -------- d-----w- c:\programdata\HitmanPro 2012-05-31 20:45 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-22 01:09 . 2012-05-22 01:09 -------- d-----w- c:\windows\system32\SPReview 2012-05-22 01:08 . 2012-05-22 01:08 -------- d-----w- c:\windows\system32\EventProviders 2012-05-22 01:05 . 2012-05-22 01:05 -------- d-----w- c:\programdata\NVIDIA 2012-05-22 01:03 . 2012-05-22 01:03 -------- d-----w- c:\program files\Common Files\Java 2012-05-22 01:02 . 2012-05-22 01:02 -------- d-----w- c:\program files\Oracle 2012-05-22 01:01 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-22 00:53 . 2012-05-22 00:53 -------- d-----w- C:\NVIDIA 2012-05-21 22:05 . 2007-03-22 02:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2012-05-21 22:05 . 2007-02-24 18:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2012-05-21 22:05 . 2007-01-23 20:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2012-05-21 22:05 . 2004-09-04 07:00 90112 ----a-w- c:\windows\system32\snymsico.dll 2012-05-21 22:04 . 2012-05-21 22:04 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-05-21 22:04 . 2012-05-21 22:04 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-05-21 22:04 . 2002-12-05 18:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-05-21 22:04 . 2002-12-05 18:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-05-21 22:04 . 2002-12-02 19:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-05-21 22:04 . 2002-12-02 17:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2012-05-21 22:04 . 2002-12-02 17:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-05-21 21:30 . 2012-05-27 01:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-21 21:29 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-05-21 21:29 . 2012-05-21 21:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-05-18 01:43 . 2012-05-18 01:43 -------- d-----w- c:\users\angelo\AppData\Roaming\Malwarebytes 2012-05-18 01:43 . 2012-05-18 01:43 -------- d-----w- c:\programdata\Malwarebytes 2012-05-18 01:43 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-18 01:43 . 2012-05-18 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-18 01:35 . 2012-05-18 01:35 -------- d-----w- c:\program files\CCleaner 2012-05-18 01:30 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-18 01:30 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-18 01:30 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-18 01:30 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-18 01:30 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-18 01:30 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-18 01:30 . 2012-04-02 02:43 2342400 ----a-w- c:\windows\system32\win32k.sys 2012-05-18 01:30 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-18 01:30 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-18 01:29 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-18 01:29 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-18 01:29 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-05-18 01:29 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-05-18 01:29 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-16 10:25 . 2012-02-09 17:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DEF83DB-94BE-4BCA-A372-466A9B0616EA}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 22:47 . 2010-07-10 23:18 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-21 00:44 . 2010-10-25 01:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 00:44 . 2010-03-26 01:30 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2011-04-25 05:58 . 2011-04-25 05:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 06:48 . 2011-04-25 06:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 06:00 . 2011-04-25 06:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-25 05:59 . 2011-04-25 05:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-25 05:58 . 2011-04-25 05:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-25 05:57 . 2011-04-25 05:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-25 05:58 . 2011-04-25 05:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-25 05:58 . 2011-04-25 05:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2011-04-25 05:51 . 2011-04-25 05:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 06:00 . 2011-04-25 06:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2012-06-01 01:34 . 2012-02-22 01:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-05-10 2959336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-10 3349488] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 129976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1343400] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 65584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-05-10 1122296] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-05-10 838136] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . Contents of the 'Scheduled Tasks' folder . 2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865153123-2725526692-2838595902-1001Core.job - c:\users\angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24 17:15] . 2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865153123-2725526692-2838595902-1001UA.job - c:\users\angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24 17:15] . . ------- Supplementary Scan ------- . uStart Page = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\angelo\AppData\Roaming\Mozilla\Firefox\Profiles\xtao028n.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2456) c:\windows\system32\fxsst.dll . Completion time: 2012-06-03 11:25:09 ComboFix-quarantined-files.txt 2012-06-03 15:25 ComboFix2.txt 2012-05-29 23:05 . Pre-Run: 223,263,088,640 bytes free Post-Run: 223,213,424,640 bytes free . - - End Of File - - 53955455AB66B1515620C07507DC9AE0
  8. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ not found. HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3865153123-2725526692-2838595902-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B9B00739-F5FD-4019-8EBA-2429AD2AE369}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9B00739-F5FD-4019-8EBA-2429AD2AE369}\ not found. Registry key HKEY_USERS\S-1-5-21-3865153123-2725526692-2838595902-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: angelo ->Java cache emptied: 1752249 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 2.00 mb [EMPTYTEMP] User: All Users User: angelo ->Temp folder emptied: 77578233 bytes ->Temporary Internet Files folder emptied: 4494181 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 54481206 bytes ->Google Chrome cache emptied: 11103319 bytes ->Flash cache emptied: 963 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 571778 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17966930 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 159.00 mb OTL by OldTimer - Version 3.2.45.0 log created on 06032012_093710 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  9. RogueKiller V7.5.2 [05/30/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: angelo [Admin rights] Mode: Scan -- Date: 06/02/2012 21:33:03 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEKT-00F3T0 ATA Device +++++ --- User --- [MBR] b7ee7d0642669375442eea279e6539cf [bSP] 68bc32e9635031b6d3d1859dd4dd30c5 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt OTL logfile created on: 6/2/2012 9:44:44 PM - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\angelo\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.39% Memory free 4.00 Gb Paging File | 3.03 Gb Available in Paging File | 75.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.79 Gb Total Space | 207.87 Gb Free Space | 89.30% Space Free | Partition Type: NTFS Computer Name: SHERRY-DELL | User Name: angelo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/02 21:39:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\angelo\Downloads\OTL(1).exe PRC - [2012/05/31 21:34:09 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/05/10 16:29:50 | 003,349,488 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012/05/10 16:29:02 | 000,838,136 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/05/10 16:28:58 | 001,122,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/03/22 10:55:02 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/03/19 07:38:48 | 002,279,296 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe PRC - [2012/03/19 07:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2012/05/31 21:34:09 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/05/10 16:28:12 | 000,046,592 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/05/10 16:28:10 | 000,517,632 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/05/10 16:28:10 | 000,410,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2012/05/31 21:34:09 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2010/07/09 19:21:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2009/07/13 21:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 17:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\angelo\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs) DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/06/14 16:25:00 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm007CQus&ptnrS=RGxdm007CQus&ptb=ECE14587-7489-4C38-B2F8-8CB9AD5BCD2D&ind=2012030705&n=77ed26f1&psa=&st=sb&searchfor={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm007CQus&ptb=ECE14587-7489-4C38-B2F8-8CB9AD5BCD2D IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F DF 76 89 94 F5 CC 01 [binary data] IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\..\SearchScopes\{B9B00739-F5FD-4019-8EBA-2429AD2AE369}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PGL&o=102946&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=6J&apn_dtid=YYYYYYYYUS&apn_uid=e099235d-55f5-44f5-9958-8126f6a9c4d4&apn_sauid=856288CC-A644-456F-948B-CE00F3F3540E IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm007CQus&ptnrS=RGxdm007CQus&ptb=ECE14587-7489-4C38-B2F8-8CB9AD5BCD2D&ind=2012030705&n=77ed26f1&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 21:34:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 00:40:24 | 000,000,000 | ---D | M] [2010/07/10 18:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelo\AppData\Roaming\mozilla\Extensions [2012/05/21 17:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelo\AppData\Roaming\mozilla\Firefox\Profiles\xtao028n.default\extensions [2012/02/16 06:42:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\angelo\AppData\Roaming\mozilla\Firefox\Profiles\xtao028n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\angelo\AppData\Roaming\Mozilla\Firefox\Profiles\xtao028n.default\searchplugins\askcom.xml [2012/05/31 21:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/31 21:34:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010/07/10 19:18:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012/05/31 21:34:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/05/31 21:34:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=PGL&o=102946&locale=en_US&apn_uid=e099235d-55f5-44f5-9958-8126f6a9c4d4&apn_ptnrs=6J&apn_sauid=856288CC-A644-456F-948B-CE00F3F3540E&apn_dtid=YYYYYYYYUS&q={searchTerms} CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\angelo\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\angelo\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\angelo\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\angelo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RivalGaming Addon (Enabled) = C:\Users\angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Update (Enabled) = C:\Users\angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: RivalGaming = C:\Users\angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\ CHR - Extension: YouTube = C:\Users\angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/29 19:03:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001..\Run: [spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3865153123-2725526692-2838595902-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06675B40-6114-4299-BAA8-07663045CB45}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE8E32F5-877D-4A07-BC31-299D0EE1A13E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/02 21:43:44 | 000,000,000 | ---D | C] -- C:\Users\angelo\AppData\Local\Diagnostics [2012/06/02 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\angelo\Desktop\RK_Quarantine [2012/06/01 16:31:15 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2012/06/01 15:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012/05/31 21:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/31 21:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/31 21:30:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2012/05/31 21:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/05/30 16:56:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\angelo\Desktop\dds.scr [2012/05/29 19:05:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/29 19:05:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/29 18:49:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/21 21:09:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012/05/21 21:08:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012/05/21 21:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012/05/21 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/05/21 21:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/05/21 20:53:54 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012/05/21 18:05:08 | 000,042,496 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys [2012/05/21 18:05:08 | 000,039,936 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys [2012/05/21 18:05:08 | 000,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys [2012/05/21 17:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/05/21 17:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012/05/21 17:29:23 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2012/05/21 17:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012/05/21 17:09:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012/05/17 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\angelo\AppData\Roaming\Malwarebytes [2012/05/17 21:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/17 21:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/17 21:43:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/17 21:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/17 21:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/05/10 06:50:18 | 000,000,000 | ---D | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012/06/02 21:38:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3865153123-2725526692-2838595902-1001UA.job [2012/06/02 19:44:56 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/02 19:44:56 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/02 19:43:28 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/02 19:43:28 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/02 19:37:54 | 000,027,430 | ---- | M] () -- C:\Users\angelo\AppData\Roaming\nvModes.001 [2012/06/02 19:37:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/02 19:37:26 | 1609,072,640 | -HS- | M] () -- C:\hiberfil.sys [2012/06/01 16:30:58 | 000,000,036 | ---- | M] () -- C:\Users\angelo\AppData\Local\housecall.guid.cache [2012/06/01 15:31:12 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012/05/31 21:30:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2012/05/31 14:38:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3865153123-2725526692-2838595902-1001Core.job [2012/05/30 16:57:43 | 000,853,862 | ---- | M] () -- C:\Users\angelo\Desktop\SecurityCheck.exe [2012/05/30 16:56:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\angelo\Desktop\dds.scr [2012/05/30 16:48:17 | 000,002,409 | ---- | M] () -- C:\Users\angelo\Desktop\Google Chrome.lnk [2012/05/29 19:03:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/05/26 22:58:28 | 187,456,401 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/05/21 17:44:33 | 000,409,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/21 17:29:30 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/05/17 21:43:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/17 21:35:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/16 06:33:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif ========== Files Created - No Company Name ========== [2012/06/01 16:30:58 | 000,000,036 | ---- | C] () -- C:\Users\angelo\AppData\Local\housecall.guid.cache [2012/06/01 15:31:12 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012/06/01 15:31:12 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012/05/30 16:57:39 | 000,853,862 | ---- | C] () -- C:\Users\angelo\Desktop\SecurityCheck.exe [2012/05/21 17:43:16 | 187,456,401 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/05/21 17:29:30 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012/05/21 17:29:30 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/05/20 15:43:15 | 000,409,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/17 21:43:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/17 21:35:23 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/16 06:33:00 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2010/10/04 12:24:57 | 000,027,430 | ---- | C] () -- C:\Users\angelo\AppData\Roaming\nvModes.dat [2010/10/04 12:24:57 | 000,027,430 | ---- | C] () -- C:\Users\angelo\AppData\Roaming\nvModes.001 [2010/07/10 18:45:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2012/03/04 08:01:33 | 000,000,000 | -H-D | M] -- C:\Users\angelo\AppData\Roaming\006F30C2 [2012/04/11 10:51:07 | 000,000,000 | ---D | M] -- C:\Users\angelo\AppData\Roaming\ICAClient [2012/03/03 06:00:35 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  10. Windows 7- mouse freezes for about 1 second then unfreezes. When I search on the firefox homepage it goes through my web search. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.30.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 angelo :: SHERRY-DELL [administrator] 5/30/2012 5:09:50 PM mbam-log-2012-05-30 (17-09-50).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 284473 Time elapsed: 26 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by angelo at 17:23:06 on 2012-05-30 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1050 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\aestsrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm007CQus&ptb=ECE14587-7489-4C38-B2F8-8CB9AD5BCD2D BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-system: ConsentPromptbehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{06675B40-6114-4299-BAA8-07663045CB45} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{06675B40-6114-4299-BAA8-07663045CB45}\E4544574541425 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{06675B40-6114-4299-BAA8-07663045CB45}\E6F6167656E646163747275616D6E236F6D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{FE8E32F5-877D-4A07-BC31-299D0EE1A13E} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\angelo\appdata\roaming\mozilla\firefox\profiles\xtao028n.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\users\angelo\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-7-9 73728] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-5-21 1122296] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-5-21 838136] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-5-21 166528] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-30 40776] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-9 1343400] . =============== Created Last 30 ================ . 2012-05-30 21:08:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-05-30 02:41:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3db49430-fcd9-44a0-885b-9229bdaf389a}\offreg.dll 2012-05-30 02:40:39 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3db49430-fcd9-44a0-885b-9229bdaf389a}\mpengine.dll 2012-05-29 23:05:32 -------- d-sh--w- C:\$RECYCLE.BIN 2012-05-22 01:09:59 -------- d-----w- c:\windows\system32\SPReview 2012-05-22 01:08:46 -------- d-----w- c:\windows\system32\EventProviders 2012-05-22 01:02:35 -------- d-----w- c:\program files\Oracle 2012-05-22 01:01:49 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-22 00:53:54 -------- d-----w- C:\NVIDIA 2012-05-21 22:05:08 90112 ----a-w- c:\windows\system32\snymsico.dll 2012-05-21 22:05:08 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2012-05-21 22:05:08 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2012-05-21 22:05:08 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2012-05-21 22:04:49 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2012-05-21 22:04:49 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2012-05-21 22:04:49 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2012-05-21 22:04:49 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2012-05-21 22:04:49 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2012-05-21 22:04:49 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2012-05-21 22:04:49 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2012-05-21 21:30:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-21 21:29:23 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-05-21 21:29:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-05-21 21:23:33 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-05-21 21:09:57 -------- d-----w- c:\windows\system32\appmgmt 2012-05-18 01:43:35 -------- d-----w- c:\users\angelo\appdata\roaming\Malwarebytes 2012-05-18 01:43:25 -------- d-----w- c:\programdata\Malwarebytes 2012-05-18 01:43:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-18 01:43:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-18 01:35:19 -------- d-----w- c:\program files\CCleaner 2012-05-18 01:30:51 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-18 01:30:37 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2012-05-18 01:30:37 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL 2012-05-18 01:30:36 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll 2012-05-18 01:30:36 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-05-18 01:30:09 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-18 01:30:09 2342400 ----a-w- c:\windows\system32\win32k.sys 2012-05-18 01:30:08 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-18 01:30:03 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-18 01:29:55 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-18 01:29:55 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-18 01:29:54 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-05-18 01:29:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-18 01:29:54 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-05-16 10:25:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9def83db-94be-4bca-a372-466a9b0616ea}\gapaengine.dll . ==================== Find3M ==================== . 2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ============= FINISH: 17:23:42.12 ===============
  11. Hey- Thanks for your help, Im just going to reinstall windows. I can afford to do that on this pc, and have been meaning to. Meanwhile I need to open a thread about a laptop... but anyway, thanks your your help. It is appreciated.
  12. Ive enabled back the services I use, and all seems to be running normally, but I will see how it behaves over tomorrow. 2 Things: Xchat WDK Freezes when opening channels when it is first opened (this has been going on the whole time) Do I have to re enable other things one by one to see which one specificly which is causing the problem
  13. When I went to do a clean boot, the UAC Window was very tall, and I could not see the buttons. I did though get into msconfig. Starting now.
  14. OK another issue: My pc is canceling all UAC prompts when they appear. csrss.exe is always using 11-50% of the processor. Starting clean boot thing now.
  15. I have a question, will that process take a long time? If it will is it ok if I wait until the weekend?
  16. one more thing- The right click freeze thing is back.
  17. Only once, but explorer is still freezing occasionally.
  18. [Window Title] explorer.exe [Content] The remote procedure call failed and did not execute. [OK] Explorer freezes ocasionally and I just got this error.
  19. Its a program im writing. If you need proof http://intellistaremulator.x10.mx (Im The Weather Guy)
  20. Question: Why did it remove my IntelliStar Emulator Project files? ComboFix 12-05-07.02 - Spencer 05/07/2012 13:32:38.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3454.2083 [GMT -4:00] Running from: c:\users\Spencer\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Hyperionics DB Toolbar\tbHElper.dll c:\users\Spencer\111 c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport.css c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport.xslt c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport_Minus.gif c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport_Plus.gif c:\users\Spencer\111\21321\Backup\WindowsApplication2.sln c:\users\Spencer\111\21321\Backup\WindowsApplication2\Form1.Designer.vb c:\users\Spencer\111\21321\Backup\WindowsApplication2\Form1.resx c:\users\Spencer\111\21321\Backup\WindowsApplication2\Form1.vb c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Application.Designer.vb c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Application.myapp c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\AssemblyInfo.vb c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Resources.Designer.vb c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Resources.resx c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Settings.Designer.vb c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Settings.settings c:\users\Spencer\111\21321\Backup\WindowsApplication2\WindowsApplication2.vbproj c:\users\Spencer\111\21321\Backup\WindowsApplication2\WindowsApplication2.vbproj.user c:\users\Spencer\111\21321\UpgradeLog.XML c:\users\Spencer\111\21321\WindowsApplication2.sln c:\users\Spencer\111\21321\WindowsApplication2.suo c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\1.wmv c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.pdb c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.vshost.exe c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.vshost.exe.manifest c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.xml c:\users\Spencer\111\21321\WindowsApplication2\Form1.Designer.vb c:\users\Spencer\111\21321\WindowsApplication2\Form1.resx c:\users\Spencer\111\21321\WindowsApplication2\Form1.vb c:\users\Spencer\111\21321\WindowsApplication2\My Project\Application.Designer.vb c:\users\Spencer\111\21321\WindowsApplication2\My Project\Application.myapp c:\users\Spencer\111\21321\WindowsApplication2\My Project\AssemblyInfo.vb c:\users\Spencer\111\21321\WindowsApplication2\My Project\Resources.Designer.vb c:\users\Spencer\111\21321\WindowsApplication2\My Project\Resources.resx c:\users\Spencer\111\21321\WindowsApplication2\My Project\Settings.Designer.vb c:\users\Spencer\111\21321\WindowsApplication2\My Project\Settings.settings c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\DesignTimeResolveAssemblyReferencesInput.cache c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\GenerateResource.read.1.tlog c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\GenerateResource.write.1.tlog c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.Form1.resources c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.pdb c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.Resources.resources c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.vbproj.FileListAbsolute.txt c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.xml c:\users\Spencer\111\21321\WindowsApplication2\WindowsApplication2.vbproj c:\users\Spencer\111\21321\WindowsApplication2\WindowsApplication2.vbproj.user c:\users\Spencer\111\Intellistar Emulator.sln c:\users\Spencer\111\Intellistar Emulator\app.config c:\users\Spencer\111\Intellistar Emulator\ApplicationEvents.cs c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0s.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\10.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\10.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\10.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\100.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\101.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\102.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\103.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\104.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\105.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\106.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\107.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\108.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\109.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\11.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\11.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\11.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\110.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\111.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\112.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\113.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\114.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\115.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\116.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\117.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\118.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\119.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\12.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\12.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\12.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\120.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\121.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\122.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\123.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\124.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\125.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\126.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\127.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\128.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\129.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\13.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\13.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\13.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\130.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\131.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\132.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\133.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\134.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\135.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\136.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\137.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\138.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\139.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\14.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\14.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\14.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\15.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\15.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\15.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\16.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\16.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\16.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\17.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\17.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\17.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\18.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\18.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\18.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\19.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\19.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\19.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1L.JPG c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1s.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\20.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\20.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\20.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\21.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\21.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\21.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\22.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\22.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\22.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\23.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\23.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\23.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\24.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\24.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\24.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\25.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\25.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\25.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\26.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\26.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\26.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\27.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\27.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\27.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\28.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\28.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\28.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\29.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\29.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\29.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2L.JPG c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\30.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\30.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\30.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\31.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\31.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\31.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\32.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\32.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\32.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3200.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\33.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\33.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\33.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\34.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\34.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\34.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\35.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\35.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\36.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\36.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\36.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\37.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\37.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\37.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\38.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\38.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\38.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\39.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\39.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\39.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3L.JPG c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\40.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\40.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\40.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\41.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\41.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\41.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\42.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\42.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\42.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\43.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\43.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\43.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\44.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\44.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\44.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\45.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\45.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\45.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\46.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\46.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\46.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\47.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\47.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\47.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\48.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\49.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4L.JPG c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\50.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\51.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\52.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\53.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\54.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\55.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\56.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\57.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\58.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\59.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5L.JPG c:\users\Spencer\111\Intellistar Emulator\bin\Debug\6.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\6.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\6.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\60.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\61.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\62.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\63.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\64.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\65.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\66.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\67.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\68.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\69.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\70.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\71.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\72.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\73.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\74.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\75.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\76.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\77.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\78.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\79.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7DAYFCST.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\8.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\8.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\8.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\80.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\81.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\82.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\83.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\84.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\85.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\86.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\87.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\88.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\89.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\9.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\9.gif c:\users\Spencer\111\Intellistar Emulator\bin\Debug\9.png c:\users\Spencer\111\Intellistar Emulator\bin\Debug\90.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\91.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\92.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\93.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\94.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\95.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\96.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\97.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\98.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\99.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\ALERTS.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\AxInterop.WMPLib.dll c:\users\Spencer\111\Intellistar Emulator\bin\Debug\beep.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blizzard.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Dust.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Sand in the Vicinity.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Sand Nearby.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Sand.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Snow 2.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Snow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CC_INTRO1.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CC_INTRO2.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CCONDIT.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Clear and Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Clear.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Cloudy and Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Cloudy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CONFIG.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Drifting Snow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Drizzle & Fog.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Drizzle.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Dust Storm.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\error.txt c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Fair & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Fair.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Foggy Conditions.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\FORECAST.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\forecastTranslation.xml c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Drizzle (1).dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Drizzle (2).dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Rain (1).dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Rain (2).dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Haze.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Rain & Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Rain & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Sleet & Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Sleet & Thunder.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Sleet.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Snow & Thunder.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Snow & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Snow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Thunderstorm.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Ice Crystals.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.exe c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.exe.config c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.pdb c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe.config c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe.manifest c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.xml c:\users\Spencer\111\Intellistar Emulator\bin\Debug\IntelliStar.7z c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Interop.WMPLib.dll c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Drizzle.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Snow & Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Snow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\LOCAL_DOPPLER.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\LOCAL_DOPPLER_1.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M1.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M10.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M11.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M12.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M13.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M14.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M15.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M16.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M17.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M18.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M19.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M2.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M20.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M21.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M22.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M23.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M24.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M25.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M26.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M27.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M28.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M29.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M3.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M30.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M31.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M32.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M33.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M34.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M35.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M36.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M37.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M38.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M39.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M4.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M40.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M41.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M42.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M43.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M44.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M45.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M46.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M47.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M48.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M49.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M5.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M50.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M51.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M52.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M53.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M54.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M55.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M56.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M57.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M58.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M59.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M6.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M60.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M61.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M62.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M63.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M64.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M65.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M66.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M67.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M68.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M69.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M7.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M70.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M71.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M72.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M73.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M74.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M75.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M76.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M77.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M78.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M79.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M8.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M80.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M81.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M82.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M83.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M84.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M85.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M86.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M87.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M88.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M89.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M9.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M90.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M91.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M92.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M93.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M94.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M95.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M96.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M97.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M98.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M99.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Microsoft.DirectX.AudioVideoPlayback.dll c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Mostly Cloudy & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Mostly Cloudy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Partly Cloudy & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Partly Cloudy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Sleet.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Snow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Some Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT1.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT2.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT3.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT4.XML c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sand Storm in the Vicinity.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sand Storm.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers & Foggy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers in the Vicinity & Fog.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers in the Vicinity & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers in the Vicinity.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers Nearby.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sleet & Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sleet.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Smoke.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow & Freezing Rain.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow & Sleet.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow Flurries.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow Showers.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Strong Thunderstorm & Hail.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Strong Thunderstorm.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sunny & Windy.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sunny.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thunder.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thundersleet.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thundersnow.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thunderstorm.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Windy Conditions.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Wintry Mix & Thunder.dat c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Wintry Mix.dat c:\users\Spencer\111\Intellistar Emulator\Cleanup.cs c:\users\Spencer\111\Intellistar Emulator\Cleanup.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Dialog1.cs c:\users\Spencer\111\Intellistar Emulator\Dialog1.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Dialog2.cs c:\users\Spencer\111\Intellistar Emulator\Dialog2.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Dialog3.cs c:\users\Spencer\111\Intellistar Emulator\Dialog3.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Dialog4.cs c:\users\Spencer\111\Intellistar Emulator\Dialog4.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Dialog5.cs c:\users\Spencer\111\Intellistar Emulator\Dialog5.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Dialog6.cs c:\users\Spencer\111\Intellistar Emulator\Dialog6.Designer.cs c:\users\Spencer\111\Intellistar Emulator\extw.cs c:\users\Spencer\111\Intellistar Emulator\extw.Designer.cs c:\users\Spencer\111\Intellistar Emulator\fcst.cs c:\users\Spencer\111\Intellistar Emulator\Form1.cs c:\users\Spencer\111\Intellistar Emulator\Form1.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form10.cs c:\users\Spencer\111\Intellistar Emulator\Form10.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form11.cs c:\users\Spencer\111\Intellistar Emulator\Form11.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form12.cs c:\users\Spencer\111\Intellistar Emulator\Form12.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form13.cs c:\users\Spencer\111\Intellistar Emulator\Form13.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form14.cs c:\users\Spencer\111\Intellistar Emulator\Form14.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form15.cs c:\users\Spencer\111\Intellistar Emulator\Form15.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form16.cs c:\users\Spencer\111\Intellistar Emulator\Form16.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form17.cs c:\users\Spencer\111\Intellistar Emulator\Form17.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form2.cs c:\users\Spencer\111\Intellistar Emulator\Form2.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form3.cs c:\users\Spencer\111\Intellistar Emulator\Form3.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form4.cs c:\users\Spencer\111\Intellistar Emulator\Form4.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form5.cs c:\users\Spencer\111\Intellistar Emulator\Form5.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form6.cs c:\users\Spencer\111\Intellistar Emulator\Form6.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form7.cs c:\users\Spencer\111\Intellistar Emulator\Form7.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form8.cs c:\users\Spencer\111\Intellistar Emulator\Form8.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Form9.cs c:\users\Spencer\111\Intellistar Emulator\Form9.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Intellistar Emulator.csproj c:\users\Spencer\111\Intellistar Emulator\Intellistar Emulator.suo c:\users\Spencer\111\Intellistar Emulator\Intellistar Emulator.vbproj.user c:\users\Spencer\111\Intellistar Emulator\LDL.cs c:\users\Spencer\111\Intellistar Emulator\LDL.Designer - Copy.cs c:\users\Spencer\111\Intellistar Emulator\LDL.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Module1.cs c:\users\Spencer\111\Intellistar Emulator\My Project\Application.Designer.cs c:\users\Spencer\111\Intellistar Emulator\My Project\AssemblyInfo.cs c:\users\Spencer\111\Intellistar Emulator\My Project\Resources.Designer.cs c:\users\Spencer\111\Intellistar Emulator\My Project\Resources.resx c:\users\Spencer\111\Intellistar Emulator\My Project\Settings.Designer.cs c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\AxInterop.WMPLib.dll c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\DesignTimeResolveAssemblyReferencesInput.cache c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\GenerateResource.read.1.tlog c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\GenerateResource.write.1.tlog c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Intellistar Emulator.csproj.FileListAbsolute.txt c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Intellistar Emulator.csproj.ResolveComReference.cache c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Intellistar_Emulator.Resources.resources c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Interop.WMPLib.dll c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\ResolveAssemblyReference.cache c:\users\Spencer\111\Intellistar Emulator\Parsing.cs c:\users\Spencer\111\Intellistar Emulator\Properties\Resources.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Properties\Resources.resx c:\users\Spencer\111\Intellistar Emulator\Resources\0.gif c:\users\Spencer\111\Intellistar Emulator\Resources\1.gif c:\users\Spencer\111\Intellistar Emulator\Resources\10.gif c:\users\Spencer\111\Intellistar Emulator\Resources\11.gif c:\users\Spencer\111\Intellistar Emulator\Resources\12.gif c:\users\Spencer\111\Intellistar Emulator\Resources\12.png c:\users\Spencer\111\Intellistar Emulator\Resources\13.gif c:\users\Spencer\111\Intellistar Emulator\Resources\14.gif c:\users\Spencer\111\Intellistar Emulator\Resources\15.gif c:\users\Spencer\111\Intellistar Emulator\Resources\15.png c:\users\Spencer\111\Intellistar Emulator\Resources\16.gif c:\users\Spencer\111\Intellistar Emulator\Resources\16.png c:\users\Spencer\111\Intellistar Emulator\Resources\17.gif c:\users\Spencer\111\Intellistar Emulator\Resources\18.gif c:\users\Spencer\111\Intellistar Emulator\Resources\19.gif c:\users\Spencer\111\Intellistar Emulator\Resources\2.gif c:\users\Spencer\111\Intellistar Emulator\Resources\20.gif c:\users\Spencer\111\Intellistar Emulator\Resources\21.gif c:\users\Spencer\111\Intellistar Emulator\Resources\22.gif c:\users\Spencer\111\Intellistar Emulator\Resources\23.gif c:\users\Spencer\111\Intellistar Emulator\Resources\24.gif c:\users\Spencer\111\Intellistar Emulator\Resources\2405805-glassy-blue-exclamation-button.png c:\users\Spencer\111\Intellistar Emulator\Resources\25.gif c:\users\Spencer\111\Intellistar Emulator\Resources\26.gif c:\users\Spencer\111\Intellistar Emulator\Resources\27.gif c:\users\Spencer\111\Intellistar Emulator\Resources\27355468_27011216_22e2415bcbb0.gif c:\users\Spencer\111\Intellistar Emulator\Resources\28.gif c:\users\Spencer\111\Intellistar Emulator\Resources\29.gif c:\users\Spencer\111\Intellistar Emulator\Resources\3.gif c:\users\Spencer\111\Intellistar Emulator\Resources\30.gif c:\users\Spencer\111\Intellistar Emulator\Resources\31.gif c:\users\Spencer\111\Intellistar Emulator\Resources\32.gif c:\users\Spencer\111\Intellistar Emulator\Resources\33.gif c:\users\Spencer\111\Intellistar Emulator\Resources\34.gif c:\users\Spencer\111\Intellistar Emulator\Resources\36.gif c:\users\Spencer\111\Intellistar Emulator\Resources\37.gif c:\users\Spencer\111\Intellistar Emulator\Resources\38.gif c:\users\Spencer\111\Intellistar Emulator\Resources\39.gif c:\users\Spencer\111\Intellistar Emulator\Resources\4.gif c:\users\Spencer\111\Intellistar Emulator\Resources\40.gif c:\users\Spencer\111\Intellistar Emulator\Resources\41.gif c:\users\Spencer\111\Intellistar Emulator\Resources\42.gif c:\users\Spencer\111\Intellistar Emulator\Resources\43.gif c:\users\Spencer\111\Intellistar Emulator\Resources\44.gif c:\users\Spencer\111\Intellistar Emulator\Resources\45.gif c:\users\Spencer\111\Intellistar Emulator\Resources\46.gif c:\users\Spencer\111\Intellistar Emulator\Resources\47.gif c:\users\Spencer\111\Intellistar Emulator\Resources\5.gif c:\users\Spencer\111\Intellistar Emulator\Resources\6.gif c:\users\Spencer\111\Intellistar Emulator\Resources\7.gif c:\users\Spencer\111\Intellistar Emulator\Resources\7_Day_Forecast.png c:\users\Spencer\111\Intellistar Emulator\Resources\7DAYFCST.png c:\users\Spencer\111\Intellistar Emulator\Resources\8.gif c:\users\Spencer\111\Intellistar Emulator\Resources\9.gif c:\users\Spencer\111\Intellistar Emulator\Resources\Alerts.png c:\users\Spencer\111\Intellistar Emulator\Resources\animated_lightning.gif c:\users\Spencer\111\Intellistar Emulator\Resources\animated_lightning_left.gif c:\users\Spencer\111\Intellistar Emulator\Resources\BAKGROUNDA.BMP c:\users\Spencer\111\Intellistar Emulator\Resources\blue-folder--exclamation.png c:\users\Spencer\111\Intellistar Emulator\Resources\canstock2816877.png c:\users\Spencer\111\Intellistar Emulator\Resources\CC.png c:\users\Spencer\111\Intellistar Emulator\Resources\CC_REG-AL.png c:\users\Spencer\111\Intellistar Emulator\Resources\CC_REG_ALL_NEW.png c:\users\Spencer\111\Intellistar Emulator\Resources\Clds.jpeg c:\users\Spencer\111\Intellistar Emulator\Resources\clear.png c:\users\Spencer\111\Intellistar Emulator\Resources\clouds.jpg c:\users\Spencer\111\Intellistar Emulator\Resources\Copy (5) of New_TEMPLATE.png c:\users\Spencer\111\Intellistar Emulator\Resources\cross-circle.png c:\users\Spencer\111\Intellistar Emulator\Resources\Current_Conditions.png c:\users\Spencer\111\Intellistar Emulator\Resources\CurrentConditions_new.png c:\users\Spencer\111\Intellistar Emulator\Resources\CurrentConditions_new1.png c:\users\Spencer\111\Intellistar Emulator\Resources\documents.png c:\users\Spencer\111\Intellistar Emulator\Resources\EXT_FCST_NEW.png c:\users\Spencer\111\Intellistar Emulator\Resources\Extended Forecast.png c:\users\Spencer\111\Intellistar Emulator\Resources\flag--exclamation.png c:\users\Spencer\111\Intellistar Emulator\Resources\flag-gray.png c:\users\Spencer\111\Intellistar Emulator\Resources\flag-green.png c:\users\Spencer\111\Intellistar Emulator\Resources\flag-yellow.png c:\users\Spencer\111\Intellistar Emulator\Resources\forecast.png c:\users\Spencer\111\Intellistar Emulator\Resources\FORECAST_NEW.png c:\users\Spencer\111\Intellistar Emulator\Resources\Forecast1.png c:\users\Spencer\111\Intellistar Emulator\Resources\Forecast2.png c:\users\Spencer\111\Intellistar Emulator\Resources\Getaway forecast.png c:\users\Spencer\111\Intellistar Emulator\Resources\image_preview.jpeg c:\users\Spencer\111\Intellistar Emulator\Resources\LDL.png c:\users\Spencer\111\Intellistar Emulator\Resources\LDL1.png c:\users\Spencer\111\Intellistar Emulator\Resources\lot8snarration.wav c:\users\Spencer\111\Intellistar Emulator\Resources\New_Final_CC.png c:\users\Spencer\111\Intellistar Emulator\Resources\NEW_RAD.png c:\users\Spencer\111\Intellistar Emulator\Resources\NewFCST.png c:\users\Spencer\111\Intellistar Emulator\Resources\OrangeLDL1.png c:\users\Spencer\111\Intellistar Emulator\Resources\radarnarration.wav c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat.png c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat1.png c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat2007.png c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat20071.png c:\users\Spencer\111\Intellistar Emulator\Resources\RedLDL1.png c:\users\Spencer\111\Intellistar Emulator\Resources\REG_ALL.png c:\users\Spencer\111\Intellistar Emulator\Resources\Reg_All_CC.png c:\users\Spencer\111\Intellistar Emulator\Resources\Reg_All_CC1.png c:\users\Spencer\111\Intellistar Emulator\Resources\Regional_Conditions.png c:\users\Spencer\111\Intellistar Emulator\Resources\RegRadar.png c:\users\Spencer\111\Intellistar Emulator\Resources\Satellite3-DayBlackFont.png c:\users\Spencer\111\Intellistar Emulator\Resources\snow-animation2.gif c:\users\Spencer\111\Intellistar Emulator\Resources\snow-animation21.gif c:\users\Spencer\111\Intellistar Emulator\Resources\SWA2007.png c:\users\Spencer\111\Intellistar Emulator\Resources\TEMPLATE.png c:\users\Spencer\111\Intellistar Emulator\Resources\TF2007.png c:\users\Spencer\111\Intellistar Emulator\Resources\Thumbs.db c:\users\Spencer\111\Intellistar Emulator\Resources\TWCBlackBar2.png c:\users\Spencer\111\Intellistar Emulator\Resources\weekendrectangle.png c:\users\Spencer\111\Intellistar Emulator\Resources\xl36.wav c:\users\Spencer\111\Intellistar Emulator\Resources\xl7day.wav c:\users\Spencer\111\Intellistar Emulator\Resources\xlcc.wav c:\users\Spencer\111\Intellistar Emulator\Resources\YellowLDL1.png c:\users\Spencer\111\Intellistar Emulator\Settings.cs c:\users\Spencer\111\Intellistar Emulator\SplashScreen1.cs c:\users\Spencer\111\Intellistar Emulator\SplashScreen1.Designer.cs c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Backup Files\Intellistar Emulator\~AutoRecover.Dialog1.cs c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Backup Files\Intellistar Emulator\~AutoRecover.Form3.cs c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Backup Files\Intellistar Emulator\~AutoRecover.Intellistar Emulator.csproj c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Visualizers\autoexp.cs c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Visualizers\autoexpce.cs c:\users\Spencer\AppData\Local\assembly\tmp c:\users\Spencer\AppData\Local\Minibar c:\users\Spencer\AppData\Local\Minibar\chrome\background.html c:\users\Spencer\AppData\Local\Minibar\chrome\cached_http_request.js c:\users\Spencer\AppData\Local\Minibar\chrome\extension_info.json c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon128.png c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon19.png c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon32.png c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon48.png c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content.js c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content_kango.js c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content_messaging.js c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content_userscript.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango-ui\button.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango-ui\ui.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\browser.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\console.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\event_listener.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\initialize.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\io.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\jsonstorage.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\kango.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\lang.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\messaging.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\userscript_engine.js c:\users\Spencer\AppData\Local\Minibar\chrome\kango\xhr.js c:\users\Spencer\AppData\Local\Minibar\chrome\main.js c:\users\Spencer\AppData\Local\Minibar\chrome\manifest.json c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\actions.js c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\cachedxhr.js c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\config.js c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\macros.js c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\minibar.js c:\users\Spencer\AppData\Local\Minibar\chrome\popup.html c:\users\Spencer\AppData\Local\Minibar\chrome\popup.js c:\users\Spencer\AppData\Local\Minibar\chrome\tab.html c:\users\Spencer\AppData\Local\Minibar\chrome\tab.js c:\users\Spencer\AppData\Local\Minibar\chrome_installer.js c:\users\Spencer\AppData\Local\Minibar\common.js c:\users\Spencer\AppData\Local\Minibar\install.json c:\users\Spencer\AppData\Local\Minibar\minibar.crx c:\users\Spencer\AppData\Local\Minibar\sqlite3.exe c:\users\Spencer\AppData\Local\Minibar\Uninstall.exe c:\users\Spencer\Spencer c:\windows\isRS-000.tmp F:\autorun.inf F:\setup.exe f:\ticket-tracker\Ticket-Tracker\bin\Debug\Ticket-Tracker.vshost.exe . ----- File Replicators ----- . c:\all emulator stuff\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe c:\all emulator stuff\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe c:\all emulator stuff\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debugg\Intellistar Emulator.vshost.exe c:\installshield 2010 projects\My Project Name-2\Product Configuration 1\Release 1\DiskImages\DISK1\program files\IntelliStar Emulator\IntelliStar Emulator\Intellistar Emulator.vshost.exe c:\installshield 2010 projects\My Project Name-2\Product Configuration 1\Release 1\DiskImages\DISK1\program files\IntelliStar Emulator\IntelliStar Emulator\IntelliStar Update.vshost.exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe c:\program files\Git\libexec\git-core\git-add.exe c:\program files\Git\libexec\git-core\git-annotate.exe c:\program files\Git\libexec\git-core\git-apply.exe c:\program files\Git\libexec\git-core\git-archive.exe c:\program files\Git\libexec\git-core\git-bisect--helper.exe c:\program files\Git\libexec\git-core\git-blame.exe c:\program files\Git\libexec\git-core\git-branch.exe c:\program files\Git\libexec\git-core\git-bundle.exe c:\program files\Git\libexec\git-core\git-cat-file.exe c:\program files\Git\libexec\git-core\git-check-attr.exe c:\program files\Git\libexec\git-core\git-check-ref-format.exe c:\program files\Git\libexec\git-core\git-checkout-index.exe c:\program files\Git\libexec\git-core\git-checkout.exe c:\program files\Git\libexec\git-core\git-cherry-pick.exe c:\program files\Git\libexec\git-core\git-cherry.exe c:\program files\Git\libexec\git-core\git-clean.exe c:\program files\Git\libexec\git-core\git-clone.exe c:\program files\Git\libexec\git-core\git-commit-tree.exe c:\program files\Git\libexec\git-core\git-commit.exe c:\program files\Git\libexec\git-core\git-config.exe c:\program files\Git\libexec\git-core\git-count-objects.exe c:\program files\Git\libexec\git-core\git-describe.exe c:\program files\Git\libexec\git-core\git-diff-files.exe c:\program files\Git\libexec\git-core\git-diff-index.exe c:\program files\Git\libexec\git-core\git-diff-tree.exe c:\program files\Git\libexec\git-core\git-diff.exe c:\program files\Git\libexec\git-core\git-fast-export.exe c:\program files\Git\libexec\git-core\git-fetch-pack.exe c:\program files\Git\libexec\git-core\git-fetch.exe c:\program files\Git\libexec\git-core\git-fmt-merge-msg.exe c:\program files\Git\libexec\git-core\git-for-each-ref.exe c:\program files\Git\libexec\git-core\git-format-patch.exe c:\program files\Git\libexec\git-core\git-fsck-objects.exe c:\program files\Git\libexec\git-core\git-fsck.exe c:\program files\Git\libexec\git-core\git-gc.exe c:\program files\Git\libexec\git-core\git-get-tar-commit-id.exe c:\program files\Git\libexec\git-core\git-grep.exe c:\program files\Git\libexec\git-core\git-hash-object.exe c:\program files\Git\libexec\git-core\git-help.exe c:\program files\Git\libexec\git-core\git-index-pack.exe c:\program files\Git\libexec\git-core\git-init-db.exe c:\program files\Git\libexec\git-core\git-init.exe c:\program files\Git\libexec\git-core\git-log.exe c:\program files\Git\libexec\git-core\git-ls-files.exe c:\program files\Git\libexec\git-core\git-ls-remote.exe c:\program files\Git\libexec\git-core\git-ls-tree.exe c:\program files\Git\libexec\git-core\git-mailinfo.exe c:\program files\Git\libexec\git-core\git-mailsplit.exe c:\program files\Git\libexec\git-core\git-merge-base.exe c:\program files\Git\libexec\git-core\git-merge-file.exe c:\program files\Git\libexec\git-core\git-merge-index.exe c:\program files\Git\libexec\git-core\git-merge-ours.exe c:\program files\Git\libexec\git-core\git-merge-recursive.exe c:\program files\Git\libexec\git-core\git-merge-subtree.exe c:\program files\Git\libexec\git-core\git-merge-tree.exe c:\program files\Git\libexec\git-core\git-merge.exe c:\program files\Git\libexec\git-core\git-mktag.exe c:\program files\Git\libexec\git-core\git-mktree.exe c:\program files\Git\libexec\git-core\git-mv.exe c:\program files\Git\libexec\git-core\git-name-rev.exe c:\program files\Git\libexec\git-core\git-notes.exe c:\program files\Git\libexec\git-core\git-pack-objects.exe c:\program files\Git\libexec\git-core\git-pack-redundant.exe c:\program files\Git\libexec\git-core\git-pack-refs.exe c:\program files\Git\libexec\git-core\git-patch-id.exe c:\program files\Git\libexec\git-core\git-peek-remote.exe c:\program files\Git\libexec\git-core\git-prune-packed.exe c:\program files\Git\libexec\git-core\git-prune.exe c:\program files\Git\libexec\git-core\git-push.exe c:\program files\Git\libexec\git-core\git-read-tree.exe c:\program files\Git\libexec\git-core\git-receive-pack.exe c:\program files\Git\libexec\git-core\git-reflog.exe c:\program files\Git\libexec\git-core\git-remote-ext.exe c:\program files\Git\libexec\git-core\git-remote-fd.exe c:\program files\Git\libexec\git-core\git-remote.exe c:\program files\Git\libexec\git-core\git-replace.exe c:\program files\Git\libexec\git-core\git-repo-config.exe c:\program files\Git\libexec\git-core\git-rerere.exe c:\program files\Git\libexec\git-core\git-reset.exe c:\program files\Git\libexec\git-core\git-rev-list.exe c:\program files\Git\libexec\git-core\git-rev-parse.exe c:\program files\Git\libexec\git-core\git-revert.exe c:\program files\Git\libexec\git-core\git-rm.exe c:\program files\Git\libexec\git-core\git-send-pack.exe c:\program files\Git\libexec\git-core\git-shortlog.exe c:\program files\Git\libexec\git-core\git-show-branch.exe c:\program files\Git\libexec\git-core\git-show-ref.exe c:\program files\Git\libexec\git-core\git-show.exe c:\program files\Git\libexec\git-core\git-stage.exe c:\program files\Git\libexec\git-core\git-status.exe c:\program files\Git\libexec\git-core\git-stripspace.exe c:\program files\Git\libexec\git-core\git-symbolic-ref.exe c:\program files\Git\libexec\git-core\git-tag.exe c:\program files\Git\libexec\git-core\git-tar-tree.exe c:\program files\Git\libexec\git-core\git-unpack-file.exe c:\program files\Git\libexec\git-core\git-unpack-objects.exe c:\program files\Git\libexec\git-core\git-update-index.exe c:\program files\Git\libexec\git-core\git-update-ref.exe c:\program files\Git\libexec\git-core\git-update-server-info.exe c:\program files\Git\libexec\git-core\git-upload-archive.exe c:\program files\Git\libexec\git-core\git-var.exe c:\program files\Git\libexec\git-core\git-verify-pack.exe c:\program files\Git\libexec\git-core\git-verify-tag.exe c:\program files\Git\libexec\git-core\git-whatchanged.exe c:\program files\Git\libexec\git-core\git-write-tree.exe c:\program files\Git\libexec\git-core\git.exe c:\program files\IntelliStar Emulator\IntelliStar Emulator\Intellistar Emulator.vshost.exe c:\program files\IntelliStar Emulator\IntelliStar Emulator\IntelliStar Update.vshost.exe c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\vshost32.exe c:\programdata\Adobe\ARM\Reader_10.1.1\16707\AcrobatUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\16707\AdobeARMHelper.exe c:\programdata\Adobe\ARM\Reader_10.1.1\16707\ReaderUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\17407\AcrobatUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\17407\AdobeARMHelper.exe c:\programdata\Adobe\ARM\Reader_10.1.1\17407\ReaderUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\28313\AcrobatUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\28313\AdobeARMHelper.exe c:\programdata\Adobe\ARM\Reader_10.1.1\28313\ReaderUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\29690\AcrobatUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\29690\AdobeARMHelper.exe c:\programdata\Adobe\ARM\Reader_10.1.1\29690\ReaderUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\30973\AcrobatUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\30973\AdobeARMHelper.exe c:\programdata\Adobe\ARM\Reader_10.1.1\30973\ReaderUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\485\AcrobatUpdater.exe c:\programdata\Adobe\ARM\Reader_10.1.1\485\AdobeARMHelper.exe c:\programdata\Adobe\ARM\Reader_10.1.1\485\ReaderUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\16707\AcrobatUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\16707\AdobeARMHelper.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\16707\ReaderUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\17407\AcrobatUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\17407\AdobeARMHelper.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\17407\ReaderUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\28313\AcrobatUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\28313\AdobeARMHelper.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\28313\ReaderUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\29690\AcrobatUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\29690\AdobeARMHelper.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\29690\ReaderUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\30973\AcrobatUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\30973\AdobeARMHelper.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\30973\ReaderUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\485\AcrobatUpdater.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\485\AdobeARMHelper.exe c:\users\All Users\Adobe\ARM\Reader_10.1.1\485\ReaderUpdater.exe c:\users\Spencer\1\DirectX videoPlayer\bin\Debug\DirectX videoPlayer.vshost.exe c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\DirectX\21\bin\Debug\WindowsApplication3.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\Authentication\Authentication\bin\Debug\Authentication.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\DirectX Video\DirectX Video\bin\Debug\DirectX Video.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\Frost-Detector\Frost-Detector\bin\Debug\Frost-Detector.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\HelloWorld\HelloWorld\bin\Debug\HelloWorld.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\IntelliStar Update\IntelliStar Update\bin\Debug\IntelliStar Update.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\sdmgr.exe\sdmgr.exe\bin\Debug\sdmgr.exe.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\Ticket-Tracker\Ticket-Tracker\bin\Debug\Ticket-Tracker.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\track-it\track-it\bin\Debug\track-it.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\track-it\track-it\bin\Debug\WindowsApplication1.vshost.exe c:\users\Spencer\Documents\Visual Studio 2010\Projects\WindowsApplication1\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe c:\users\Spencer\Music\bin\Debug\Intellistar Emulator.vshost.exe f:\all emulator stuff\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\all emulator stuff\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\backup of gateway\inc\Crapola soft\Crapolasoft Global Bussisness\Crapolasoft Global Bussisness\bin\Debug\Crapolasoft Global Bussisness.vshost.exe f:\backup of gateway\inc\Emulator Backup\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\backup of gateway\inc\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\backup of gateway\inc\New Folder\Storage\Trakit\Trak-It! Advanced Tracking Software!.vshost.exe f:\backup of gateway\inc\Projects\GEN\Generate\Generate\bin\Debug\Generate.vshost.exe f:\backup of gateway\inc\Projects\WFA\WindowsApplication1\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe f:\gifted\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\gifted\Code\Intellistar Emulator\Intellistar Emulator\bin\Debugg\Intellistar Emulator.vshost.exe f:\gifted\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\gifted\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\intellistar emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\intellistar emulator\u\Intellistar Emulator.vshost.exe f:\isrepo\VB\IntelliStar Emulator\Emulator Project\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\isrepo\VB\IntelliStar Emulator\Emulator Project\Intellistar Emulator\bin\Debug\IntelliStar Update.vshost.exe f:\isrepo\VB\IntelliStar Emulator\Update Projects\IntelliStar Update\IntelliStar Update\bin\Debug\IntelliStar Update.vshost.exe f:\ticket-tracker\Ticket-Tracker\bin\Debug\Ticket-Tracker.vshost.exe f:\trip to ag\Emulator\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\trip to ag\Emulator\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe f:\trip to ag\Emulator\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debugg\Intellistar Emulator.vshost.exe f:\vb\embedded_font\embedded_font\bin\Debug\embedded_font.vshost.exe f:\vb\Test OS\Test OS\bin\Debug\Test OS.vshost.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 ))))))))))))))))))))))))))))))) . . 2012-05-07 17:55 . 2012-05-07 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-06 23:44 . 2012-05-06 23:44 -------- d-----w- c:\program files\QuickTime 2012-05-06 23:44 . 2012-05-06 23:44 -------- d-----w- c:\programdata\Apple Computer 2012-05-06 23:42 . 2012-05-06 23:42 -------- d-----w- c:\users\Spencer\AppData\Local\Apple 2012-05-06 23:42 . 2012-05-06 23:42 -------- d-----w- c:\programdata\Apple 2012-05-06 23:42 . 2012-05-06 23:42 -------- d-----w- c:\program files\Apple Software Update 2012-05-02 21:32 . 2012-05-02 23:27 -------- d-----w- c:\users\Spencer\AppData\Roaming\TeamViewer 2012-05-01 22:06 . 2012-05-01 22:06 -------- d-----w- c:\program files\TeamViewer 2012-04-29 15:41 . 2012-04-29 15:41 -------- d-----w- c:\program files\CCleaner 2012-04-27 20:45 . 2012-04-27 20:45 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-27 20:44 . 2012-04-27 20:44 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-27 20:44 . 2012-04-27 20:44 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-04-11 20:03 . 2012-05-04 22:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 07:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-10 03:36 . 2012-04-10 03:36 -------- d-----w- c:\program files\Common Files\Java 2012-04-10 03:35 . 2012-04-10 03:35 -------- d-----w- c:\program files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 22:57 . 2011-10-29 01:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-10 03:35 . 2011-10-30 17:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 19:56 . 2011-12-23 01:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 01:08 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-17 05:34 . 2012-03-14 09:43 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14 . 2012-03-14 09:43 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13 . 2012-03-14 09:43 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:38 . 2012-03-14 09:46 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-04-27 20:44 . 2011-10-28 23:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="-scheduler" [X] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 451856] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-19 108136] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-11-22 223640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-05-21 129584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976] R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2011-09-09 1265216] R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-31 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-02 821880] S1 GizmoDrv;Gizmo Device Driver; [x] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120505.001\IDSvix86.sys [2012-04-28 368248] S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [2010-11-16 136312] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [2011-04-21 299640] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432] S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2011-11-22 34728] S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-05-21 70704] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-21 539184] S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-12-07 4096] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 106104] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] . . --- Other Services/Drivers In Memory --- . *Deregistered* - MBAMSwissArmy . Contents of the 'Scheduled Tasks' folder . 2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:57] . 2012-05-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-28 19:46] . 2012-05-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-28 19:46] . 2012-05-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-28 19:46] . . ------- Supplementary Scan ------- . IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{914E754E-3C2A-43C3-A03B-77DD412683A7}: NameServer = 208.67.222.222 FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\ . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-07 14:25:25 ComboFix-quarantined-files.txt 2012-05-07 18:25 . Pre-Run: 194,769,002,496 bytes free Post-Run: 194,418,552,832 bytes free . - - End Of File - - 38FD9EA25EF34A9CDDB07FFA60461AE3
  21. OTL Extras logfile created on: 5/6/2012 10:54:42 AM - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Spencer\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.37 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 28.57% Memory free 6.75 Gb Paging File | 3.02 Gb Available in Paging File | 44.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.71 Gb Total Space | 185.55 Gb Free Space | 64.72% Space Free | Partition Type: NTFS Drive D: | 11.28 Gb Total Space | 1.48 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 114.23 Gb Free Space | 49.05% Space Free | Partition Type: NTFS Computer Name: COMPAQ-PC | User Name: Spencer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03B78A2B-6750-4864-B887-5D0A7691B4C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{070BAB16-136C-4E3A-9019-2CBBF05AE53F}" = lport=139 | protocol=6 | dir=in | app=system | "{16433C9A-4797-47E9-8C99-DA57323DE65B}" = lport=445 | protocol=6 | dir=in | app=system | "{1E66EA7D-AB59-4A95-9730-6903A3EC0D84}" = lport=137 | protocol=17 | dir=in | app=system | "{2EB2EB01-4BAD-402D-896E-9235502110D9}" = lport=10243 | protocol=6 | dir=in | app=system | "{3FB47F8A-7F3D-48C8-AC3B-4E8D7FCF0A75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{447C8479-6798-4A17-8E4B-A56CA65194B7}" = rport=445 | protocol=6 | dir=out | app=system | "{46650DBF-7973-4955-905F-18BF52D792E1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4714518F-2EF5-47D8-811D-09FF679CE3B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A3055C7-77E1-4828-AB9B-B90D716D1A70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A709EDE-EDAA-4FCA-82D4-A1691CB601BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{6249C688-92B5-44E7-B5FB-F9A5D9BE518C}" = rport=138 | protocol=17 | dir=out | app=system | "{77686C1C-92C7-43DE-81F5-C4E2AD1828F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7F26C02C-D95D-4AE3-BF25-0CFB943A8582}" = lport=138 | protocol=17 | dir=in | app=system | "{81230C68-C49A-4CB7-A778-3219FBCDBAC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{839F5130-BB4E-4016-9349-B4B596D189E5}" = rport=139 | protocol=6 | dir=out | app=system | "{9047FB1F-D2D2-4356-839D-762886FCD967}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95FCE36E-A072-4E8D-8641-8C1B96CBC015}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A4C07174-33AA-48CF-AC32-B2D350F89400}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{ACE60D0D-DF42-4A17-8D0E-96F8D47E0964}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C930928F-6B5C-410E-A422-917F35FF483D}" = rport=137 | protocol=17 | dir=out | app=system | "{D3360DDE-808D-4F4C-98B3-D9C5EBF848EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D600AFF2-E01F-4EBD-9045-94692AFD342A}" = rport=10243 | protocol=6 | dir=out | app=system | "{EC5B24BB-7C3F-4C2E-BA98-A7673D7CB047}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE6BA617-0BE6-43B9-8B7B-43A3E831DC98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F59D0ADA-A475-4C05-987B-2D5A08480A94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08C2E9EA-01E7-4DE3-A05F-49D055B6588E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{0C6E88F8-80EC-4CCE-86B8-E863BF22B988}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{211D376B-3F15-48AB-87CD-0E1514605D22}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{2F2C5FEF-EBA0-4843-820D-0A6A1A852CFE}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\install\data\disk1\setup.exe | "{3809B2F6-F457-4586-AD70-27EF6D70ABD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3AF5EA17-E555-41B4-9D61-33070F4C42DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B1C067C-7621-4392-9DA7-9ACE411DD860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3F58E7A7-08EC-486A-9315-110DF6577BAB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{4B7ECB67-03B0-441D-A60C-487FC776BD8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4E4012EA-B533-4295-9F3E-4EAF59EEE81F}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{4FE090A0-755C-40EE-A7EA-B6ED6F683AFB}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe | "{66C1A355-BBC0-4DD4-B52E-B0A746695CCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7D7B858C-6BDE-4082-8568-ED1A1F5DCB4D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{80B0FFA5-3E60-4566-915F-AB015D776054}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{85F23A58-B4D3-47E1-8BC0-C4E70EC3CC54}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{8A11EB3C-1B52-46B5-B0AD-E384C2567B26}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{92B083AD-5A25-4AEB-8441-DBF520E0284F}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{9CC61EE7-4953-4962-B9A5-3DD65CE8A789}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{9E4773CC-E72A-4503-AA58-2F217662B238}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.1\bin\xnaliveproxy.exe | "{A14723CD-BEB5-4748-9FB4-2FDF3258F636}" = protocol=17 | dir=in | app=c:\users\spencer\appdata\roaming\dropbox\bin\dropbox.exe | "{A5970757-CAA4-46B1-8FAF-3B10F65F3724}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A7368DD1-C2ED-47A7-98C6-1C9A0009CCC9}" = protocol=6 | dir=in | app=c:\users\spencer\appdata\roaming\dropbox\bin\dropbox.exe | "{B26E0519-BDF5-425D-805B-C32519126D30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B66F857D-7BD4-4EE2-98F8-A0573F46A52B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{B6BAD3C6-4B76-4CF5-B6BA-603984D067E7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{B742EF41-4829-419C-81D0-5CCD2B2C5E4C}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe | "{B860C31E-DD35-4FF7-937F-DB55A0FC9D89}" = protocol=6 | dir=out | app=system | "{E6E73279-EF0D-4594-BC42-8F4C2A110CE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8B795AE-2615-494A-9929-FC41D951910E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{ECABEE9B-59E4-4174-938D-358FC900D388}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EF7262E6-7C8C-489B-9F9D-8A0336CEEDFB}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{F2BAE63A-6150-45D0-911A-9FA8620B6FAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F88552DB-4299-42D7-88A6-A279313752DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FB38D306-EE2E-48A5-AE09-E67BED1F6BD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FDE35096-DAB8-4926-BB87-91CEDBCE15C7}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\install\data\disk1\setup.exe | "TCP Query User{3F2247E6-23A3-4864-947A-71B4111A951F}C:\program files\xchat-wdk\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat-wdk\xchat.exe | "TCP Query User{8CB13CF6-DEB7-4756-99A0-9D0A25D75DE8}C:\mircbot\mirc.exe" = protocol=6 | dir=in | app=c:\mircbot\mirc.exe | "TCP Query User{B10A534A-75A7-4892-8B33-6CE563A6040E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{CD801980-5517-4A45-9790-4BC0C3AEF3BD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{0449FDE1-DAA3-4CA7-BD46-B396C5D4BA91}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{3EA2D4B8-B533-4089-B754-891339144D16}C:\program files\xchat-wdk\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat-wdk\xchat.exe | "UDP Query User{697067B2-249D-4C95-821A-125548A00B3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C506B4B0-00F9-420D-9473-7714596A6595}C:\mircbot\mirc.exe" = protocol=17 | dir=in | app=c:\mircbot\mirc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer) "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy) "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools "{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components) "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists) "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update "{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2 "{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A504FB1-9593-48B4-81AE-D39F37EF7139}" = TortoiseSVN 1.7.3.22386 (32 bit) "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress) "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation "{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU "{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack "{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared "{4E3E9F50-0068-440B-BCD1-DB28AA667BA3}" = PHP 5.3.8 "{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0 "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53A29530-55DF-4B19-8C70-066ED22046BD}" = InstallShield 2010 Expansion Pack for Visual Studio 2010 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1 "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{611E3800-CE31-4953-8AD4-5657B6EE7ACF}" = Oracle VM VirtualBox 4.1.8 "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English) "{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver "{7E00A9F0-BBCC-4CD2-9310-ECF29D116D01}" = Phalanger 2.1 (October 2011) for .NET 4.0 "{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects "{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio) "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CE57049-ECC4-4B93-9DCD-74B117592637}" = InstallShield 2010 SP1 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU "{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AF86B015-1024-4C7A-9A79-34624A754E91}" = IntelliStar Emulator "{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components) "{B2C4F577-F756-4897-9B59-60DFBE074F75}" = Simple Money Manager Standard "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy) "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry) "{EC40F18F-1105-4B30-ABBD-6895393F037F}" = WeatherSTAR 4000 emulator "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1 "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "7-Zip" = 7-Zip 9.20 "AceMoney Lite_is1" = AceMoney Lite "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AI RoboForm" = RoboForm 7-7-4 (All Users) "Any Video Converter_is1" = Any Video Converter 3.3.1 "BB FlashBack Express" = BB FlashBack Express "Bejeweled 31.0" = Bejeweled 3 "CCleaner" = CCleaner "Cheat Engine 6.1_is1" = Cheat Engine 6.1 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition "FileZilla Client" = FileZilla Client 3.5.3 "Free PDF Tablet" = Free PDF Tablet 0.1 "Git_is1" = Git version 1.7.9-preview20120201 "Gizmo Central" = Gizmo Central "GR2Analyst_is1" = GR2Analyst Version 1.71 "HyperCam 2" = HyperCam 2 "Hyperionics DB Toolbar" = Hyperionics DB Toolbar "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU "mIRC" = mIRC "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner 3.41 "N360" = Norton 360 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PerformanceTest 7_is1" = PerformanceTest v7.0 "Plants vs. Zombies" = Plants vs. Zombies "Roadsend Compiler_is1" = Roadsend Compiler 2.0.0 "Roadsend PHP_is1" = Roadsend PHP 2.9.0 beta "Sandboxie" = Sandboxie 3.64 (32-bit) "Supermarket Mania 2 1.00" = Supermarket Mania 2 1.00 "TeamViewer 7" = TeamViewer 7 "VMware_Workstation" = VMware Workstation "WebSite Downloader" = WebSite Downloader 1.1 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR 4.10 beta 2 (32-bit) "Wireshark" = Wireshark 1.6.4 "xampp" = XAMPP 1.7.7 "XChat-WDK (x86)_is1" = XChat-WDK (x86) "XChat-WDK Spelling Dictionaries_is1" = XChat-WDK Spelling Dictionaries "XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1 "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/29/2012 11:46:17 AM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 448 Start Time: 01cd261b31dd2f20 Termination Time: 30 Application Path: C:\Windows\explorer.exe Report Id: 6f7097b1-9212-11e1-85d6-005056c00008 Error - 4/30/2012 5:03:41 PM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e2c Start Time: 01cd2618fd304ca0 Termination Time: 120 Application Path: C:\Windows\Explorer.EXE Report Id: f3c5a501-9307-11e1-85d6-005056c00008 Error - 4/30/2012 6:44:16 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Gizmo\glauncher-x64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 4/30/2012 6:44:38 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 5/1/2012 5:33:21 PM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11f0 Start Time: 01cd27e080198c80 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: 42486f51-93d5-11e1-8c2e-005056c00008 Error - 5/1/2012 6:12:03 PM | Computer Name = Compaq-PC | Source = Application Error | ID = 1000 Description = Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: SHELL32.dll, version: 6.1.7601.17755, time stamp: 0x4f0412de Exception code: 0xc0000005 Fault offset: 0x000b4b21 Faulting process id: 0x2fd8 Faulting application start time: 0x01cd27e20813c550 Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\system32\SHELL32.dll Report Id: adbf2b70-93da-11e1-8c2e-005056c00008 Error - 5/3/2012 6:09:53 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Gizmo\glauncher-x64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 5/3/2012 6:10:14 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 5/4/2012 4:10:03 PM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b2c Start Time: 01cd296ca55f37a0 Termination Time: 42 Application Path: C:\Windows\Explorer.EXE Report Id: 1e3e4fb1-9625-11e1-85e7-005056c00008 Error - 5/5/2012 10:46:32 AM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002 Description = The program mbam.exe version 1.60.0.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4054 Start Time: 01cd2acda98ae1f0 Termination Time: 14 Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Report Id: 14c8d491-96c1-11e1-85e7-005056c00008 [ System Events ] Error - 5/1/2012 8:29:28 AM | Computer Name = Compaq-PC | Source = DCOM | ID = 10016 Description = Error - 5/1/2012 5:15:22 PM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7024 Description = The Apache2.2 service terminated with service-specific error %%1. Error - 5/1/2012 5:16:41 PM | Computer Name = Compaq-PC | Source = HTTP | ID = 15005 Description = Error - 5/1/2012 5:16:42 PM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023 Description = The Web Deployment Agent Service service terminated with the following error: %%-2146233088 Error - 5/1/2012 5:18:05 PM | Computer Name = Compaq-PC | Source = DCOM | ID = 10016 Description = Error - 5/3/2012 4:37:21 PM | Computer Name = Compaq-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 4:35:33 PM on ?5/?3/?2012 was unexpected. Error - 5/3/2012 4:37:41 PM | Computer Name = Compaq-PC | Source = HTTP | ID = 15005 Description = Error - 5/3/2012 4:37:41 PM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023 Description = The Web Deployment Agent Service service terminated with the following error: %%-2146233088 Error - 5/3/2012 4:38:42 PM | Computer Name = Compaq-PC | Source = DCOM | ID = 10016 Description = Error - 5/5/2012 3:02:49 AM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. < End of report >
  22. OTL logfile created on: 5/6/2012 10:54:42 AM - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Spencer\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.37 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 28.57% Memory free 6.75 Gb Paging File | 3.02 Gb Available in Paging File | 44.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.71 Gb Total Space | 185.55 Gb Free Space | 64.72% Space Free | Partition Type: NTFS Drive D: | 11.28 Gb Total Space | 1.48 Gb Free Space | 13.15% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 114.23 Gb Free Space | 49.05% Space Free | Partition Type: NTFS Computer Name: COMPAQ-PC | User Name: Spencer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/06 10:53:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe PRC - [2012/04/27 16:44:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/03/19 07:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe PRC - [2012/03/18 22:05:00 | 000,108,136 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2012/03/16 01:06:50 | 000,537,600 | ---- | M] () -- C:\Program Files\XChat-WDK\xchat.exe PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/02/07 19:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe PRC - [2012/02/07 19:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/16 17:24:22 | 000,274,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2011/11/22 18:54:03 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe PRC - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2011/09/10 05:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2011/09/10 05:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2011/09/09 13:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccsvchst.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2011/01/07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/05/21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010/05/21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe PRC - [2010/05/21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010/05/21 01:56:12 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe PRC - [2010/05/21 01:55:54 | 000,178,736 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-unity-helper.exe PRC - [2010/05/21 01:55:50 | 002,751,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware.exe PRC - [2010/05/21 01:55:20 | 014,535,216 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-vmx.exe PRC - [2010/05/21 00:44:22 | 000,010,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vprintproxy.exe PRC - [2010/05/21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2008/10/17 05:39:50 | 002,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Invision\mirc.exe ========== Modules (No Company Name) ========== MOD - [2012/04/29 11:08:40 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2012/04/27 16:44:31 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/04/11 03:41:09 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll MOD - [2012/03/16 01:07:06 | 000,009,728 | ---- | M] () -- C:\Program Files\XChat-WDK\plugins\xcupd.dll MOD - [2012/03/16 01:06:50 | 000,537,600 | ---- | M] () -- C:\Program Files\XChat-WDK\xchat.exe MOD - [2012/02/15 04:52:14 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012/02/15 04:46:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 04:46:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 04:46:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/01 09:23:40 | 000,324,950 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/12/16 17:24:04 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll MOD - [2011/12/03 21:17:11 | 000,008,704 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll MOD - [2011/12/03 21:17:11 | 000,007,680 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll MOD - [2011/12/03 21:17:11 | 000,006,144 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll MOD - [2011/11/15 04:02:19 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/10/30 13:40:53 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011/10/28 12:43:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2011/08/07 08:56:50 | 001,025,536 | ---- | M] () -- C:\Program Files\XChat-WDK\libxml2.dll MOD - [2011/07/07 17:21:44 | 000,082,555 | ---- | M] () -- C:\Program Files\XChat-WDK\zlib1.dll MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2011/01/07 20:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010/12/27 17:46:54 | 001,182,444 | ---- | M] () -- C:\Program Files\XChat-WDK\libcairo-2.dll MOD - [2010/12/27 14:12:52 | 000,538,324 | ---- | M] () -- C:\Program Files\XChat-WDK\freetype6.dll MOD - [2010/10/29 16:00:32 | 000,255,488 | ---- | M] () -- C:\Program Files\XChat-WDK\lib\enchant\libenchant_myspell.dll MOD - [2010/09/29 22:10:54 | 000,103,139 | ---- | M] () -- C:\Program Files\XChat-WDK\libpangocairo-1.0-0.dll MOD - [2010/09/12 08:57:08 | 000,097,820 | ---- | M] () -- C:\Program Files\XChat-WDK\lib\gtk-2.0\2.10.0\engines\libwimp.dll MOD - [2010/08/17 15:38:28 | 000,230,529 | ---- | M] () -- C:\Program Files\XChat-WDK\libpng14-14.dll MOD - [2010/05/21 01:56:38 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll MOD - [2010/05/21 01:56:28 | 000,141,872 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\liblber.dll MOD - [2010/05/21 01:56:00 | 000,109,104 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libcds.dll MOD - [2010/05/21 01:55:54 | 000,346,672 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libcurl.dll MOD - [2010/05/21 01:55:50 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll MOD - [2010/05/21 01:55:44 | 000,563,760 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\glibmm-2.4.dll MOD - [2010/05/21 01:55:42 | 000,056,368 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\sigc-2.0.dll MOD - [2010/05/21 01:55:36 | 000,260,656 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libldap_r.dll MOD - [2010/02/05 21:55:06 | 000,279,059 | ---- | M] () -- C:\Program Files\XChat-WDK\libfontconfig-1.dll MOD - [2009/01/31 22:42:36 | 000,143,096 | ---- | M] () -- C:\Program Files\XChat-WDK\libexpat-1.dll MOD - [2000/04/06 22:51:10 | 000,044,032 | ---- | M] () -- C:\Invision\Invision\WinAmp\Amp_in.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDHookService) SRV - [2012/05/04 18:57:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/27 16:44:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/02/07 19:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/22 18:54:03 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central) SRV - [2011/10/31 03:05:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/10/30 14:27:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/09/10 05:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2011/09/09 13:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2011/06/07 15:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360) SRV - [2011/04/01 21:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc) SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/05/21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010/05/21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010/05/21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010/05/21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010/04/27 17:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Running] -- C:\Program Files\Spybot -- (SDHookDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup) DRV - [2012/05/05 10:46:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/05/04 22:49:16 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\ubwlxglg.sys -- (stupru) DRV - [2012/04/27 20:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120505.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/02/07 19:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012/02/06 09:42:06 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/02/06 09:42:06 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/01/18 04:00:41 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2012/01/09 22:52:44 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120505.016\NAVEX15.SYS -- (NAVEX15) DRV - [2012/01/09 22:52:44 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120505.016\NAVENG.SYS -- (NAVENG) DRV - [2011/12/19 15:12:00 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011/12/19 15:11:58 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011/12/19 15:11:58 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011/12/19 15:11:58 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011/12/07 17:05:54 | 000,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bbcap.sys -- (bbcap) DRV - [2011/11/22 18:54:24 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\gizmodrv.sys -- (GizmoDrv) DRV - [2011/10/28 20:22:14 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/09/09 15:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys -- (SymNetS) DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP) DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA) DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS) DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON) DRV - [2010/11/11 19:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/05/21 01:56:56 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010/05/21 01:56:56 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010/05/21 01:55:04 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010/05/21 01:53:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010/05/21 00:40:08 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010/05/20 22:19:20 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010/05/20 22:19:20 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2010/05/20 22:19:20 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2010/04/27 17:41:40 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem) DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009/06/22 15:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008/02/05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 AC 4D 22 D7 27 CD 01 [binary data] IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5 IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 21:32:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/03 16:37:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/03/18 22:06:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 16:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Extensions [2012/05/01 22:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\extensions [2011/11/14 18:42:04 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011/11/05 18:08:37 | 000,002,469 | ---- | M] () -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\searchplugins\safesearch.xml [2012/04/27 16:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/27 16:44:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/09 10:14:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/03 10:30:35 | 000,442,706 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15209 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft) O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions) O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [iSUSPM] -scheduler File not found O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000001] C:\Windows\is-E181S.exe () O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A64821-6BF4-42D4-857A-66B9A310CC16}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E754E-3C2A-43C3-A03B-77DD412683A7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E754E-3C2A-43C3-A03B-77DD412683A7}: NameServer = 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0830805-1F03-4D7E-8761-621B549C499B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A47C34A4-5646-456A-8634-096416A4FD39}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/12/01 22:32:56 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ] O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{088f2bbf-4276-11e1-8288-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{088f2bbf-4276-11e1-8288-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/06 10:53:25 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe [2012/05/06 10:24:47 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Spencer\Desktop\dds.scr [2012/05/05 16:15:53 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\LDW [2012/05/05 10:46:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/05/04 16:10:56 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Spencer\Desktop\dds.com [2012/05/02 17:32:03 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\TeamViewer [2012/05/01 18:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012/04/29 11:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/04/29 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/04/27 16:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/04/27 16:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/25 16:51:17 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Desktop\Backyard Improvement Plans [2012/04/22 10:39:10 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\Upload [2012/04/20 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Desktop\HQPlants [2012/04/17 16:09:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{086E6A7A-531E-45FD-96C4-4191E663E804} [2012/04/11 16:03:51 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/04/11 03:09:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/04/11 03:09:16 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/04/11 03:09:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/04/11 03:09:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/04/11 03:09:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/04/11 03:09:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/04/11 03:00:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/04/11 03:00:49 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/04/10 08:14:21 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Desktop\Peach Canker [2012/04/09 23:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/04/09 23:35:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012/04/09 23:35:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012/04/09 23:35:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012/04/09 23:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012/05/06 10:56:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/06 10:53:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe [2012/05/06 10:25:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Spencer\Desktop\dds.scr [2012/05/05 10:46:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/05/04 22:49:16 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ubwlxglg.sys [2012/05/04 18:57:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/05/04 18:57:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/05/04 18:56:38 | 000,711,240 | ---- | M] () -- C:\Windows\is-E181S.exe [2012/05/04 18:56:38 | 000,010,498 | ---- | M] () -- C:\Windows\is-E181S.msg [2012/05/04 18:56:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/04 18:56:38 | 000,000,441 | ---- | M] () -- C:\Windows\is-E181S.lst [2012/05/04 16:11:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Spencer\Desktop\dds.com [2012/05/03 18:14:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/03 18:14:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/03 16:37:47 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2012/05/03 16:37:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/03 16:37:20 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err [2012/05/03 16:37:03 | 2716,721,152 | -HS- | M] () -- C:\hiberfil.sys [2012/05/03 10:30:36 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2012/05/03 10:30:35 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/05/01 20:16:03 | 000,001,205 | ---- | M] () -- C:\Users\Spencer\Desktop\cmd.exe.lnk [2012/05/01 18:07:11 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012/05/01 11:00:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2012/05/01 08:27:39 | 000,348,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/04/29 12:15:27 | 000,002,042 | -H-- | M] () -- C:\Users\Spencer\Documents\Default.rdp [2012/04/29 11:45:56 | 000,001,110 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120429_114554.reg [2012/04/29 11:45:45 | 000,052,854 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120429_114540.reg [2012/04/29 11:41:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/04/29 10:43:24 | 000,001,827 | ---- | M] () -- C:\Users\Spencer\AppData\Roaming\simplemoneymanager.ini [2012/04/29 10:41:15 | 000,306,290 | ---- | M] () -- C:\Users\Spencer\Documents\hqplants.amj [2012/04/26 10:30:37 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120503-103035.backup [2012/04/19 10:30:32 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120426-103037.backup [2012/04/13 23:02:49 | 000,075,766 | ---- | M] () -- C:\Users\Spencer\Documents\epach.odt [2012/04/12 10:30:42 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120419-103032.backup [2012/04/11 22:41:50 | 000,081,874 | ---- | M] () -- C:\Users\Spencer\Documents\Doss Faimly.odt [2012/04/11 22:34:26 | 000,073,870 | ---- | M] () -- C:\Users\Spencer\Documents\HQPlants Documents.odt [2012/04/11 03:30:48 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/04/11 03:30:14 | 001,400,698 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\Cat.DB [2012/04/11 03:25:09 | 000,001,656 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012/04/11 03:05:43 | 000,739,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/11 03:05:43 | 000,151,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/09 23:35:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012/04/09 23:35:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012/04/09 23:35:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012/04/09 23:35:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe ========== Files Created - No Company Name ========== [2012/05/04 22:49:16 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ubwlxglg.sys [2012/05/04 18:56:38 | 000,711,240 | ---- | C] () -- C:\Windows\is-E181S.exe [2012/05/04 18:56:38 | 000,010,498 | ---- | C] () -- C:\Windows\is-E181S.msg [2012/05/04 18:56:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/04 18:56:38 | 000,000,441 | ---- | C] () -- C:\Windows\is-E181S.lst [2012/05/01 20:15:58 | 000,001,205 | ---- | C] () -- C:\Users\Spencer\Desktop\cmd.exe.lnk [2012/05/01 18:07:11 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012/05/01 18:07:10 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012/05/01 08:27:30 | 000,348,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012/04/29 11:45:55 | 000,001,110 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120429_114554.reg [2012/04/29 11:45:42 | 000,052,854 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120429_114540.reg [2012/04/29 11:41:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/04/13 23:02:47 | 000,075,766 | ---- | C] () -- C:\Users\Spencer\Documents\epach.odt [2012/04/11 22:34:42 | 000,081,874 | ---- | C] () -- C:\Users\Spencer\Documents\Doss Faimly.odt [2012/04/11 22:34:24 | 000,073,870 | ---- | C] () -- C:\Users\Spencer\Documents\HQPlants Documents.odt [2012/04/11 16:03:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/11 03:30:48 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/03/18 21:45:32 | 000,001,656 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012/02/18 19:05:55 | 000,001,827 | ---- | C] () -- C:\Users\Spencer\AppData\Roaming\simplemoneymanager.ini [2012/02/12 12:04:44 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/02/12 12:04:44 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2040.DAT [2012/02/01 18:01:51 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2012/01/22 09:15:01 | 000,000,600 | ---- | C] () -- C:\Users\Spencer\AppData\Local\PUTTY.RND [2012/01/16 22:12:53 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012/01/16 22:12:53 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012/01/16 22:12:52 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012/01/16 22:12:52 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012/01/16 22:12:52 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011/12/19 21:33:49 | 000,000,095 | ---- | C] () -- C:\Users\Spencer\AppData\Local\fusioncache.dat [2011/11/30 22:36:17 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2011/11/23 00:06:51 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011/11/23 00:06:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/11/14 19:07:42 | 000,016,384 | ---- | C] () -- C:\Users\Spencer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/05 16:01:12 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL [2011/11/05 08:51:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/10/30 17:58:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2011/10/30 17:58:16 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2011/10/30 17:58:12 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2011/10/14 22:15:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\phpc.exe [2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.