Jump to content
Sign in to follow this  
hunts

BCMINER keeps comming back

Recommended Posts

Malwarebytes finds BCMINER but it keeps comming back, your help is appreciated!

Share this post


Link to post
Share on other sites

Hello hunts and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Here's the files requested:

OTL logfile created on: 7/7/2012 9:58:39 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.42 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 50.79% Memory free

6.84 Gb Paging File | 5.09 Gb Available in Paging File | 74.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 224.38 Gb Total Space | 59.72 Gb Free Space | 26.62% Space Free | Partition Type: NTFS

Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 5.00% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: GIGABYTEGAZ68 | User Name: Rich | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 09:42:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/20 21:28:54 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe

PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/08/12 14:38:58 | 001,841,504 | ---- | M] (Gigabyte Technology CO.) -- C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 17:29:12 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/07/06 18:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/06/23 08:42:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)

SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)

SRV - [2011/04/24 19:00:00 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) EPSON V3 Service4(05)

SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- C:\Program Files\GIGABYTE\SMART6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)

SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WN111.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)

DRV - [2012/07/07 09:25:34 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/06/23 08:51:34 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv)

DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)

DRV - [2011/03/07 05:22:00 | 000,052,992 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV - [2011/03/07 05:22:00 | 000,033,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)

DRV - [2011/01/10 18:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2010/12/18 13:42:00 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/12/18 13:42:00 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/10/14 12:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2010/09/21 09:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel®

DRV - [2007/09/11 03:23:46 | 000,015,360 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrveap32.sys -- (Mrvleap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 0C 81 64 31 31 CC 01 [binary data]

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS438

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/05 00:15:36 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000..\Run: [AdobeBridge] File not found

O4 - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2541698021-2910038252-4145046732-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.nationalgeomatica.com/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{877155DC-C721-4C11-81CE-8E40FE96C4E1}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/05/20 16:05:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 09:42:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

[2012/07/07 09:39:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rich\Desktop\dds.com

[2012/07/06 18:32:02 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/07/06 18:29:45 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/07/06 18:29:45 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/07/06 18:29:17 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/07/06 18:29:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/07/06 18:29:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/07/06 18:28:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/07/06 18:28:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/07/06 18:21:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/05 17:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/07/03 19:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/03 19:10:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/07/03 19:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/03 18:30:52 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012/07/03 18:11:24 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/06/19 14:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/19 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/06/19 14:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/06/19 14:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/18 16:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011

[2012/06/13 03:01:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/06/13 03:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/06/13 03:01:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/06/13 03:01:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/06/13 03:01:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/06/13 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/06/13 03:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/06/13 03:00:38 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2012/06/13 03:00:38 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012/06/13 03:00:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2012/06/10 17:13:54 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\Wrightsoft HVAC

[2012/06/10 17:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wrightsoft HVAC

[2012/06/10 17:06:15 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00F

[2012/06/10 17:06:15 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.010

[2012/06/10 17:06:15 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.011

[2012/06/10 17:05:48 | 001,208,320 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\System32\spr32d70.dll

[2012/06/10 17:03:30 | 001,045,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL

[2012/06/10 17:03:30 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vbar332.dll

[2012/06/10 17:03:30 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msrd2x35.dll

[2012/06/10 17:03:30 | 000,246,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00A

[2012/06/10 17:03:30 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00D

[2012/06/10 17:03:30 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjint35.dll

[2012/06/10 17:03:30 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Odbctl32.dll

[2012/06/10 17:03:30 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00C

[2012/06/10 17:03:30 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjter35.dll

[2012/06/10 17:03:30 | 000,018,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00E

[2012/06/10 17:03:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00B

[2012/06/10 17:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Wrightsoft HVAC

[2012/06/10 17:03:29 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003

[2012/06/10 17:03:29 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007

[2012/06/10 17:03:29 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.008

[2012/06/10 17:03:29 | 000,093,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006

[2012/06/10 17:03:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000

[2012/06/10 17:03:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.009

[2012/06/10 17:03:29 | 000,026,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004

[2012/06/10 17:03:29 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ODBCCP32.CPL

[2012/06/10 17:03:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005

[2012/06/10 17:03:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002

[2012/06/10 17:03:29 | 000,004,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001

[2012/06/07 15:50:45 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes

[2012/06/07 15:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/07 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

========== Files - Modified Within 30 Days ==========

[2012/07/07 09:42:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

[2012/07/07 09:41:30 | 000,050,477 | ---- | M] () -- C:\Users\Rich\Desktop\Defogger.exe

[2012/07/07 09:41:11 | 000,881,475 | ---- | M] () -- C:\Users\Rich\Desktop\SecurityCheck.exe

[2012/07/07 09:39:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rich\Desktop\dds.com

[2012/07/07 09:37:36 | 000,000,000 | ---- | M] () -- C:\Users\Rich\defogger_reenable

[2012/07/07 09:32:28 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/07 09:32:28 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/07 09:29:31 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/07 09:29:31 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/07 09:29:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/07 09:25:34 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys

[2012/07/07 09:25:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/07 09:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/07 09:25:04 | 2754,961,408 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/06 18:41:57 | 000,000,600 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\winscp.rnd

[2012/07/06 18:37:55 | 003,713,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/07/06 18:16:12 | 268,164,445 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/05 18:51:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml

[2012/07/05 18:51:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2012/07/03 19:10:15 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/03 18:45:01 | 000,001,422 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/19 14:40:13 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/18 16:26:46 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk

[2012/06/18 16:25:31 | 000,000,574 | ---- | M] () -- C:\Users\Rich\Desktop\Division of Revenue Business Records Service.website

[2012/06/12 17:08:37 | 000,095,774 | ---- | M] () -- C:\Users\Rich\Desktop\New Home ENERGY STAR Builder Agreement.pdf

[2012/06/10 17:06:16 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\Right-Suite® Universal.lnk

[2012/06/10 17:03:30 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI

========== Files Created - No Company Name ==========

[2012/07/07 09:41:30 | 000,050,477 | ---- | C] () -- C:\Users\Rich\Desktop\Defogger.exe

[2012/07/07 09:41:04 | 000,881,475 | ---- | C] () -- C:\Users\Rich\Desktop\SecurityCheck.exe

[2012/07/07 09:37:36 | 000,000,000 | ---- | C] () -- C:\Users\Rich\defogger_reenable

[2012/07/07 09:34:11 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@

[2012/07/07 09:29:42 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@

[2012/07/05 18:50:49 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml

[2012/07/05 18:50:49 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml

[2012/07/03 19:10:15 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/03 18:18:48 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@

[2012/07/03 18:18:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@

[2012/07/03 18:18:48 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@

[2012/07/03 18:18:47 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@

[2012/06/19 14:40:13 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/18 16:26:46 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk

[2012/06/12 17:08:36 | 000,095,774 | ---- | C] () -- C:\Users\Rich\Desktop\New Home ENERGY STAR Builder Agreement.pdf

[2012/06/10 17:06:16 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\Right-Suite® Universal.lnk

[2012/06/10 17:04:35 | 000,014,336 | ---- | C] () -- C:\Windows\System32\WEBDIAL.EXE

[2012/06/05 20:31:54 | 000,007,613 | -H-- | C] () -- C:\Users\Rich\AppData\Local\Resmon.ResmonCfg

[2012/04/10 22:17:41 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/02/03 18:56:03 | 000,000,600 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\winscp.rnd

[2012/01/31 13:55:44 | 000,072,080 | -H-- | C] () -- C:\Users\Rich\g2mdlhlpx.exe

[2012/01/24 19:01:28 | 000,000,107 | ---- | C] () -- C:\Windows\EWF845.ini

[2012/01/11 22:02:27 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

[2012/01/11 22:02:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

[2011/12/29 18:44:17 | 000,160,392 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011/12/19 14:27:38 | 000,000,000 | -H-- | C] () -- C:\Users\Rich\AppData\Local\{74E551CB-4C23-484D-933E-39DDAA7DAC06}

[2011/10/21 18:44:13 | 000,000,182 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\burnaware.ini

[2011/06/27 11:35:52 | 000,030,720 | -H-- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/24 09:04:31 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2011/06/23 15:03:34 | 000,000,132 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/06/23 11:57:24 | 000,000,132 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011/06/22 19:08:10 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys

[2011/06/22 16:29:57 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/06/22 15:42:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll

[2011/06/22 15:42:12 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe

[2011/06/22 15:42:12 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys

[2011/06/22 15:40:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011/06/22 15:38:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

[2011/06/22 15:38:58 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin

[2011/06/22 15:38:58 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin

[2011/06/22 15:38:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2011/06/22 15:15:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011/03/26 01:10:22 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin

[2011/03/26 00:33:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

< End of report >

OTL Extras logfile created on: 7/7/2012 9:58:39 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.42 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 50.79% Memory free

6.84 Gb Paging File | 5.09 Gb Available in Paging File | 74.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 224.38 Gb Total Space | 59.72 Gb Free Space | 26.62% Space Free | Partition Type: NTFS

Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 5.00% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: GIGABYTEGAZ68 | User Name: Rich | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 30

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1221.1

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard

"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{70F1348F-F94F-4FFB-A5D0-CE5575312A88}" = TurboTax 2011 wnjpbpm

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7346B4A0-1200-0100-0409-705C0D862004}" = Revit Architecture 2012

"{7346B4A0-1200-0101-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English

"{73C213C0-DD1F-4A71-9F5F-896838953DD1}" = Cause of the Month Reminder by We-Care.com v5.0.6.2

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer Desktop

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80A17ED7-059E-40FF-B5D6-F37C737CA693}" = Adobe Photoshop Lightroom 4

"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant

"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}" = Microsoft Online Services Sign-in Assistant

"{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010

"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{3AED81FF-F443-4D34-A103-5EB05C954265}" =

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine

"{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{ABD650AB-CF97-4FD8-837A-3EFBE3924BB1}" = TurboTax 2010 wnjpbpm

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper

"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1

"{CA19AEA3-B949-41DA-AFBA-692356230F6E}" = TurboTax 2010 wnjiper

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport

"{DCED0AD4-784D-4667-B4A0-6FE953FAC4BB}" = TurboTax 2011 wnjiper

"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F03DFD59-5FFB-4306-9731-BD2863545EEB}}_is1" = OptiMiser v2.0.5710

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop

"Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012

"BurnAware Free_is1" = BurnAware Free 3.5

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 845 Series" = EPSON WorkForce 845 Series Printer Uninstall

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0323.1

"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1

"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Office14.OUTLOOK" = Microsoft Outlook 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Picasa 3" = Picasa 3

"Right-Suite Universal" = Right-Suite Universal

"sp6" = Logitech SetPoint 6.30

"SugarSync" = SugarSync Manager

"TurboTax 2010" = TurboTax 2010

"TurboTax 2011" = TurboTax 2011

"TurboTax Business 2010" = TurboTax Business 2010

"TurboTax Business 2011" = TurboTax Business 2011

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/5/2012 6:35:59 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 7:32:54 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 9:15:41 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2012 5:48:30 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2012 6:17:47 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2012 6:24:18 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2012 6:27:11 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2012 6:37:25 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2012 8:13:09 PM | Computer Name = GigabyteGAZ68 | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\EPSON Software\Download

Navigator\Resource01\E_UPBW01.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/6/2012 9:30:08 PM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

Error - 7/7/2012 9:26:49 AM | Computer Name = GigabyteGAZ68 | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 6/25/2012 7:50:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:50:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:50:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:55:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:55:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:55:37 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:57:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:57:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 7:57:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 6/25/2012 8:02:45 PM | Computer Name = GigabyteGAZ68 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2012/07/07 09:34:11 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
    [2012/07/07 09:29:42 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
    [2012/07/03 18:18:48 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
    [2012/07/03 18:18:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
    [2012/07/03 18:18:48 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
    [2012/07/03 18:18:47 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
    [2012/01/11 22:02:27 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    [2012/01/11 22:02:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

    :files
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

OTL Fix log as requested:

All processes killed

========== OTL ==========

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@ moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@ moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@ moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@ moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ moved successfully.

========== FILES ==========

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} scheduled to be moved on reboot.

C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Rich\Desktop\cmd.bat deleted successfully.

C:\Users\Rich\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Rich

->Temp folder emptied: 1521663944 bytes

->Temporary Internet Files folder emptied: 330027303 bytes

->Java cache emptied: 11081663 bytes

->Apple Safari cache emptied: 60134400 bytes

->Flash cache emptied: 57673 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 678450936 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 651630195 bytes

Total Files Cleaned = 3,102.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07092012_153056

Files\Folders moved on Reboot...

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix 12-07-10.01 - Rich 07/10/2012 8:07.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.2416 [GMT -4:00]

Running from: c:\users\Rich\Desktop\Virus Utilities\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\explorer

c:\program files\explorer\AddressParser\AddressParserConfiguration.xml

c:\program files\explorer\AddressParser\parser_andorra.xml

c:\program files\explorer\AddressParser\parser_austria.xml

c:\program files\explorer\AddressParser\parser_belgium.xml

c:\program files\explorer\AddressParser\parser_canada.xml

c:\program files\explorer\AddressParser\parser_denmark.xml

c:\program files\explorer\AddressParser\parser_france.xml

c:\program files\explorer\AddressParser\parser_germany.xml

c:\program files\explorer\AddressParser\parser_ireland.xml

c:\program files\explorer\AddressParser\parser_italy.xml

c:\program files\explorer\AddressParser\parser_liechtenstein.xml

c:\program files\explorer\AddressParser\parser_luxembourg.xml

c:\program files\explorer\AddressParser\parser_monaco.xml

c:\program files\explorer\AddressParser\parser_netherlands.xml

c:\program files\explorer\AddressParser\parser_norway.xml

c:\program files\explorer\AddressParser\parser_portugal.xml

c:\program files\explorer\AddressParser\parser_spain.xml

c:\program files\explorer\AddressParser\parser_sweden.xml

c:\program files\explorer\AddressParser\parser_switzerland.xml

c:\program files\explorer\AddressParser\parser_uk.xml

c:\program files\explorer\AddressParser\parser_usa.xml

c:\program files\explorer\basemaps\basemaps.de.xml

c:\program files\explorer\basemaps\basemaps.es.xml

c:\program files\explorer\basemaps\basemaps.fr.xml

c:\program files\explorer\basemaps\basemaps.ja-jp.xml

c:\program files\explorer\basemaps\basemaps.xml

c:\program files\explorer\basemaps\basemaps.zh-CN.xml

c:\program files\explorer\basemaps\Server\basemap0.nmf

c:\program files\explorer\basemaps\Server\basemap0.png

c:\program files\explorer\basemaps\Server\basemap1.nmf

c:\program files\explorer\basemaps\Server\basemap1.png

c:\program files\explorer\basemaps\Server\basemap10.nmf

c:\program files\explorer\basemaps\Server\basemap10.png

c:\program files\explorer\basemaps\Server\basemap11.nmf

c:\program files\explorer\basemaps\Server\basemap11.png

c:\program files\explorer\basemaps\Server\basemap2.nmf

c:\program files\explorer\basemaps\Server\basemap2.png

c:\program files\explorer\basemaps\Server\basemap3.nmf

c:\program files\explorer\basemaps\Server\basemap3.png

c:\program files\explorer\basemaps\Server\basemap4.nmf

c:\program files\explorer\basemaps\Server\basemap4.png

c:\program files\explorer\basemaps\Server\basemap5.nmf

c:\program files\explorer\basemaps\Server\basemap5.png

c:\program files\explorer\basemaps\Server\basemap6.nmf

c:\program files\explorer\basemaps\Server\basemap6.png

c:\program files\explorer\basemaps\Server\basemap7.nmf

c:\program files\explorer\basemaps\Server\basemap7.png

c:\program files\explorer\basemaps\Server\basemap8.nmf

c:\program files\explorer\basemaps\Server\basemap8.png

c:\program files\explorer\basemaps\Server\basemap9.nmf

c:\program files\explorer\basemaps\Server\basemap9.png

c:\program files\explorer\basemaps\Server\basemaps.de.xml

c:\program files\explorer\basemaps\Server\basemaps.es.xml

c:\program files\explorer\basemaps\Server\basemaps.fr.xml

c:\program files\explorer\basemaps\Server\basemaps.ja-jp.xml

c:\program files\explorer\basemaps\Server\basemaps.xml

c:\program files\explorer\basemaps\Server\basemaps.zh-CN.xml

c:\program files\explorer\bin\3dAnalystUtil.dll

c:\program files\explorer\bin\3DSymbols.dll

c:\program files\explorer\bin\3DSymbolsLib.dll

c:\program files\explorer\bin\AfCore.dll

c:\program files\explorer\bin\AfUtil.dll

c:\program files\explorer\bin\AGSClient.dll

c:\program files\explorer\bin\aibase.dll

c:\program files\explorer\bin\aifeat.dll

c:\program files\explorer\bin\AISClient.dll

c:\program files\explorer\bin\AISGlobalLib.dll

c:\program files\explorer\bin\aishape.dll

c:\program files\explorer\bin\Animation.dll

c:\program files\explorer\bin\AnnoLayer.dll

c:\program files\explorer\bin\Annotation.dll

c:\program files\explorer\bin\AnnotationLib.dll

c:\program files\explorer\bin\AoInitializer.dll

c:\program files\explorer\bin\AppInitializerLib.dll

c:\program files\explorer\bin\ApplicationConfigurationManager.exe

c:\program files\explorer\bin\ArcGISExplorer.ISCConfig

c:\program files\explorer\bin\atl71.dll

c:\program files\explorer\bin\BasemapLayer.dll

c:\program files\explorer\bin\BasicRasterPicture.dll

c:\program files\explorer\bin\BGLAPI.dll

c:\program files\explorer\bin\BGLAPILib.dll

c:\program files\explorer\bin\BGLFontEngine.dll

c:\program files\explorer\bin\BGLGeomChestLib.dll

c:\program files\explorer\bin\BGLGeometricEffects.dll

c:\program files\explorer\bin\BGLImageCoders.dll

c:\program files\explorer\bin\BGLRasterizerLib.dll

c:\program files\explorer\bin\BGLRasterizerSW.dll

c:\program files\explorer\bin\BGLSymbols.dll

c:\program files\explorer\bin\BGLSymbolsLib.dll

c:\program files\explorer\bin\BGLToGDIHelper.dll

c:\program files\explorer\bin\bin.zreg

c:\program files\explorer\bin\CacheRasterDB.dll

c:\program files\explorer\bin\CadastralFabric.dll

c:\program files\explorer\bin\CadastralFabricLayer.dll

c:\program files\explorer\bin\CadEngine.dll

c:\program files\explorer\bin\CadFDB.dll

c:\program files\explorer\bin\CadLayer.dll

c:\program files\explorer\bin\CadWorkspaceFactory.dll

c:\program files\explorer\bin\Camera.dll

c:\program files\explorer\bin\CartoControlsLib.dll

c:\program files\explorer\bin\CartoConverter.dll

c:\program files\explorer\bin\CartoXLib.dll

c:\program files\explorer\bin\CIM.dll

c:\program files\explorer\bin\CIMLib.dll

c:\program files\explorer\bin\Color.dll

c:\program files\explorer\bin\ComplexSymbols.dll

c:\program files\explorer\bin\CompressedDataFile.dll

c:\program files\explorer\bin\Configuration\CATID\esri.catid.ecfg

c:\program files\explorer\bin\Configuration\CLSID\esri.clsid.ecfg

c:\program files\explorer\bin\DADFLib.dll

c:\program files\explorer\bin\DaeLib.dll

c:\program files\explorer\bin\DataConverterLib.dll

c:\program files\explorer\bin\dbghelp.dll

c:\program files\explorer\bin\de\ApplicationConfigurationManager.resources.dll

c:\program files\explorer\bin\de\DADFRes.dll

c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll

c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll

c:\program files\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll

c:\program files\explorer\bin\de\ResToolkitPro.dll

c:\program files\explorer\bin\DECoreLib.dll

c:\program files\explorer\bin\DFORRT.DLL

c:\program files\explorer\bin\Display.dll

c:\program files\explorer\bin\DisplayFeedback.dll

c:\program files\explorer\bin\DisplayGraph.dll

c:\program files\explorer\bin\DisplayLib.dll

c:\program files\explorer\bin\DistributedGeodbLib.dll

c:\program files\explorer\bin\DynamicDisplay.dll

c:\program files\explorer\bin\e3.config.xml

c:\program files\explorer\bin\E3.exe

c:\program files\explorer\bin\E3.exe.config

c:\program files\explorer\bin\E3Control.dll

c:\program files\explorer\bin\E3EmailHelper.exe

c:\program files\explorer\bin\EngineGraphics.dll

c:\program files\explorer\bin\EnginePackager.dll

c:\program files\explorer\bin\es\ApplicationConfigurationManager.resources.dll

c:\program files\explorer\bin\es\DADFRes.dll

c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll

c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll

c:\program files\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll

c:\program files\explorer\bin\es\ResToolkitPro.dll

c:\program files\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll

c:\program files\explorer\bin\ESRI.ArcGISExplorer.Application.dll

c:\program files\explorer\bin\ESRI.ArcGISExplorer.dll

c:\program files\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll

c:\program files\explorer\bin\ESRI.DADF.Core.dll

c:\program files\explorer\bin\ESRI.DADF.dll

c:\program files\explorer\bin\esrizip.exe

c:\program files\explorer\bin\Export.dll

c:\program files\explorer\bin\ExtTopoEngine.dll

c:\program files\explorer\bin\FdaCore.dll

c:\program files\explorer\bin\FdaCoreLib.dll

c:\program files\explorer\bin\FdaRel.dll

c:\program files\explorer\bin\FeatureDataConverter.dll

c:\program files\explorer\bin\FeatureDataElements.dll

c:\program files\explorer\bin\FeatureLayer.dll

c:\program files\explorer\bin\FeatureLayerLib.dll

c:\program files\explorer\bin\FgdbRasterDB.dll

c:\program files\explorer\bin\FgdbUtilLib.dll

c:\program files\explorer\bin\FileDataElements.dll

c:\program files\explorer\bin\FileDBCoreLib.dll

c:\program files\explorer\bin\FileGDB.dll

c:\program files\explorer\bin\FileGDBWorkspaceFactory.dll

c:\program files\explorer\bin\fr\ApplicationConfigurationManager.resources.dll

c:\program files\explorer\bin\fr\DADFRes.dll

c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll

c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll

c:\program files\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll

c:\program files\explorer\bin\fr\ResToolkitPro.dll

c:\program files\explorer\bin\FunctionRasterDB.dll

c:\program files\explorer\bin\gdal16.dll

c:\program files\explorer\bin\GdalRasterDB.dll

c:\program files\explorer\bin\GdbCatalog.dll

c:\program files\explorer\bin\GdbCore.dll

c:\program files\explorer\bin\GdbCoreLib.dll

c:\program files\explorer\bin\GdbNet.dll

c:\program files\explorer\bin\GdbTopo.dll

c:\program files\explorer\bin\GeoDataExtraction.dll

c:\program files\explorer\bin\GeoDataServer.dll

c:\program files\explorer\bin\GeoDataTransfer.dll

c:\program files\explorer\bin\Geometry.dll

c:\program files\explorer\bin\GeoprocessingLib.dll

c:\program files\explorer\bin\GeoProcessor.dll

c:\program files\explorer\bin\GeoRSSPlugin.dll

c:\program files\explorer\bin\glew32.dll

c:\program files\explorer\bin\Globe.dll

c:\program files\explorer\bin\GlobeCamera.dll

c:\program files\explorer\bin\GlobeClient.dll

c:\program files\explorer\bin\GlobeCoreLib.dll

c:\program files\explorer\bin\GlobeDisplay.dll

c:\program files\explorer\bin\GlobeLayers.dll

c:\program files\explorer\bin\GlobeServer.dll

c:\program files\explorer\bin\GlobeServerLayer.dll

c:\program files\explorer\bin\GlobeViewerCoreLib.dll

c:\program files\explorer\bin\GPClient.dll

c:\program files\explorer\bin\GpObjects.dll

c:\program files\explorer\bin\GpPythonCore.dll

c:\program files\explorer\bin\GPRasterFunctions.dll

c:\program files\explorer\bin\GraphicElements.dll

c:\program files\explorer\bin\hd420m.dll

c:\program files\explorer\bin\hdf5dll.dll

c:\program files\explorer\bin\hm420m.dll

c:\program files\explorer\bin\icudt40.dll

c:\program files\explorer\bin\icuin40.dll

c:\program files\explorer\bin\icuio40.dll

c:\program files\explorer\bin\icule40.dll

c:\program files\explorer\bin\icuuc40.dll

c:\program files\explorer\bin\ImageAccessLib.dll

c:\program files\explorer\bin\ImageClient.dll

c:\program files\explorer\bin\ImageServer.dll

c:\program files\explorer\bin\ImageServerLayer.dll

c:\program files\explorer\bin\IMSConnector.dll

c:\program files\explorer\bin\ImsFDB.dll

c:\program files\explorer\bin\IMSLayer.dll

c:\program files\explorer\bin\IMSLayerLib.dll

c:\program files\explorer\bin\IMSServiceLib.dll

c:\program files\explorer\bin\ImsWorkspaceFactory.dll

c:\program files\explorer\bin\InMemoryWorkspaceFactory.dll

c:\program files\explorer\bin\InputDevice3Dx.dll

c:\program files\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll

c:\program files\explorer\bin\ja-JP\DADFRes.dll

c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll

c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll

c:\program files\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll

c:\program files\explorer\bin\ja-JP\ResToolkitPro.dll

c:\program files\explorer\bin\kdu61.dll

c:\program files\explorer\bin\KmlLayer.dll

c:\program files\explorer\bin\LabelPlacement.dll

c:\program files\explorer\bin\Layer.dll

c:\program files\explorer\bin\LayerLib.dll

c:\program files\explorer\bin\lcms117lib.dll

c:\program files\explorer\bin\libcollada14dom21.dll

c:\program files\explorer\bin\libcurl.dll

c:\program files\explorer\bin\lti_dsdk_dll.dll

c:\program files\explorer\bin\Map.dll

c:\program files\explorer\bin\MapClient.dll

c:\program files\explorer\bin\MapDB.dll

c:\program files\explorer\bin\MapElements.dll

c:\program files\explorer\bin\MaplexEngineLib.dll

c:\program files\explorer\bin\MapLib.dll

c:\program files\explorer\bin\MappingCore.dll

c:\program files\explorer\bin\MappingCoreLib.dll

c:\program files\explorer\bin\MappingServicesLib.dll

c:\program files\explorer\bin\MapServer.dll

c:\program files\explorer\bin\MapServerLayer.dll

c:\program files\explorer\bin\Marker3DFile.dll

c:\program files\explorer\bin\MessageSupport.dll

c:\program files\explorer\bin\Microsoft.VC90.ATL\atl90.dll

c:\program files\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest

c:\program files\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll

c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll

c:\program files\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll

c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90.dll

c:\program files\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll

c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll

c:\program files\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll

c:\program files\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll

c:\program files\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest

c:\program files\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest

c:\program files\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll

c:\program files\explorer\bin\MosaicDB.dll

c:\program files\explorer\bin\msvcp71.dll

c:\program files\explorer\bin\msvcr71.dll

c:\program files\explorer\bin\Navigation.dll

c:\program files\explorer\bin\NetEngine80.dll

c:\program files\explorer\bin\Network.dll

c:\program files\explorer\bin\NetworkAnalystSolvers.dll

c:\program files\explorer\bin\NetworkDataset.dll

c:\program files\explorer\bin\OGCClient.dll

c:\program files\explorer\bin\OleFDB.dll

c:\program files\explorer\bin\OutputLib.dll

c:\program files\explorer\bin\PageLayout.dll

c:\program files\explorer\bin\pe.dll

c:\program files\explorer\bin\PlugInDataSource.dll

c:\program files\explorer\bin\PlugInWorkspaceFactory.dll

c:\program files\explorer\bin\PrintOut.dll

c:\program files\explorer\bin\RasterAnalysisUtilLib.dll

c:\program files\explorer\bin\RasterCatalog.dll

c:\program files\explorer\bin\RasterCoreLib.dll

c:\program files\explorer\bin\RasterDB.dll

c:\program files\explorer\bin\RasterEngine.dll

c:\program files\explorer\bin\RasterFormats.dat

c:\program files\explorer\bin\RasterGraphicElements.dll

c:\program files\explorer\bin\RasterIO.dll

c:\program files\explorer\bin\RasterLayer.dll

c:\program files\explorer\bin\RasterRenderer.dll

c:\program files\explorer\bin\RasterWorkspaceFactory.dll

c:\program files\explorer\bin\Renderers.dll

c:\program files\explorer\bin\RepresentationDB.dll

c:\program files\explorer\bin\RepresentationEffects.dll

c:\program files\explorer\bin\RepresentationLayer.dll

c:\program files\explorer\bin\RepresentationLib.dll

c:\program files\explorer\bin\RepresentationSymbols.dll

c:\program files\explorer\bin\SceneFilters.dll

c:\program files\explorer\bin\SceneGraph.dll

c:\program files\explorer\bin\sdcdbx.dll

c:\program files\explorer\bin\SDCPlugIn.dll

c:\program files\explorer\bin\sde.dll

c:\program files\explorer\bin\SdeFDB.dll

c:\program files\explorer\bin\SdeRasterDB.dll

c:\program files\explorer\bin\sdesetup.dll

c:\program files\explorer\bin\SdeWorkspaceFactory.dll

c:\program files\explorer\bin\ServerStyleGallery.dll

c:\program files\explorer\bin\sg.dll

c:\program files\explorer\bin\ShapefileFDB.dll

c:\program files\explorer\bin\ShapefileWorkspaceFactory.dll

c:\program files\explorer\bin\SimpleDataConverter.dll

c:\program files\explorer\bin\StyleGalleryClasses.dll

c:\program files\explorer\bin\SystemUIUtil.dll

c:\program files\explorer\bin\Terrain.dll

c:\program files\explorer\bin\TerrainLayer.dll

c:\program files\explorer\bin\TextFileWorkspaceFactory.dll

c:\program files\explorer\bin\TextureCookerService.exe

c:\program files\explorer\bin\TinDb.dll

c:\program files\explorer\bin\TinEngine.dll

c:\program files\explorer\bin\TinLayer.dll

c:\program files\explorer\bin\TinRenderer.dll

c:\program files\explorer\bin\TinWorkspaceFactory.dll

c:\program files\explorer\bin\ViewerCoreLib.dll

c:\program files\explorer\bin\VpfFDB.dll

c:\program files\explorer\bin\VpfWorkspaceFactory.dll

c:\program files\explorer\bin\WebServices.dll

c:\program files\explorer\bin\WMSLayer.dll

c:\program files\explorer\bin\xerces-c_2_7.dll

c:\program files\explorer\bin\XmlSupport.dat

c:\program files\explorer\bin\XMLSupport.dll

c:\program files\explorer\bin\XYEvents.dll

c:\program files\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll

c:\program files\explorer\bin\zh-CN\DADFRes.dll

c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll

c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll

c:\program files\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll

c:\program files\explorer\bin\zh-CN\ResToolkitPro.dll

c:\program files\explorer\bin\zlib1.dll

c:\program files\explorer\bin\zlibwapi.dll

c:\program files\explorer\ColorProfiles\esriGray22.icc

c:\program files\explorer\ColorProfiles\Lab2Lab.icm

c:\program files\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc

c:\program files\explorer\ColorProfiles\USWebCoatedSWOP.icc

c:\program files\explorer\ColorProfiles\Xyz2Xyz.icm

c:\program files\explorer\com\com.zreg

c:\program files\explorer\com\esriE3.olb

c:\program files\explorer\license\ExplorerEnglishLicense.pdf

c:\program files\explorer\license\ExplorerFrenchLicense.pdf

c:\program files\explorer\license\ExplorerGermanLicense.pdf

c:\program files\explorer\license\ExplorerJapaneseLicense.pdf

c:\program files\explorer\license\ExplorerSimplChineseLicense.pdf

c:\program files\explorer\license\ExplorerSpanishLicense.pdf

c:\program files\explorer\PackageTemplates\ArcGISExplorer.stylesheet

c:\program files\explorer\PackageTemplates\Package931.template

c:\program files\explorer\pedata\gdaldata\coordinate_axis.csv

c:\program files\explorer\pedata\gdaldata\cubewerx_extra.wkt

c:\program files\explorer\pedata\gdaldata\ecw_cs.dat

c:\program files\explorer\pedata\gdaldata\ellipsoid.csv

c:\program files\explorer\pedata\gdaldata\epsg.wkt

c:\program files\explorer\pedata\gdaldata\esri_extra.wkt

c:\program files\explorer\pedata\gdaldata\gcs.csv

c:\program files\explorer\pedata\gdaldata\gdal_datum.csv

c:\program files\explorer\pedata\gdaldata\gdalicon.png

c:\program files\explorer\pedata\gdaldata\pcs.csv

c:\program files\explorer\pedata\gdaldata\prime_meridian.csv

c:\program files\explorer\pedata\gdaldata\projop_wparm.csv

c:\program files\explorer\pedata\gdaldata\s57attributes.csv

c:\program files\explorer\pedata\gdaldata\s57expectedinput.csv

c:\program files\explorer\pedata\gdaldata\s57objectclasses.csv

c:\program files\explorer\pedata\gdaldata\seed_2d.dgn

c:\program files\explorer\pedata\gdaldata\seed_3d.dgn

c:\program files\explorer\pedata\gdaldata\stateplane.csv

c:\program files\explorer\pedata\gdaldata\unit_of_measure.csv

c:\program files\explorer\plugins\explorerCore.ecfg

c:\program files\explorer\schemas\ExplorerAddIn.xsd

c:\program files\explorer\schemas\ExplorerGeometry.xsd

c:\program files\explorer\schemas\NmfDocument.xsd

c:\program files\explorer\Styles\default.css

c:\program files\explorer\Styles\Directions\CheckeredFlag16.png

c:\program files\explorer\Styles\Directions\GreenFlag16.png

c:\program files\explorer\Styles\Directions\Print16.png

c:\program files\explorer\Styles\ExplorerColors.de.xml

c:\program files\explorer\Styles\ExplorerColors.es.xml

c:\program files\explorer\Styles\ExplorerColors.fr.xml

c:\program files\explorer\Styles\ExplorerColors.ja-JP.xml

c:\program files\explorer\Styles\ExplorerColors.xml

c:\program files\explorer\Styles\ExplorerColors.zh-CN.xml

c:\program files\explorer\Styles\ExplorerSymbols.de.xml

c:\program files\explorer\Styles\ExplorerSymbols.es.xml

c:\program files\explorer\Styles\ExplorerSymbols.fr.xml

c:\program files\explorer\Styles\ExplorerSymbols.ja-JP.xml

c:\program files\explorer\Styles\ExplorerSymbols.xml

c:\program files\explorer\Styles\ExplorerSymbols.zh-CN.xml

c:\program files\explorer\Styles\kml.css

c:\program files\explorer\Styles\KMLIcons\american-flag.png

c:\program files\explorer\Styles\KMLIcons\arrow.png

c:\program files\explorer\Styles\KMLIcons\asian-flag.png

c:\program files\explorer\Styles\KMLIcons\auto-service.png

c:\program files\explorer\Styles\KMLIcons\auto.png

c:\program files\explorer\Styles\KMLIcons\bang.png

c:\program files\explorer\Styles\KMLIcons\bars.png

c:\program files\explorer\Styles\KMLIcons\building.png

c:\program files\explorer\Styles\KMLIcons\coffee_house_16.png

c:\program files\explorer\Styles\KMLIcons\crosshair.png

c:\program files\explorer\Styles\KMLIcons\dining.png

c:\program files\explorer\Styles\KMLIcons\dining_16.png

c:\program files\explorer\Styles\KMLIcons\dot.png

c:\program files\explorer\Styles\KMLIcons\fast-food.png

c:\program files\explorer\Styles\KMLIcons\four-dollars.png

c:\program files\explorer\Styles\KMLIcons\french-flag.png

c:\program files\explorer\Styles\KMLIcons\hand.png

c:\program files\explorer\Styles\KMLIcons\high_res_places.png

c:\program files\explorer\Styles\KMLIcons\highway_16.png

c:\program files\explorer\Styles\KMLIcons\italian-flag.png

c:\program files\explorer\Styles\KMLIcons\large_traffic_count_16.png

c:\program files\explorer\Styles\KMLIcons\mexican-flag.png

c:\program files\explorer\Styles\KMLIcons\misc_dining.png

c:\program files\explorer\Styles\KMLIcons\note.png

c:\program files\explorer\Styles\KMLIcons\one-dollar.png

c:\program files\explorer\Styles\KMLIcons\palette-2.png

c:\program files\explorer\Styles\KMLIcons\palette-3.png

c:\program files\explorer\Styles\KMLIcons\palette-4.png

c:\program files\explorer\Styles\KMLIcons\palette-5.png

c:\program files\explorer\Styles\KMLIcons\parks.png

c:\program files\explorer\Styles\KMLIcons\recreation.png

c:\program files\explorer\Styles\KMLIcons\school_16.png

c:\program files\explorer\Styles\KMLIcons\search.png

c:\program files\explorer\Styles\KMLIcons\streamed_layer.png

c:\program files\explorer\Styles\KMLIcons\streamed_layers.png

c:\program files\explorer\Styles\KMLIcons\terrain_16.png

c:\program files\explorer\Styles\KMLIcons\three-dollars.png

c:\program files\explorer\Styles\KMLIcons\transportation.png

c:\program files\explorer\Styles\KMLIcons\two-dollars.png

c:\program files\explorer\Styles\KMLIcons\webcam_16.png

c:\program files\explorer\Styles\SlideTitleStyles.de.xml

c:\program files\explorer\Styles\SlideTitleStyles.es.xml

c:\program files\explorer\Styles\SlideTitleStyles.fr.xml

c:\program files\explorer\Styles\SlideTitleStyles.ja-JP.xml

c:\program files\explorer\Styles\SlideTitleStyles.xml

c:\program files\explorer\Styles\SlideTitleStyles.zh-CN.xml

c:\program files\explorer\Styles\StyleSheet.xsl

c:\program files\explorer\Styles\SymbolImages\Civic\ATM.png

c:\program files\explorer\Styles\SymbolImages\Civic\Bank.png

c:\program files\explorer\Styles\SymbolImages\Civic\Bell.png

c:\program files\explorer\Styles\SymbolImages\Civic\Cemetery.png

c:\program files\explorer\Styles\SymbolImages\Civic\City.png

c:\program files\explorer\Styles\SymbolImages\Civic\Clue.png

c:\program files\explorer\Styles\SymbolImages\Civic\Crowd.png

c:\program files\explorer\Styles\SymbolImages\Civic\GhostTown.png

c:\program files\explorer\Styles\SymbolImages\Civic\Horn.png

c:\program files\explorer\Styles\SymbolImages\Civic\Housing.png

c:\program files\explorer\Styles\SymbolImages\Civic\MailPost.png

c:\program files\explorer\Styles\SymbolImages\Civic\Office.png

c:\program files\explorer\Styles\SymbolImages\Civic\Radioactive.png

c:\program files\explorer\Styles\SymbolImages\Civic\School.png

c:\program files\explorer\Styles\SymbolImages\Civic\StarsStripes.png

c:\program files\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png

c:\program files\explorer\Styles\SymbolImages\Flag\GreenFlag.png

c:\program files\explorer\Styles\SymbolImages\Flag\RedFlag.png

c:\program files\explorer\Styles\SymbolImages\Flag\WhiteFlag.png

c:\program files\explorer\Styles\SymbolImages\Flag\YellowFlag.png

c:\program files\explorer\Styles\SymbolImages\Health\AidStation.png

c:\program files\explorer\Styles\SymbolImages\Health\Ambulance.png

c:\program files\explorer\Styles\SymbolImages\Health\Doctor.png

c:\program files\explorer\Styles\SymbolImages\Health\Health.png

c:\program files\explorer\Styles\SymbolImages\Health\Hospital.png

c:\program files\explorer\Styles\SymbolImages\Health\Pharmacy.png

c:\program files\explorer\Styles\SymbolImages\Marine\AmberBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\BlackBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\BlueBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png

c:\program files\explorer\Styles\SymbolImages\Marine\ControlledArea.png

c:\program files\explorer\Styles\SymbolImages\Marine\Danger.png

c:\program files\explorer\Styles\SymbolImages\Marine\DiverDown.png

c:\program files\explorer\Styles\SymbolImages\Marine\GreenBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png

c:\program files\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png

c:\program files\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\PersonOverboard.png

c:\program files\explorer\Styles\SymbolImages\Marine\RadioBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\RedBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png

c:\program files\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png

c:\program files\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png

c:\program files\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png

c:\program files\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png

c:\program files\explorer\Styles\SymbolImages\Marine\VioletBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png

c:\program files\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png

c:\program files\explorer\Styles\SymbolImages\Marine\Wreck.png

c:\program files\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Capital1.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Capital2.png

c:\program files\explorer\Styles\SymbolImages\Placemark\CircleX.png

c:\program files\explorer\Styles\SymbolImages\Placemark\CrossHair.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated1.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated2.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated3.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated4.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated5.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated6.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Populated7.png

c:\program files\explorer\Styles\SymbolImages\Placemark\Star.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Bar.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Camera.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Coffee.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dam.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Dining.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\FastFood.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Forest.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Globe.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Information.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\LandLine.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Light.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Mine.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Museum.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\News.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Note.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\OilWell.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pizza.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Pub.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Question.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Restroom.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shopping.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Shower.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Stadium.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png

c:\program files\explorer\Styles\SymbolImages\Points of Interest\Zoo.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\Burglary.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\FireFighter.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\FireStation.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\FireTruck.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\Homicide.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\Police.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png

c:\program files\explorer\Styles\SymbolImages\Public Safety\Theft.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png

c:\program files\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Beach.png

c:\program files\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Bowling.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Camping.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Deer.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Fishing.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Geocache.png

c:\program files\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Gliding.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Golf.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Hiking.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Mountain.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Park.png

c:\program files\explorer\Styles\SymbolImages\Recreation\RestArea.png

c:\program files\explorer\Styles\SymbolImages\Recreation\RVPark.png

c:\program files\explorer\Styles\SymbolImages\Recreation\SkyDiving.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Sports.png

c:\program files\explorer\Styles\SymbolImages\Recreation\Swimming.png

c:\program files\explorer\Styles\SymbolImages\Recreation\TrackBack.png

c:\program files\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png

c:\program files\explorer\Styles\SymbolImages\Sphere\BlueSphere.png

c:\program files\explorer\Styles\SymbolImages\Sphere\GreenSphere.png

c:\program files\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png

c:\program files\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png

c:\program files\explorer\Styles\SymbolImages\Sphere\RedSphere.png

c:\program files\explorer\Styles\SymbolImages\Sphere\YellowSphere.png

c:\program files\explorer\Styles\SymbolImages\Square\BlackWaypoint.png

c:\program files\explorer\Styles\SymbolImages\Square\BlueWaypoint.png

c:\program files\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png

c:\program files\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png

c:\program files\explorer\Styles\SymbolImages\Transparent\Transparent.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Airplane.png

c:\program files\explorer\Styles\SymbolImages\Transportation\AirStrip.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Breakdown.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Bus.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedBack.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarRedFront.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarRental.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarRepair.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png

c:\program files\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png

c:\program files\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Crossing.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Fuel.png

c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png

c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png

c:\program files\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Landingpad.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Lodging.png

c:\program files\explorer\Styles\SymbolImages\Transportation\MileMarker.png

c:\program files\explorer\Styles\SymbolImages\Transportation\MountainPass.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Overpass.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Parking.png

c:\program files\explorer\Styles\SymbolImages\Transportation\PrivateField.png

c:\program files\explorer\Styles\SymbolImages\Transportation\RoadClosure.png

c:\program files\explorer\Styles\SymbolImages\Transportation\RoadWork.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Sailing.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Scales.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Seaplane.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Tank.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Toll.png

c:\program files\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Tunnel.png

c:\program files\explorer\Styles\SymbolImages\Transportation\Ultralight.png

c:\program files\explorer\Styles\SymbolImages\Transportation\WarningRed.png

c:\program files\explorer\Styles\SymbolImages\Transportation\WarningYellow.png

c:\program files\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png

c:\program files\explorer\Styles\SymbolImages\Weather\Cloudy.png

c:\program files\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png

c:\program files\explorer\Styles\SymbolImages\Weather\Lightning.png

c:\program files\explorer\Styles\SymbolImages\Weather\PartlySunny.png

c:\program files\explorer\Styles\SymbolImages\Weather\Rain.png

c:\program files\explorer\Styles\SymbolImages\Weather\Snow.png

c:\program files\explorer\Styles\SymbolImages\Weather\Sunny.png

c:\program files\explorer\Styles\Template.ncfg

c:\program files\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml

c:\program files\explorer\TilingSchemes\GoogleMapsVersions.xml

c:\program files\explorer\TilingSchemes\Yahoo.xml

c:\users\Public\Lightroom_4_LS11.exe

c:\users\Rich\g2mdlhlpx.exe

c:\windows\assembly\GAC\Desktop.ini

D:\Autorun.inf

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

.

2012-07-10 12:16 . 2012-07-10 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-09 19:30 . 2012-07-09 19:30 -------- d-----w- C:\_OTL

2012-07-07 17:12 . 2012-07-07 17:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-06 22:32 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-06 22:32 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-07-06 22:32 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 22:31 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-07-06 22:31 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-06 22:31 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-07-06 22:31 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-06 22:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-06 22:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-06 22:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-06 22:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-06 22:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-06 22:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-06 22:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-06 22:28 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-06 22:28 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-06 22:21 . 2012-07-06 22:21 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-05 21:59 . 2012-07-05 21:59 -------- d-----w- c:\program files\ESET

2012-07-03 23:10 . 2012-07-03 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-03 23:10 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 22:30 . 2012-07-03 22:30 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-26 09:10 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C18E7156-8E6B-492B-A744-92DFD4179302}\mpengine.dll

2012-06-19 18:40 . 2012-06-19 18:40 -------- d-----w- c:\users\Rich\AppData\Roaming\SUPERAntiSpyware.com

2012-06-19 18:40 . 2012-06-25 19:20 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-19 18:40 . 2012-06-19 18:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-13 07:00 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 07:00 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 07:00 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-10 21:06 . 2000-03-07 03:00 278581 ----a-w- c:\windows\system32\temp.010

2012-06-10 21:06 . 1999-10-27 04:00 995383 ----a-w- c:\windows\system32\temp.00F

2012-06-10 21:06 . 1998-06-17 03:00 77878 ----a-w- c:\windows\system32\temp.011

2012-06-10 21:05 . 2006-08-31 19:56 1208320 ----a-w- c:\windows\system32\spr32d70.dll

2012-06-10 21:04 . 1996-04-14 16:55 14336 ----a-w- c:\windows\system32\WEBDIAL.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-10 12:18 . 2011-06-22 23:08 17488 ----a-w- c:\windows\gdrv.sys

2012-06-05 01:49 . 2012-06-05 01:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-05 01:49 . 2011-06-22 23:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-21 18:26 . 2012-05-21 18:26 10 ----a-w- c:\windows\Fonts\wfonts.key

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]

2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{a011d643-4a67-4934-a775-46139847d7f2}"= "mscoree.dll" [2010-11-20 297808]

.

[HKEY_CLASSES_ROOT\clsid\{a011d643-4a67-4934-a775-46139847d7f2}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 1750528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Rich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Synchronizer]

2012-04-04 05:54 1261472 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-03-30 12:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]

2012-02-24 07:29 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2010-05-12 21:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2010-10-12 18:56 979328 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2011-03-26 05:29 176664 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]

2012-02-23 16:22 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2011-03-26 05:30 143384 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]

2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]

2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2011-03-26 05:30 178200 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2011-02-11 06:06 10025576 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]

2012-03-19 20:32 9413712 ----a-w- c:\program files\SugarSync\SugarSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [x]

R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

R4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R4 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [x]

R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]

R4 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [x]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

R4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]

R4 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 13:10]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 13:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

MSConfigStartUp-Google Update - c:\users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2541698021-2910038252-4145046732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (S-1-5-21-2541698021-2910038252-4145046732-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2716)

c:\users\Rich\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\SugarSync\SugarSyncShellExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\msiexec.exe

c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\program files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2012-07-10 08:25:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 12:25

.

Pre-Run: 56,901,214,208 bytes free

Post-Run: 57,503,571,968 bytes free

.

- - End Of File - - 06A7E47BBCD6F57304D3F8FC465180E8

Share this post


Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.