Solved: Had viruses (cleaned), now update downloads & firewall blocked.

GregBassine · 02:11 PM

Need your help please. I am using Windows 7 on a Gateway box. Use Comcast as my internet provider. I run MSE, Registry Mechanic and Super Antispyware Professional.

I suspected I had something wrong with my computer so ran first Super Antispyware Professional to check for anything. I searched every file on my computer. I found several adware tracking cookies and a virus (have since removed it - Trojan.Agent/Gen-RoboNanny).

I then ran MSE (scanning every file) and found two more viruses. I have since removed them, and cannot tell you what they were. I deleted my history on MSE (dumb thing to do, but did it).

I checked with Comcast and they couldn't find anything wrong on their end. I did reset my modem and rebooted to no avail.

NOW, HERE's MY PROBLEM:

Windows firewall is turned off and I cannot turn it back on. I can't run Windows 7 update or update MSE. I also can't update Registry Mechanic. I CAN update Super Antispyware Professional however.

Any thoughts out there? I am a basic user. When you get into stuff like making changes to the registry, etc. I get lost quickly. I appreciate any help you can provide. Thanks.

**valis** · 12-Sep-2012, 02:13 PM #2

heyya Greg Bassine, welcome to TSG.

First, I've removed your email, as that is a great way to get on a spam list (publishing it on an open forum). Second, you are probably still infected, so you may want to follow the instructions here and get the logs posted.

Finally, steer clear of stuff like registry mechanic; anything that states it will clean your registry and optimize performance is a scam, and can do a lot more harm than good.

thanks,

v

GregBassine · 12-Sep-2012, 03:08 PM #3

Thanks for the feedback. I didn't know I recieved an e-mail letting me know I have a reply. I will remove Registry Mechanic right after this post. Thanks for the heads up.

I ran HiJack and first got the message: "For some reason the system denied write access to the hosts file. Hijack this my not be able to fix this". I then clicked on "OK". Then I got a Notepad log file (see below). Your thoughts and thanks...

-------------------------- H I J A C K L O G F I L E -------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:17 AM, on 9/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Greg\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.teleport.com"); (C:\Program Files (x86)\Netscape\Users\dmginc\prefs.js)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.netflix.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...31/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exter...pAntiVirus.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsof...?1136326936791
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_myw...ex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13831 bytes

**valis** · 12-Sep-2012, 03:16 PM #4

now give it a few.......I'm not qualified to give malware advice, but if someone isn't along in 24 hours or so, bump the thread and I'll try to track someone down.

thanks,

v

jeffce · 12-Sep-2012, 03:20 PM #5

Hi,

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Right-click and Run as Administrator dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

**valis** · 12-Sep-2012, 03:27 PM #6

thanks, jeffce......that was rather quick.

jeffce · 12-Sep-2012, 03:29 PM #7

Not a problem....I happened to be here and looked right at the topic.

GregBassine · 12-Sep-2012, 04:56 PM #8

Hi Guys. OK, here is what I have:

-------------------------------- DDS.TXT ----------------------------------
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Greg at 12:54:20 on 2012-09-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5440 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\ModLedKey.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Greg\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Akamai NetSession Interface] "C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [eRecoveryService]
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [Mixghost]
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: netflix.com
DPF: DirectAnimation Java Classes - file://C:\WINDOWS\SYSTEM\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136326936791
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - hxxp://ftp.us.dell.com/fixes/PROFILER.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37606.5907291667
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9712E214-2095-4240-BE72-812D046DB980} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [eRecoveryService]
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [Mixghost]
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH-X64: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\lu2hrwto.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Greg\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\system32\DRIVERS\NVAMACPI.sys --> C:\Windows\system32\DRIVERS\NVAMACPI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-5-6 24576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-19 2214504]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2009-8-12 90352]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTS5121.sys --> C:\Windows\system32\Drivers\RTS5121.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250568]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-12 16:18:31 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0643B283-000D-4725-92BA-FC8878B343CA}\mpengine.dll
2012-09-12 16:00:46 -------- d-----w- C:\Users\Greg\AppData\Local\{E91A4E8A-C352-4BCB-AA57-7E4A28172243}
2012-09-12 03:20:34 -------- d-----w- C:\Users\Greg\AppData\Local\{6C9032D7-0354-49BB-A1D9-DF34FB8F249E}
2012-09-11 15:20:10 -------- d-----w- C:\Users\Greg\AppData\Local\{44BE0299-F2D2-44A3-A26A-2BD6228C1A37}
2012-09-10 15:33:29 -------- d-----w- C:\Users\Greg\AppData\Local\{817A7ACC-C74B-4F7A-B50F-70ABD0C26576}
2012-09-09 16:55:17 -------- d-----w- C:\Users\Greg\AppData\Local\{089ABA8D-DCB2-430C-85F9-2B1ADBA6E958}
2012-09-07 14:13:36 -------- d-----w- C:\Users\Greg\AppData\Local\{D29C90E7-F4E6-4044-83D3-18FAB972AF50}
2012-09-07 00:23:08 -------- d-----w- C:\Users\Greg\AppData\Roaming\SUPERAntiSpyware.com
2012-09-07 00:23:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-06 20:06:25 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C1857026-0769-4A9F-BEC4-70C3D67E69C4}\gapaengine.dll
2012-09-06 20:06:16 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 20:05:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-06 20:05:30 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-06 16:24:23 -------- d-----w- C:\Users\Greg\AppData\Local\{036E0695-E89B-4F1B-8FCE-F1FC9C6E775A}
2012-09-05 18:54:17 -------- d-----w- C:\Users\Greg\AppData\Roaming\PC Utility Kit
2012-09-05 18:54:11 -------- d-----w- C:\ProgramData\PC Utility Kit
2012-09-05 17:46:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-05 15:20:27 -------- d-----w- C:\Users\Greg\AppData\Local\{06D4302A-1D1C-4B4D-8C30-87BD4E48353C}
2012-09-04 15:34:40 -------- d-----w- C:\Users\Greg\AppData\Local\{D43F0CEF-EAEA-4A15-BE01-D5277A616091}
2012-09-03 15:19:47 -------- d-----w- C:\Users\Greg\AppData\Local\{154C894D-69CA-4B03-8397-90CA5E4ED108}
2012-09-02 17:38:43 -------- d-----w- C:\Users\Greg\AppData\Local\{1DB5D971-5167-421A-9EC1-4091AC3566D9}
2012-09-01 15:16:42 -------- d-----w- C:\Users\Greg\AppData\Local\{259B8B63-88E6-4C5D-BF29-365840E19A89}
2012-09-01 03:16:30 -------- d-----w- C:\Users\Greg\AppData\Local\{4A2307EA-143F-4586-837D-4A1B8D40254C}
2012-08-31 15:16:18 -------- d-----w- C:\Users\Greg\AppData\Local\{259FD788-AF2A-48B3-8B71-208B39C05888}
2012-08-30 18:35:22 -------- d-----w- C:\Users\Greg\AppData\Local\{9E58F188-2716-4665-BE82-AA8433322F32}
2012-08-30 06:35:27 -------- d-----w- C:\Users\Greg\AppData\Local\{1CACD71F-5BEE-4401-95ED-1A85397A07E8}
2012-08-29 15:58:15 -------- d-----w- C:\Users\Greg\AppData\Local\{47B6D164-9624-4304-A9E5-415DF30A67D3}
2012-08-28 15:56:16 -------- d-----w- C:\Users\Greg\AppData\Local\{321D9183-03FD-4EDA-908E-09F23953641E}
2012-08-27 15:15:24 -------- d-----w- C:\Users\Greg\AppData\Local\{41712895-9C44-4174-9F87-9010164F5DFD}
2012-08-26 15:04:31 -------- d-----w- C:\Users\Greg\AppData\Local\{E99BB402-BAC1-4B1D-923D-039A13AE70ED}
2012-08-25 18:34:35 -------- d-----w- C:\Users\Greg\AppData\Local\{826DD7B9-773E-436B-B92D-53509D0017EE}
2012-08-25 06:34:41 -------- d-----w- C:\Users\Greg\AppData\Local\{264D4E36-8155-409D-A852-A7CCE533BC4E}
2012-08-24 18:25:15 -------- d-----w- C:\Users\Greg\AppData\Local\{F437E164-442F-47D3-A208-E5AF6BBA9D1F}
2012-08-24 06:25:15 -------- d-----w- C:\Users\Greg\AppData\Local\{FE952314-A23B-4DA5-A5E2-8B3B1A4D5022}
2012-08-23 16:20:39 -------- d-----w- C:\Users\Greg\AppData\Local\{A645E5DC-B05A-43A9-B3C7-18F877D789DE}
2012-08-22 19:20:43 -------- d-----w- C:\Users\Greg\AppData\Local\{BF526917-16F5-4C54-9CD0-7F6CEB79B19B}
2012-08-21 15:21:21 -------- d-----w- C:\Users\Greg\AppData\Local\{9F31DF46-C59A-44C8-938E-8D2484BBB043}
2012-08-21 02:57:55 -------- d-----w- C:\Users\Greg\AppData\Local\{C0E6F94E-8754-4800-8122-D2D0C1640279}
2012-08-21 00:14:52 -------- d-----w- C:\Users\Greg\AppData\Roaming\SpeedyPC Software
2012-08-21 00:14:52 -------- d-----w- C:\Users\Greg\AppData\Roaming\DriverCure
2012-08-21 00:14:27 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-20 14:57:31 -------- d-----w- C:\Users\Greg\AppData\Local\{EE6B26B9-808F-473F-AE27-F578F5F30DD4}
2012-08-17 13:26:22 -------- d-----w- C:\Users\Greg\AppData\Local\{6E6DEF13-8BBA-4D53-9E18-CD3D6EDFA042}
2012-08-17 13:26:11 -------- d-----w- C:\Users\Greg\AppData\Local\{DE1B8EB0-C954-4C7A-905B-3119C04B28A3}
2012-08-16 15:51:35 -------- d-----w- C:\Users\Greg\AppData\Local\{94B50CA9-0E51-4D5D-81B0-B0839E7C2756}
2012-08-16 15:51:24 -------- d-----w- C:\Users\Greg\AppData\Local\{55A2F1F3-0E2C-4349-8A47-7A6FFF68AAAC}
2012-08-16 03:51:11 -------- d-----w- C:\Users\Greg\AppData\Local\{B17F8279-78AA-4133-A39A-2A759575D28D}
2012-08-16 03:51:01 -------- d-----w- C:\Users\Greg\AppData\Local\{ECB661C6-1859-4C7E-8343-F90F5B64B7AE}
2012-08-15 15:50:36 -------- d-----w- C:\Users\Greg\AppData\Local\{37A093E8-BE59-4908-9E9F-4DFEBF192774}
2012-08-15 15:50:25 -------- d-----w- C:\Users\Greg\AppData\Local\{1B3F451A-8BC8-47A6-84EE-A5FECDC5600E}
2012-08-14 16:30:59 -------- d-----w- C:\Users\Greg\AppData\Local\{6B297404-E62D-11E1-8270-B8AC6F996F26}
2012-08-14 15:02:05 -------- d-----w- C:\Users\Greg\AppData\Local\{A428453D-4D5A-49C0-B6FD-25855A7A625B}
2012-08-14 15:01:54 -------- d-----w- C:\Users\Greg\AppData\Local\{A7D112DE-6F80-4A14-AD6C-C65AFD3006ED}
2012-08-14 03:01:41 -------- d-----w- C:\Users\Greg\AppData\Local\{014BFD23-346B-4FEC-85B3-5A219A76D8C2}
2012-08-14 03:01:30 -------- d-----w- C:\Users\Greg\AppData\Local\{BA6EB036-7B4E-491A-A4E9-57B87CE74448}
.
==================== Find3M ====================
.
2012-08-30 20:31:06 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 20:31:06 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:55:17.47 ===============

________________________________ ATTACH.TXT -------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/25/2009 10:08:17 AM
System Uptime: 9/12/2012 10:27:17 AM (2 hours ago)
.
Motherboard: Gateway | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 414.266 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2D45C30F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2D45C30F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1039: 6/16/2012 12:00:12 PM - Windows Update
RP1040: 6/17/2012 12:00:15 PM - Windows Update
RP1041: 6/18/2012 8:49:49 AM - Windows Update
RP1042: 6/18/2012 12:00:12 PM - Windows Update
RP1044: 6/19/2012 9:18:20 AM - Restore Point before Corrupt Patch Registry keys
RP1045: 6/19/2012 9:22:13 AM - Windows Update
RP1047: 6/19/2012 9:50:08 AM - Restore Point before Adobe Dreamweaver CS3 was removed using Program Install and Uninstall troubleshooter
RP1049: 6/19/2012 9:51:38 AM - Adobe Dreamweaver CS3
RP1050: 6/20/2012 8:01:17 AM - Windows Update
RP1051: 6/23/2012 6:30:47 AM - Windows Update
RP1052: 6/23/2012 8:45:23 AM - Windows Update
RP1053: 7/2/2012 8:12:23 AM - Windows Update
RP1054: 7/5/2012 9:43:41 AM - Windows Update
RP1055: 7/8/2012 1:49:32 PM - Windows Update
RP1056: 7/11/2012 4:00:12 PM - Windows Update
RP1057: 7/12/2012 9:37:06 AM - Windows Update
RP1058: 7/16/2012 11:46:06 AM - Windows Update
RP1059: 7/17/2012 10:09:59 AM - Installed Garmin Lifetime Updater
RP1060: 7/23/2012 10:42:08 AM - Windows Update
RP1061: 7/27/2012 8:57:00 AM - Windows Update
RP1062: 7/31/2012 8:31:46 AM - Windows Update
RP1063: 8/3/2012 9:15:17 AM - Windows Update
RP1064: 8/6/2012 4:02:43 PM - Windows Update
RP1065: 8/9/2012 6:32:56 PM - Windows Update
RP1066: 8/13/2012 9:55:51 AM - Windows Update
RP1067: 8/15/2012 10:08:12 AM - Windows Update
RP1068: 8/20/2012 8:05:26 AM - Windows Update
RP1069: 8/24/2012 9:17:53 AM - Windows Update
RP1070: 8/27/2012 3:59:47 PM - Windows Update
RP1071: 8/28/2012 10:02:10 AM - Created by PC Tools Registry Mechanic
RP1072: 9/1/2012 8:16:43 AM - Windows Update
RP1073: 9/4/2012 8:54:36 AM - Windows Update
RP1074: 9/6/2012 12:57:11 PM - Removed Symantec AntiVirus
RP1075: 9/12/2012 9:22:31 AM - Created by PC Tools Registry Mechanic
RP1076: 9/12/2012 9:24:25 AM - Created by PC Tools Registry Mechanic
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
123 Free Solitaire
1999 TurboTax for Business
2000 TurboTax for Business
Acoustica CD/DVD Label Maker
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Reader 9.5.2
Akamai NetSession Interface
Akamai NetSession Interface Service
Ashampoo WinOptimizer 4.41
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
BlackBerry Device Software Updater
Brother MFL-Pro Suite MFC-5895CW
Business Contact Manager for Outlook 2007 SP2
CameraHelperMsi
CheckIt Diagnostics
Compatibility Pack for the 2007 Office system
Core FTP LE 2.0
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
D3DX10
erLT
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
Gateway Games
Gateway Recovery Management
GearDrvs
Genesis One DPM
getPlus(R)_ocx
GoToMeeting/GoToWebinar 3.0.0.198
hp instant support
HP Photo Printing Software
Iomega Software
iPIX Netscape Plugin Viewer
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.0_03
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_15
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Junk Mail filter update
KB0817 Keyboard Driver
List Builder Add-in for Microsoft Office Publisher 2003
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
MediaFACE 5.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 5.1
Microsoft IntelliType Pro 5.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Sounds
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Media Content Deluxe
Microsoft Picture It! Photo 7.0
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Journal Viewer
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US)
MSN Music Assistant
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetObjects Fusion 11.0
NetObjects Fusion 12.0
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Windows 2000/XP Display Drivers
PC Pitstop Exterminate2 2.0
PDFCreator
Photo Viewer
PICVideo Codecs
Presto! ImageFolio LE
Presto! PageManager
Presto! PageType
Presto! PhotoAlbum
Publisher WordArt Compatibility Add-In
QuickTime
RealDownload
RealPlayer
Realtek Card Reader
Realtek High Definition Audio Driver
SafeCast Shared Components
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 4.1
SmartCopy
SmartLauncher
Solitaire Riches
Sonic CinePlayer DVD Pack
Spelling Dictionaries Support For Adobe Reader 9
Stomp Backup MyPC 4.71
Symantec AntiVirus
TBS Montego II
TBS Montego II Application
TurboTax 2008
TurboTax 2008 WinBizFedFormset
TurboTax 2008 WinBizProgramHelp
TurboTax 2008 WinBizReleaseEngine
TurboTax 2008 WinBizTaxSupport
TurboTax 2008 WinBizUserEducation
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 woriper
TurboTax 2008 worsbpm
TurboTax 2008 wrapper
TurboTax Audit Support Center 3.0
TurboTax Business 2005
TurboTax Business 2006
TurboTax Business 2007
TurboTax Business 2008
TurboTax Deluxe 2007
TurboTax Premier 2005
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Upgrade Kit
VIEW-NETEZ-Install
Viewpoint Manager (Remove Only)
Visual C++ 8.0 Runtime Setup Package (x64)
VuePrint
WebEx
WebFldrs XP
Winamp (remove only)
Windows 7 Upgrade Advisor
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 11.2
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/9/2012 10:04:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/7/2012 7:29:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/7/2012 7:18:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/7/2012 5:53:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 9:49:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 9:46:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 9:39:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 9:23:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 9:22:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 12:58:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 12:41:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 12:32:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 12:29:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:43:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:40:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:35:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:35:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:28:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:22:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:05:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/6/2012 1:02:39 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
9/6/2012 1:02:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/6/2012 1:02:36 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/6/2012 1:00:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/5/2012 12:07:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/12/2012 9:18:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/12/2012 10:28:34 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
9/12/2012 10:28:34 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
9/12/2012 10:27:45 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/12/2012 10:27:40 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
9/12/2012 10:27:40 AM, Error: Service Control Manager [7023] - The Business Contact Manager SQL Server Startup Service service terminated with the following error: %%-2147023836
9/12/2012 10:12:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/11/2012 8:37:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/11/2012 5:22:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/11/2012 10:06:45 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
9/10/2012 8:50:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/10/2012 5:43:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/10/2012 5:33:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

--------------------------------------- aswMBR LOG -----------------------------
To follow. It's taking forever to scan the following:

c:/users/Greg/AppData/Local/Microsoft/Windows Live/Installer/Catelog/w.... (can't see the rest). Once it's done, I'll post it as a follow-up.

Thanks...

jeffce · 12-Sep-2012, 04:58 PM #9

Yes when it is complete it will say Scanning Complete and will create a log on your Desktop as well.

GregBassine · 12-Sep-2012, 06:15 PM **#10**

Here are the results of the aswMBR scan:

------------------------------ aswMBR SCAN -----------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 13:37:44
-----------------------------
13:37:44.230 OS Version: Windows x64 6.1.7601 Service Pack 1
13:37:44.230 Number of processors: 4 586 0x1707
13:37:44.230 ComputerName: GREG-PC UserName: Greg
13:37:45.977 Initialize success
13:37:52.904 AVAST engine defs: 12091200
13:38:48.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
13:38:48.237 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
13:38:48.315 Disk 0 MBR read successfully
13:38:48.315 Disk 0 MBR scan
13:38:48.393 Disk 0 Windows 7 default MBR code
13:38:48.424 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
13:38:48.471 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 595472 MB offset 30734336
13:38:48.674 Disk 0 scanning C:\Windows\system32\drivers
13:39:11.902 Service scanning
13:39:42.977 Modules scanning
13:39:42.977 Disk 0 trace - called modules:
13:39:42.993 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
13:39:42.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a0a790]
13:39:42.993 3 CLASSPNP.SYS[fffff88000daa43f] -> nt!IofCallDriver -> [0xfffffa80074c3040]
13:39:43.009 5 ACPI.sys[fffff88000d5d7a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80074c3840]
13:39:45.037 AVAST engine scan C:\Windows
13:40:01.354 AVAST engine scan C:\Windows\system32
13:44:17.803 AVAST engine scan C:\Windows\system32\drivers
13:44:32.576 AVAST engine scan C:\Users\Greg
15:02:06.338 AVAST engine scan C:\ProgramData
15:04:09.823 Scan finished successfully
15:13:52.234 Disk 0 MBR has been saved successfully to "C:\Users\Greg\Downloads\MBR.dat"
15:13:52.296 The log file has been saved successfully to "C:\Users\Greg\Downloads\aswMBR.txt"

Thanks...

jeffce · 12-Sep-2012, 07:06 PM **#11**

Hi,

Good job!

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.

----------

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

----------

GregBassine · 12-Sep-2012, 09:35 PM **#12**

Hi,

I ran ComboFix.exe, and when it was done, rebooted. All of a sudden my firewall is on, I just got 6 windows updates, and I can update MSE. Do you think all is well here?

GregBassine · 12-Sep-2012, 09:45 PM **#13**

Sorry, didn't post the file. Here you go:

---------------------- COMBOFIX REPORT -------------------------------
ComboFix 12-09-12.03 - Greg 09/12/2012 17:09:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4968 [GMT -7:00]
Running from: c:\users\Greg\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\index.htm
C:\install.exe
c:\program files (x86)\msoffice
c:\program files (x86)\msoffice\Clipart\Backgrounds\Brick Wall.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\Club Deco.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\Fancy Green Patterns.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\Granite Edifice.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\Leaves on the Side.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\MSCREATE.DIR
c:\program files (x86)\msoffice\Clipart\Backgrounds\Off Yellow Bookcover.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\Stained Glass on Side.lnk
c:\program files (x86)\msoffice\Clipart\Backgrounds\Wheat.lnk
c:\program files (x86)\msoffice\Clipart\Bullets\3D Diamond.gif
c:\program files (x86)\msoffice\Clipart\Bullets\Black Dash.gif
c:\program files (x86)\msoffice\Clipart\Bullets\Green and Black Diamond.gif
c:\program files (x86)\msoffice\Clipart\Bullets\Green Ball.gif
c:\program files (x86)\msoffice\Clipart\Bullets\Metallic Orb.gif
c:\program files (x86)\msoffice\Clipart\Bullets\MSCREATE.DIR
c:\program files (x86)\msoffice\Clipart\Bullets\Pebble.gif
c:\program files (x86)\msoffice\Clipart\Bullets\Red Swirl.gif
c:\program files (x86)\msoffice\Clipart\Bullets\Stained Glass Ball.gif
c:\program files (x86)\msoffice\Clipart\Lines\Autumn Leaves.gif
c:\program files (x86)\msoffice\Clipart\Lines\Colorful Stone Stripe.gif
c:\program files (x86)\msoffice\Clipart\Lines\Etched Double Line.gif
c:\program files (x86)\msoffice\Clipart\Lines\Green and Black Stripe.gif
c:\program files (x86)\msoffice\Clipart\Lines\MSCREATE.DIR
c:\program files (x86)\msoffice\Clipart\Lines\Neighborhood.gif
c:\program files (x86)\msoffice\Clipart\Lines\Over Under.gif
c:\program files (x86)\msoffice\Clipart\Lines\Row of Pebbles.gif
c:\program files (x86)\msoffice\Clipart\Lines\Stained Glass Line.gif
c:\program files (x86)\msoffice\Clipart\MSCREATE.DIR
c:\program files (x86)\msoffice\Clipart\Popular\AGREE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMCONFUS.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMDISAST.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMHAPPY.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMIDEA.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMORGANI.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMPROBLE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMVICTOR.WMF
c:\program files (x86)\msoffice\Clipart\Popular\AMWIN.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS1.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS2.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS3.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS4.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS5.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS6.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS7.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWS8.WMF
c:\program files (x86)\msoffice\Clipart\Popular\ARROWSGN.WMF
c:\program files (x86)\msoffice\Clipart\Popular\BANDAID.WMF
c:\program files (x86)\msoffice\Clipart\Popular\BEARTRAP.WMF
c:\program files (x86)\msoffice\Clipart\Popular\BOMB.WMF
c:\program files (x86)\msoffice\Clipart\Popular\BRICK.WMF
c:\program files (x86)\msoffice\Clipart\Popular\BUILDING.WMF
c:\program files (x86)\msoffice\Clipart\Popular\CAR.WMF
c:\program files (x86)\msoffice\Clipart\Popular\CHAMPGNE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\CHECKMRK.WMF
c:\program files (x86)\msoffice\Clipart\Popular\CLAP.WMF
c:\program files (x86)\msoffice\Clipart\Popular\CLOCK.WMF
c:\program files (x86)\msoffice\Clipart\Popular\COINS.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DARTS.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DESTRYER.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DICE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DIPLOMA.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DOMINOES.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DONKEY.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DOOR.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DOVE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\DYNAMITE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\EXAMINE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\FISTSLAM.WMF
c:\program files (x86)\msoffice\Clipart\Popular\FLOWER.WMF
c:\program files (x86)\msoffice\Clipart\Popular\HAMMER.WMF
c:\program files (x86)\msoffice\Clipart\Popular\HATECOMP.WMF
c:\program files (x86)\msoffice\Clipart\Popular\HNDSHAK1.WMF
c:\program files (x86)\msoffice\Clipart\Popular\HNDSHAK2.WMF
c:\program files (x86)\msoffice\Clipart\Popular\HNDSHAK3.WMF
c:\program files (x86)\msoffice\Clipart\Popular\JETPLANE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\JIGSAW.WMF
c:\program files (x86)\msoffice\Clipart\Popular\KEY.WMF
c:\program files (x86)\msoffice\Clipart\Popular\LIGHT.WMF
c:\program files (x86)\msoffice\Clipart\Popular\LION.WMF
c:\program files (x86)\msoffice\Clipart\Popular\LOCK.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MAGICHAT.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MAGNIFY.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MEETING.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MEETING2.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MONEY.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MONEYBAG.WMF
c:\program files (x86)\msoffice\Clipart\Popular\MSCREATE.DIR
c:\program files (x86)\msoffice\Clipart\Popular\OILDRILL.WMF
c:\program files (x86)\msoffice\Clipart\Popular\OPENHAND.WMF
c:\program files (x86)\msoffice\Clipart\Popular\POP97.CAG
c:\program files (x86)\msoffice\Clipart\Popular\PTRUP.WMF
c:\program files (x86)\msoffice\Clipart\Popular\RABBIT.WMF
c:\program files (x86)\msoffice\Clipart\Popular\RIBBON.WMF
c:\program files (x86)\msoffice\Clipart\Popular\RUNNER.WMF
c:\program files (x86)\msoffice\Clipart\Popular\SAILBOAT.WMF
c:\program files (x86)\msoffice\Clipart\Popular\SCALES.WMF
c:\program files (x86)\msoffice\Clipart\Popular\SHARK.WMF
c:\program files (x86)\msoffice\Clipart\Popular\SOCCER.WMF
c:\program files (x86)\msoffice\Clipart\Popular\STAR.WMF
c:\program files (x86)\msoffice\Clipart\Popular\STOP.WMF
c:\program files (x86)\msoffice\Clipart\Popular\STOPLGHT.WMF
c:\program files (x86)\msoffice\Clipart\Popular\TENNIS.WMF
c:\program files (x86)\msoffice\Clipart\Popular\THUMBDN.WMF
c:\program files (x86)\msoffice\Clipart\Popular\TRIUMPH.WMF
c:\program files (x86)\msoffice\Clipart\Popular\TROPHY.WMF
c:\program files (x86)\msoffice\Clipart\Popular\TURTLE.WMF
c:\program files (x86)\msoffice\Clipart\Popular\WEARHAT.WMF
c:\program files (x86)\msoffice\Clipart\Popular\WHATNOW.WMF
c:\program files (x86)\msoffice\Clipart\Popular\YINYANG.WMF
c:\program files (x86)\msoffice\Microsoft Excel Setup.lnk
c:\program files (x86)\msoffice\Microsoft Excel.lnk
c:\program files (x86)\msoffice\Microsoft Outlook.lnk
c:\program files (x86)\msoffice\Microsoft Query.lnk
c:\program files (x86)\msoffice\Microsoft Word Setup.lnk
c:\program files (x86)\msoffice\Microsoft Word.lnk
c:\program files (x86)\msoffice\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Actors\CLIPPIT.ACT
c:\program files (x86)\msoffice\Office\Actors\LOGO.ACT
c:\program files (x86)\msoffice\Office\Actors\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Actors\POWERPUP.ACT
c:\program files (x86)\msoffice\Office\Actors\TOFFLOGO.ACT
c:\program files (x86)\msoffice\Office\Addins\ACTIVEEX.DLL
c:\program files (x86)\msoffice\Office\Addins\AWFEXT.ECF
c:\program files (x86)\msoffice\Office\Addins\CCMXP.ECF
c:\program files (x86)\msoffice\Office\Addins\CSERVE.ECF
c:\program files (x86)\msoffice\Office\Addins\DLGSETP.ECF
c:\program files (x86)\msoffice\Office\Addins\DUMPSTER.DLL
c:\program files (x86)\msoffice\Office\Addins\DUMPSTER.ECF
c:\program files (x86)\msoffice\Office\Addins\EMSUIX.ECF
c:\program files (x86)\msoffice\Office\Addins\EMSUIX2.ECF
c:\program files (x86)\msoffice\Office\Addins\ESCONF.DLL
c:\program files (x86)\msoffice\Office\Addins\EXCHANGE.DSM
c:\program files (x86)\msoffice\Office\Addins\FORMPSHT.ECF
c:\program files (x86)\msoffice\Office\Addins\FRMRDRCT.DLL
c:\program files (x86)\msoffice\Office\Addins\FRMRDRCT.ECF
c:\program files (x86)\msoffice\Office\Addins\MAIL3.ECF
c:\program files (x86)\msoffice\Office\Addins\MINET.ECF
c:\program files (x86)\msoffice\Office\Addins\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Addins\MSFSMENU.ECF
c:\program files (x86)\msoffice\Office\Addins\MSFSPROP.ECF
c:\program files (x86)\msoffice\Office\Addins\MSN.ECF
c:\program files (x86)\msoffice\Office\Addins\MSSPC.ECF
c:\program files (x86)\msoffice\Office\Addins\MTMOLMNU.ECF
c:\program files (x86)\msoffice\Office\Addins\NMEXCHEX.ECF
c:\program files (x86)\msoffice\Office\Addins\OLMENU.ECF
c:\program files (x86)\msoffice\Office\Addins\PMAILEXT.ECF
c:\program files (x86)\msoffice\Office\Addins\RWIZ1.ECF
c:\program files (x86)\msoffice\Office\Addins\SCRPTXTN.DLL
c:\program files (x86)\msoffice\Office\Addins\SCRPTXTN.ECF
c:\program files (x86)\msoffice\Office\Borders\MSART1.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART10.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART11.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART12.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART13.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART14.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART15.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART2.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART3.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART4.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART5.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART6.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART7.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART8.BDR
c:\program files (x86)\msoffice\Office\Borders\MSART9.BDR
c:\program files (x86)\msoffice\Office\Borders\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\BSH32.WLL
c:\program files (x86)\msoffice\Office\Convert\ACT.SAM
c:\program files (x86)\msoffice\Office\Convert\ACT3.SAM
c:\program files (x86)\msoffice\Office\Convert\DELIMDOS.FAE
c:\program files (x86)\msoffice\Office\Convert\DELIMWIN.FAE
c:\program files (x86)\msoffice\Office\Convert\DESKSAM.SAM
c:\program files (x86)\msoffice\Office\Convert\ECCO.SAM
c:\program files (x86)\msoffice\Office\Convert\LOCALDV.DLL
c:\program files (x86)\msoffice\Office\Convert\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Convert\ODBC.SAM
c:\program files (x86)\msoffice\Office\Convert\OL.SAM
c:\program files (x86)\msoffice\Office\Convert\OLADD.FAE
c:\program files (x86)\msoffice\Office\Convert\OLAPPT.FAE
c:\program files (x86)\msoffice\Office\Convert\OLJRNL.FAE
c:\program files (x86)\msoffice\Office\Convert\OLMAIL.FAE
c:\program files (x86)\msoffice\Office\Convert\OLNOTE.FAE
c:\program files (x86)\msoffice\Office\Convert\OLTASK.FAE
c:\program files (x86)\msoffice\Office\Convert\ORG11.SAM
c:\program files (x86)\msoffice\Office\Convert\ORG21.SAM
c:\program files (x86)\msoffice\Office\Convert\ORG97.SAM
c:\program files (x86)\msoffice\Office\Convert\PAB.SAM
c:\program files (x86)\msoffice\Office\Convert\RM.DLL
c:\program files (x86)\msoffice\Office\Convert\SC2.SAM
c:\program files (x86)\msoffice\Office\Convert\SIDEKICK.SAM
c:\program files (x86)\msoffice\Office\Convert\TRANSMGR.DLL
c:\program files (x86)\msoffice\Office\CONVERT8.DLL
c:\program files (x86)\msoffice\Office\CUSTOM.DIC
c:\program files (x86)\msoffice\Office\CUSTOMER.DBF
c:\program files (x86)\msoffice\Office\DLGSETP.DLL
c:\program files (x86)\msoffice\Office\EMAIL.DOT
c:\program files (x86)\msoffice\Office\EMPLOYEE.DBF
c:\program files (x86)\msoffice\Office\EULA8.CNT
c:\program files (x86)\msoffice\Office\EULA8.HLP
c:\program files (x86)\msoffice\Office\EULAOEM.CNT
c:\program files (x86)\msoffice\Office\EULAOEM.HLP
c:\program files (x86)\msoffice\Office\Examples\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Examples\SAMPLES.XLS
c:\program files (x86)\msoffice\Office\Examples\Solver\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Examples\Solver\SOLVSAMP.XLS
c:\program files (x86)\msoffice\Office\Examples\Test.doc
c:\program files (x86)\msoffice\Office\EXCEL.EXE
c:\program files (x86)\msoffice\Office\EXCEL8.OLB
c:\program files (x86)\msoffice\Office\EXCEL8.SRG
c:\program files (x86)\msoffice\Office\EXCHCSP.DLL
c:\program files (x86)\msoffice\Office\EXCHNG.HLP
c:\program files (x86)\msoffice\Office\FILTERS.TXT
c:\program files (x86)\msoffice\Office\FINDER.EXE
c:\program files (x86)\msoffice\Office\FINDFAST.CNT
c:\program files (x86)\msoffice\Office\FINDFAST.EXE
c:\program files (x86)\msoffice\Office\FINDFAST.HLP
c:\program files (x86)\msoffice\Office\FLAME.DOT
c:\program files (x86)\msoffice\Office\Forms\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Forms\POSTL.ICO
c:\program files (x86)\msoffice\Office\Forms\POSTS.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDCNCLL.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDCNCLS.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDREQL.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDREQS.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDRESNL.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDRESNS.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDRESPL.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDRESPS.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDRESTL.ICO
c:\program files (x86)\msoffice\Office\Forms\SCDRESTS.ICO
c:\program files (x86)\msoffice\Office\Forms\SCHDCNCL.CFG
c:\program files (x86)\msoffice\Office\Forms\SCHDREQ.CFG
c:\program files (x86)\msoffice\Office\Forms\SCHDRESN.CFG
c:\program files (x86)\msoffice\Office\Forms\SCHDRESP.CFG
c:\program files (x86)\msoffice\Office\Forms\SCHDREST.CFG
c:\program files (x86)\msoffice\Office\GR8409.DLL
c:\program files (x86)\msoffice\Office\GR8GALRY.GRA
c:\program files (x86)\msoffice\Office\GRAPH8.AW
c:\program files (x86)\msoffice\Office\GRAPH8.CNT
c:\program files (x86)\msoffice\Office\GRAPH8.EXE
c:\program files (x86)\msoffice\Office\GRAPH8.HLP
c:\program files (x86)\msoffice\Office\GRAPH8.OLB
c:\program files (x86)\msoffice\Office\GRAPH8.SRG
c:\program files (x86)\msoffice\Office\GRINTL32.DLL
c:\program files (x86)\msoffice\Office\Headers\APPTHDR.HTM
c:\program files (x86)\msoffice\Office\Headers\APPTHDR.RTF
c:\program files (x86)\msoffice\Office\Headers\APPTHDR.USA
c:\program files (x86)\msoffice\Office\Headers\APPTHDR.USH
c:\program files (x86)\msoffice\Office\Headers\FORWARD.HTM
c:\program files (x86)\msoffice\Office\Headers\FORWARD.RTF
c:\program files (x86)\msoffice\Office\Headers\FORWARD.USA
c:\program files (x86)\msoffice\Office\Headers\FORWARD.USH
c:\program files (x86)\msoffice\Office\Headers\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Headers\POST.HTM
c:\program files (x86)\msoffice\Office\Headers\POST.RTF
c:\program files (x86)\msoffice\Office\Headers\POST.USA
c:\program files (x86)\msoffice\Office\Headers\POST.USH
c:\program files (x86)\msoffice\Office\Headers\REPLY.HTM
c:\program files (x86)\msoffice\Office\Headers\REPLY.RTF
c:\program files (x86)\msoffice\Office\Headers\REPLY.USA
c:\program files (x86)\msoffice\Office\Headers\REPLY.USH
c:\program files (x86)\msoffice\Office\Headers\TASKHDR.HTM
c:\program files (x86)\msoffice\Office\Headers\TASKHDR.RTF
c:\program files (x86)\msoffice\Office\Headers\TASKHDR.USA
c:\program files (x86)\msoffice\Office\Headers\TASKHDR.USH
c:\program files (x86)\msoffice\Office\HIGHTECH.DOT
c:\program files (x86)\msoffice\Office\HLINK.SRG
c:\program files (x86)\msoffice\Office\HTML.DOT
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET1.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET2.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET3.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET4.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET5.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET6.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET7.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET8.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE1.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE2.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE3.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE4.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE5.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE6.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE7.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE8.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE9.GIF
c:\program files (x86)\msoffice\Office\HTML\Dialogs\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\HTML\HTML.WLL
c:\program files (x86)\msoffice\Office\HTML\HTMLMARQ.OCX
c:\program files (x86)\msoffice\Office\HTML\HTMLMM.OCX
c:\program files (x86)\msoffice\Office\HTML\HTMLVIEW.DOT
c:\program files (x86)\msoffice\Office\HTML\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\HTML\WDHTML8.AW
c:\program files (x86)\msoffice\Office\HTML\WDHTML8.CNT
c:\program files (x86)\msoffice\Office\HTML\WDHTML8.HLP
c:\program files (x86)\msoffice\Office\IMPMAIL.DLL
c:\program files (x86)\msoffice\Office\JOURNAL.SRG
c:\program files (x86)\msoffice\Office\Library\ACCLINK.XLA
c:\program files (x86)\msoffice\Office\Library\Analysis\ANALYS32.XLL
c:\program files (x86)\msoffice\Office\Library\Analysis\ATPVBAEN.XLA
c:\program files (x86)\msoffice\Office\Library\Analysis\FUNCRES.XLA
c:\program files (x86)\msoffice\Office\Library\Analysis\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Library\Analysis\PROCDB.XLA
c:\program files (x86)\msoffice\Office\Library\AUTOSAVE.XLA
c:\program files (x86)\msoffice\Office\Library\BSHXL.XLA
c:\program files (x86)\msoffice\Office\Library\COMMON.XLS
c:\program files (x86)\msoffice\Office\Library\EXPDB.XLS
c:\program files (x86)\msoffice\Office\Library\FILECONV.XLA
c:\program files (x86)\msoffice\Office\Library\HTML.XLA
c:\program files (x86)\msoffice\Office\Library\INVDB.XLS
c:\program files (x86)\msoffice\Office\Library\LOOKUP.XLA
c:\program files (x86)\msoffice\Office\Library\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Library\MSQuery\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Library\MSQuery\XLODBC.XLA
c:\program files (x86)\msoffice\Office\Library\MSQuery\XLODBC32.DLL
c:\program files (x86)\msoffice\Office\Library\MSQuery\XLQUERY.XLA
c:\program files (x86)\msoffice\Office\Library\PODB.XLS
c:\program files (x86)\msoffice\Office\Library\REPORTS.XLA
c:\program files (x86)\msoffice\Office\Library\Solver\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Library\Solver\SOLVER.XLA
c:\program files (x86)\msoffice\Office\Library\Solver\SOLVER32.DLL
c:\program files (x86)\msoffice\Office\Library\SUMIF.XLA
c:\program files (x86)\msoffice\Office\Library\TMPLTNUM.XLA
c:\program files (x86)\msoffice\Office\Library\UPDTLINK.XLA
c:\program files (x86)\msoffice\Office\Library\WEBFORM.XLA
c:\program files (x86)\msoffice\Office\Library\WZTEMPLT.XLA
c:\program files (x86)\msoffice\Office\Macros\CONVERT8.WIZ
c:\program files (x86)\msoffice\Office\Macros\MACROS8.DOT
c:\program files (x86)\msoffice\Office\Macros\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Macros\SUPPORT8.DOT
c:\program files (x86)\msoffice\Office\Microsoft Outlook.lnk
c:\program files (x86)\msoffice\Office\MIDNIGHT.DOT
c:\program files (x86)\msoffice\Office\MIMEDIR.DLL
c:\program files (x86)\msoffice\Office\MISC.SRG
c:\program files (x86)\msoffice\Office\MLSHEXT.DLL
c:\program files (x86)\msoffice\Office\MSAPPS97.PDF
c:\program files (x86)\msoffice\Office\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\MSO7ENU.DLL
c:\program files (x86)\msoffice\Office\MSO7FTP.EXE
c:\program files (x86)\msoffice\Office\MSO7FTPA.EXE
c:\program files (x86)\msoffice\Office\MSO7FTPS.EXE
c:\program files (x86)\msoffice\Office\MSO97.DLL
c:\program files (x86)\msoffice\Office\MSO97FX.DLL
c:\program files (x86)\msoffice\Office\MSOC.DLL
c:\program files (x86)\msoffice\Office\MSOFFICE.SRG
c:\program files (x86)\msoffice\Office\MSOUTL85.OLB
c:\program files (x86)\msoffice\Office\MSQRY32.AW
c:\program files (x86)\msoffice\Office\MSQRY32.CNT
c:\program files (x86)\msoffice\Office\MSQRY32.EXE
c:\program files (x86)\msoffice\Office\MSQRY32.HLP
c:\program files (x86)\msoffice\Office\MSROUTE.DLL
c:\program files (x86)\msoffice\Office\MSWORD8.OLB
c:\program files (x86)\msoffice\Office\NEWPROF.EXE
c:\program files (x86)\msoffice\Office\OCEAN.DOT
c:\program files (x86)\msoffice\Office\OFFER.MSG
c:\program files (x86)\msoffice\Office\OFNEW8.CNT
c:\program files (x86)\msoffice\Office\OFNEW8.HLP
c:\program files (x86)\msoffice\Office\OFTIP8.HLP
c:\program files (x86)\msoffice\Office\OLEXCHNG.AW
c:\program files (x86)\msoffice\Office\OLEXCHNG.CNT
c:\program files (x86)\msoffice\Office\OLEXCHNG.HLP
c:\program files (x86)\msoffice\Office\OLKFSTUB.DLL
c:\program files (x86)\msoffice\Office\OLREADME.TXT
c:\program files (x86)\msoffice\Office\ORDERS.DBF
c:\program files (x86)\msoffice\Office\OSA.EXE
c:\program files (x86)\msoffice\Office\OSAINTL.DLL
c:\program files (x86)\msoffice\Office\OUTDOM.INF
c:\program files (x86)\msoffice\Office\OUTFORM.DAT
c:\program files (x86)\msoffice\Office\OUTL97.PDF
c:\program files (x86)\msoffice\Office\OUTLAS.DLL
c:\program files (x86)\msoffice\Office\OUTLBAR.INF
c:\program files (x86)\msoffice\Office\OUTLCTL.DLL
c:\program files (x86)\msoffice\Office\OUTLHLP.AW
c:\program files (x86)\msoffice\Office\OUTLHLP.CNT
c:\program files (x86)\msoffice\Office\OUTLHLP.DLL
c:\program files (x86)\msoffice\Office\OUTLHLP.HLP
c:\program files (x86)\msoffice\Office\OUTLLIB.DLL
c:\program files (x86)\msoffice\Office\OUTLMIME.DLL
c:\program files (x86)\msoffice\Office\OUTLNEW.CNT
c:\program files (x86)\msoffice\Office\OUTLNEW.HLP
c:\program files (x86)\msoffice\Office\OUTLOOK.EXE
c:\program files (x86)\msoffice\Office\OUTLOOK.SRG
c:\program files (x86)\msoffice\Office\OUTLOOK.TXT
c:\program files (x86)\msoffice\Office\OUTLRPC.DLL
c:\program files (x86)\msoffice\Office\OUTLSPEC.INI
c:\program files (x86)\msoffice\Office\OUTLTIP.HLP
c:\program files (x86)\msoffice\Office\OUTLVBS.DLL
c:\program files (x86)\msoffice\Office\OUTLWAB.DLL
c:\program files (x86)\msoffice\Office\OUTLWVW.DLL
c:\program files (x86)\msoffice\Office\PSS8.CNT
c:\program files (x86)\msoffice\Office\PSS8.HLP
c:\program files (x86)\msoffice\Office\PSS85.CNT
c:\program files (x86)\msoffice\Office\PSS85.HLP
c:\program files (x86)\msoffice\Office\QRYINT32.DLL
c:\program files (x86)\msoffice\Office\RAIN.DOT
c:\program files (x86)\msoffice\Office\RECALL.DLL
c:\program files (x86)\msoffice\Office\REGMSO.EXE
c:\program files (x86)\msoffice\Office\REGTLIB.EXE
c:\program files (x86)\msoffice\Office\RTFHTML.DLL
c:\program files (x86)\msoffice\Office\SBE97.JFD
c:\program files (x86)\msoffice\Office\SBFM\AAP.CNT
c:\program files (x86)\msoffice\Office\SBFM\AAP.HLP
c:\program files (x86)\msoffice\Office\SBFM\AAPACC.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPBWW.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPDAC.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPGREAT.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPMAS90.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPONE.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPDOS.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPLA44.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPLAT.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPSS.CNT
c:\program files (x86)\msoffice\Office\SBFM\AAPPSS.HLP
c:\program files (x86)\msoffice\Office\SBFM\AAPPW35.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPW40.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPW50.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPPWIN.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPQBW.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPQBW40.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPQBW50.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPRDT.ICO
c:\program files (x86)\msoffice\Office\SBFM\AAPSIM40.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPSIM50.DLL
c:\program files (x86)\msoffice\Office\SBFM\AAPSIMP.DLL
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\Business Comparison.xlt
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\RMA.MDB
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\Sic Codes.txt
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Create Projection Wizard\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Create Projection Wizard\Projection.exe
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Create Projection Wizard\Projections.xlt
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projected Balance Sheet.xls
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projected Cash Flow.xls
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projected Income Statement.xls
c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projection Assumptions.xls
c:\program files (x86)\msoffice\Office\SBFM\Charts\Balance Sheet Composition.xls
c:\program files (x86)\msoffice\Office\SBFM\Charts\Cash Flow Trend.xls
c:\program files (x86)\msoffice\Office\SBFM\Charts\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Charts\Revenue-Expense Trend.xls
c:\program files (x86)\msoffice\Office\SBFM\Charts\Sales Composition.xls
c:\program files (x86)\msoffice\Office\SBFM\Database\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Database\Volcano Coffee Company.mdb
c:\program files (x86)\msoffice\Office\SBFM\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\QBDRIVHK.DLL
c:\program files (x86)\msoffice\Office\SBFM\README.TXT
c:\program files (x86)\msoffice\Office\SBFM\Report Workbook.xlt
c:\program files (x86)\msoffice\Office\SBFM\Reports\Balance Sheet.xls
c:\program files (x86)\msoffice\Office\SBFM\Reports\Cash Flow.xls
c:\program files (x86)\msoffice\Office\SBFM\Reports\Changes in Stockholders Equity.xls
c:\program files (x86)\msoffice\Office\SBFM\Reports\Income Statement.xls
c:\program files (x86)\msoffice\Office\SBFM\Reports\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Reports\Ratios.xls
c:\program files (x86)\msoffice\Office\SBFM\Reports\Sales Analysis.xls
c:\program files (x86)\msoffice\Office\SBFM\Reports\Trial Balance.xls
c:\program files (x86)\msoffice\Office\SBFM\Setup\ACMSETUP.HLP
c:\program files (x86)\msoffice\Office\SBFM\Setup\COMPLINC.DLL
c:\program files (x86)\msoffice\Office\SBFM\Setup\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\SBFM\Setup\MSSETUP.DLL
c:\program files (x86)\msoffice\Office\SBFM\Setup\ODBCKEY.INF
c:\program files (x86)\msoffice\Office\SBFM\Setup\ODBCSTF.DLL
c:\program files (x86)\msoffice\Office\SBFM\Setup\OFFSETUP.TTF
c:\program files (x86)\msoffice\Office\SBFM\Setup\SBFMSTP.DLL
c:\program files (x86)\msoffice\Office\SBFM\Setup\SBFMSTP.EXE
c:\program files (x86)\msoffice\Office\SBFM\Setup\SBFMSTP.INF
c:\program files (x86)\msoffice\Office\SBFM\Setup\sbfmstp.stf
c:\program files (x86)\msoffice\Office\SBFM\Setup\SETUP.INI
c:\program files (x86)\msoffice\Office\SBFM\Template.mdb
c:\program files (x86)\msoffice\Office\SBFM\What-If Workbook.xls
c:\program files (x86)\msoffice\Office\SBFM\What-If.xla
c:\program files (x86)\msoffice\Office\SCANLOAD.DLL
c:\program files (x86)\msoffice\Office\SCANPST.EXE
c:\program files (x86)\msoffice\Office\SCANPST.HLP
c:\program files (x86)\msoffice\Office\SCHDMAPI.DLL
c:\program files (x86)\msoffice\Office\Setup\ACMEWORD.EXE
c:\program files (x86)\msoffice\Office\Setup\ACMEWORD.LST
c:\program files (x86)\msoffice\Office\Setup\ACMEXL.EXE
c:\program files (x86)\msoffice\Office\Setup\ACMEXL.LST
c:\program files (x86)\msoffice\Office\Setup\Excel97.stf
c:\program files (x86)\msoffice\Office\Setup\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Setup\outljobs\CORE.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\CPIM.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\EXSVC.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\HELP.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\INFO.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\LOTUS.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\MPI95.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Setup\outljobs\NEWS.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\OFFAS.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\REM97.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\SNDCR.CLT
c:\program files (x86)\msoffice\Office\Setup\outljobs\XENUS.CLT
c:\program files (x86)\msoffice\Office\Setup\OUTLOOK.STF
c:\program files (x86)\msoffice\Office\Setup\Outlook\acmeeng.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\acmsetup.exe
c:\program files (x86)\msoffice\Office\Setup\Outlook\acmsetup.hlp
c:\program files (x86)\msoffice\Office\Setup\Outlook\core.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\corepst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\cpim.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\cpimpst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\exsvc.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\exsvcpst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\ffast_bb.dll
c:\program files (x86)\msoffice\Office\Setup\Outlook\help.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\helppst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\info.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\infopst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\lotus.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\lotuspst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\mpi95.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\mpi95pst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\mssetup.dll
c:\program files (x86)\msoffice\Office\Setup\Outlook\news.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\newspst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\offas.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\offaspst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\ol98cah.dll
c:\program files (x86)\msoffice\Office\Setup\Outlook\olmaint.exe
c:\program files (x86)\msoffice\Office\Setup\Outlook\olmaint.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\Out98Inv.dll
c:\program files (x86)\msoffice\Office\Setup\Outlook\outsetup.hlp
c:\program files (x86)\msoffice\Office\Setup\Outlook\rem97.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\rem97pst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\setup.ini
c:\program files (x86)\msoffice\Office\Setup\Outlook\Setup.tdf
c:\program files (x86)\msoffice\Office\Setup\Outlook\sndcr.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\sndcrpst.stf
c:\program files (x86)\msoffice\Office\Setup\Outlook\wmsset32.dll
c:\program files (x86)\msoffice\Office\Setup\Outlook\xenus.inf
c:\program files (x86)\msoffice\Office\Setup\Outlook\xenuspst.stf
c:\program files (x86)\msoffice\Office\Setup\Word97.stf
c:\program files (x86)\msoffice\Office\Setup\WRD97INV.DLL
c:\program files (x86)\msoffice\Office\Setup\XL97INV.DLL
c:\program files (x86)\msoffice\Office\STARTUP\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\URGENT.DOT
c:\program files (x86)\msoffice\Office\VBAGRP8.CNT
c:\program files (x86)\msoffice\Office\VBAGRP8.HLP
c:\program files (x86)\msoffice\Office\VBAOFF8.AW
c:\program files (x86)\msoffice\Office\VBAOFF8.CNT
c:\program files (x86)\msoffice\Office\VBAOFF8.HLP
c:\program files (x86)\msoffice\Office\VBAWRD8.AW
c:\program files (x86)\msoffice\Office\VBAWRD8.CNT
c:\program files (x86)\msoffice\Office\VBAWRD8.HLP
c:\program files (x86)\msoffice\Office\VBAXL8.AW
c:\program files (x86)\msoffice\Office\VBAXL8.CNT
c:\program files (x86)\msoffice\Office\VBAXL8.HLP
c:\program files (x86)\msoffice\Office\WDMAIN8.AW
c:\program files (x86)\msoffice\Office\WDMAIN8.CNT
c:\program files (x86)\msoffice\Office\WDMAIN8.HLP
c:\program files (x86)\msoffice\Office\WDNEW8.CNT
c:\program files (x86)\msoffice\Office\WDNEW8.HLP
c:\program files (x86)\msoffice\Office\WDREAD8.TXT
c:\program files (x86)\msoffice\Office\WDTIP8.HLP
c:\program files (x86)\msoffice\Office\WDWPH8.HLP
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\2-Column Layout.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\3-Column Layout.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\CALENDAR.DOC
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Centered Layout.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Form - Feedback.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Form - Registration.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Form - Survey.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Personal Home Page.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Simple Layout.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Table of Contents.doc
c:\program files (x86)\msoffice\Office\Web Page Templates\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Brick Wall.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Club Deco.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Community.dot
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Contemporary.dot
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\ELEGANT.DOT
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Fancy Green Patterns.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\FESTIVE.DOT
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Granite Edifice.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\HARVEST.DOT
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\JAZZY.DOT
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Leaves on the Side.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Off Yellow Bookcover.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\OUTDOORS.DOT
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Professional.dot
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Stained Glass on Side.gif
c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Wheat.gif
c:\program files (x86)\msoffice\Office\WELCOME.MSG
c:\program files (x86)\msoffice\Office\WINWORD.EXE
c:\program files (x86)\msoffice\Office\WINWORD8.SRG
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Email.lnk
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Flame.lnk
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Hightech.lnk
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Midnight.lnk
c:\program files (x86)\msoffice\Office\WordMail\Favorites\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Ocean.lnk
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Rain.lnk
c:\program files (x86)\msoffice\Office\WordMail\Favorites\Urgent.lnk
c:\program files (x86)\msoffice\Office\WordMail\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\WORKFUNC.AW
c:\program files (x86)\msoffice\Office\WWINTL32.DLL
c:\program files (x86)\msoffice\Office\WWPAB.CNV
c:\program files (x86)\msoffice\Office\XL5EN32.OLB
c:\program files (x86)\msoffice\Office\XL8409.DLL
c:\program files (x86)\msoffice\Office\XL8GALRY.XLS
c:\program files (x86)\msoffice\Office\XL97SPEC.INI
c:\program files (x86)\msoffice\Office\XLCALL32.DLL
c:\program files (x86)\msoffice\Office\XLHTML.DLL
c:\program files (x86)\msoffice\Office\XLINTL32.DLL
c:\program files (x86)\msoffice\Office\XLMACR8.HLP
c:\program files (x86)\msoffice\Office\XLMAIN8.AW
c:\program files (x86)\msoffice\Office\XLMAIN8.CNT
c:\program files (x86)\msoffice\Office\XLMAIN8.HLP
c:\program files (x86)\msoffice\Office\XLNEW8.CNT
c:\program files (x86)\msoffice\Office\XLNEW8.HLP
c:\program files (x86)\msoffice\Office\XLQPW.DLL
c:\program files (x86)\msoffice\Office\XLREAD8.TXT
c:\program files (x86)\msoffice\Office\XLStart\MSCREATE.DIR
c:\program files (x86)\msoffice\Office\XLTIP8.HLP
c:\program files (x86)\msoffice\Office\XLTMPL8.HLP
c:\program files (x86)\msoffice\Queries\Detailed Stock Quote by PC Quote, Inc.iqy
c:\program files (x86)\msoffice\Queries\Dow Jones Stocks by PC Quote, Inc.iqy
c:\program files (x86)\msoffice\Queries\Get More Web Queries.iqy
c:\program files (x86)\msoffice\Queries\MSCREATE.DIR
c:\program files (x86)\msoffice\Queries\Multiple Stock Quotes by PC Quote, Inc.iqy
c:\program files (x86)\msoffice\Templates\Appointment.oft
c:\program files (x86)\msoffice\Templates\Contact.oft
c:\program files (x86)\msoffice\Templates\Legal Pleadings\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Legal Pleadings\Pleading Wizard.wiz
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Contemporary Fax.dot
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Contemporary Letter.dot
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Elegant Fax.dot
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Elegant Letter.dot
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Envelope Wizard.wiz
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Fax Wizard.wiz
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Letter Wizard.wiz
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Mailing Label Wizard.wiz
c:\program files (x86)\msoffice\Templates\Letters & Faxes\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Professional Fax.dot
c:\program files (x86)\msoffice\Templates\Letters & Faxes\Professional Letter.dot
c:\program files (x86)\msoffice\Templates\Mail.oft
c:\program files (x86)\msoffice\Templates\Memos\Contemporary Memo.dot
c:\program files (x86)\msoffice\Templates\Memos\Elegant Memo.dot
c:\program files (x86)\msoffice\Templates\Memos\Memo Wizard.wiz
c:\program files (x86)\msoffice\Templates\Memos\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Memos\Professional Memo.dot
c:\program files (x86)\msoffice\Templates\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Normal.dot
c:\program files (x86)\msoffice\Templates\Other Documents\Contemporary Resume.dot
c:\program files (x86)\msoffice\Templates\Other Documents\Elegant Resume.dot
c:\program files (x86)\msoffice\Templates\Other Documents\More Templates and Wizards.dot
c:\program files (x86)\msoffice\Templates\Other Documents\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Other Documents\Professional Resume.dot
c:\program files (x86)\msoffice\Templates\Other Documents\Resume Wizard.wiz
c:\program files (x86)\msoffice\Templates\Outlook\EMAIL.OFT
c:\program files (x86)\msoffice\Templates\Outlook\FLAME.OFT
c:\program files (x86)\msoffice\Templates\Outlook\HIGHTECH.OFT
c:\program files (x86)\msoffice\Templates\Outlook\MIDNIGHT.OFT
c:\program files (x86)\msoffice\Templates\Outlook\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Outlook\OCEAN.OFT
c:\program files (x86)\msoffice\Templates\Outlook\RAIN.OFT
c:\program files (x86)\msoffice\Templates\Outlook\URGENT.OFT
c:\program files (x86)\msoffice\Templates\Outlook\While You Were Out.oft
c:\program files (x86)\msoffice\Templates\Post.oft
c:\program files (x86)\msoffice\Templates\Publications\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Publications\Newsletter Wizard.wiz
c:\program files (x86)\msoffice\Templates\Reports\Contemporary Report.dot
c:\program files (x86)\msoffice\Templates\Reports\Elegant Report.dot
c:\program files (x86)\msoffice\Templates\Reports\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Reports\Professional Report.dot
c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\Expense Statement.xlt
c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\INVOICE.XLT
c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\Purchase Order.xlt
c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\Village Software.xlt
c:\program files (x86)\msoffice\Templates\Task.oft
c:\program files (x86)\msoffice\Templates\Web Pages\Blank Web Page.lnk
c:\program files (x86)\msoffice\Templates\Web Pages\More Cool Stuff.dot
c:\program files (x86)\msoffice\Templates\Web Pages\MSCREATE.DIR
c:\program files (x86)\msoffice\Templates\Web Pages\Web Page Wizard.wiz
c:\program files (x86)\msoffice\WORDSPEC.INI
c:\users\Greg\AppData\Roaming\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
c:\users\Greg\Documents\~WRL1471.tmp
c:\users\Greg\Documents\~WRL2099.tmp
c:\users\Greg\Documents\pub2CF6.tmp
c:\users\Greg\Documents\pub3E21.tmp
c:\users\Greg\Documents\pubC66E.tmp
c:\users\Greg\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Greg\g2mdlhlpx.exe
c:\users\Greg\GoToAssistDownloadHelper.exe
c:\users\Greg\WINDOWS
c:\windows\_detmp.2
c:\windows\_detmp.4
c:\windows\CDAC13BA.EXE
c:\windows\CDAC14BA.DLL
c:\windows\start.exe
c:\windows\SysWow64\MSVCRT40.1
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\windows.scr
c:\windows\Web\default.htt
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 00:19 . 2012-09-13 00:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-13 00:19 . 2012-09-13 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 16:18 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0643B283-000D-4725-92BA-FC8878B343CA}\mpengine.dll
2012-09-07 00:23 . 2012-09-07 00:23 -------- d-----w- c:\users\Greg\AppData\Roaming\SUPERAntiSpyware.com
2012-09-07 00:23 . 2012-09-07 00:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-06 20:06 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1857026-0769-4A9F-BEC4-70C3D67E69C4}\gapaengine.dll
2012-09-06 20:06 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 20:05 . 2012-09-06 20:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-06 20:05 . 2012-09-06 20:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-05 18:54 . 2012-09-05 18:54 -------- d-----w- c:\users\Greg\AppData\Roaming\PC Utility Kit
2012-09-05 18:54 . 2012-09-05 19:00 -------- d-----w- c:\programdata\PC Utility Kit
2012-09-05 17:46 . 2012-09-05 17:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-21 00:14 . 2012-08-21 00:14 -------- d-----w- c:\users\Greg\AppData\Roaming\SpeedyPC Software
2012-08-21 00:14 . 2012-08-21 00:14 -------- d-----w- c:\users\Greg\AppData\Roaming\DriverCure
2012-08-21 00:14 . 2012-08-21 00:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-14 16:30 . 2012-08-14 16:30 -------- d-----w- c:\users\Greg\AppData\Local\{6B297404-E62D-11E1-8270-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:31 . 2012-04-05 16:43 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 20:31 . 2011-05-17 20:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 17:08 . 2009-12-09 17:46 62134624 ----a-w- c:\windows\system32\MRT.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] .. c:\windows\SysWOW64\msgsvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] .. c:\windows\SysWOW64\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Greg\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"EditLevel"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
backup=
path=
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FriendFinder Messenger.lnk]
backup=c:\windows\pss\FriendFinder Messenger.lnkStartup
.
[HKLM\~\startupfolder\C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
2008-01-07 22:53 53248 ----a-w- c:\program files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-09-26 22:11 372736 ----a-w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-11 19:54 421888 ----a-w- c:\program files (x86)\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-04-06 17:19 204845 ----a-w- c:\program files (x86)\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files (x86)\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 12:25 144784 ----a-w- c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-04-06 17:19 180269 ----a-w- c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"ccSetMgr"=2 (0x2)
"DefWatch"=2 (0x2)
"NSCService"=3 (0x3)
"SNDSrvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"Symantec Core LC"=2 (0x2)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1255736]
S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2005-08-27 28192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2009-04-26 90352]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys [2009-06-25 508672]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-06-04 204288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:31]
.
2012-09-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eca26dcd-6616-418b-8ceb-47a83fcf43f3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
Trusted Zone: netflix.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\lu2hrwto.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
.
.
------- File Associations -------
.
JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
Wow6432Node-HKLM-Run-Mixghost - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
MSConfigStartUp-AdobeUpdater - c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Norton SystemWorks - \CfgWiz.exe
MSConfigStartUp-RegistryMechanic - c:\program files (x86)\Registry Mechanic\RegMech.exe
MSConfigStartUp-updateMgr - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-CdaC13Ba - c:\windows\CDAC13BA.EXE
AddRemove-HP Photo Printing Software - c:\program files (x86)\Hewlett-Packard\Photo Printing\Uninstall.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2012-09-12 17:39:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-13 00:38
.
Pre-Run: 444,475,064,320 bytes free
Post-Run: 444,673,789,952 bytes free
.
- - End Of File - - 3DFBE99510677B9E296552EBB0431B7F

jeffce · 13-Sep-2012, 07:43 AM **#14**

Hi,

No I would not say we are in the clear yet but definitely going in the right direction.

Are you aware your system is set up to run off of a proxy by chance?
----------

FRST

Download Farbar Recovery Scan Tool64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------

GregBassine · 13-Sep-2012, 12:24 PM **#15**

I don't have a flash drive, so I'll run out and get one (operates off any of my USB ports, yes?). Just to be clear. The computer I am using right now is infected. Can I use that computer to download the Farbar Recovery Tool? Also, every time I access this thread, I get a message from IE Security saying that Adobe wants to open some web content. Is it ok to answer yes to the request (the signature says it's from Adobe), or is this still part of the virus? I guess I'm a little hinky now.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Had viruses (cleaned), now update downloads & firewall blocked.

Find the solution to your computer problem!

Find the solution to your
computer problem!