1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Had viruses (cleaned), now update downloads & firewall blocked.

Discussion in 'Virus & Other Malware Removal' started by GregBassine, Sep 12, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    Need your help please. I am using Windows 7 on a Gateway box. Use Comcast as my internet provider. I run MSE, Registry Mechanic and Super Antispyware Professional.

    I suspected I had something wrong with my computer so ran first Super Antispyware Professional to check for anything. I searched every file on my computer. I found several adware tracking cookies and a virus (have since removed it - Trojan.Agent/Gen-RoboNanny).

    I then ran MSE (scanning every file) and found two more viruses. I have since removed them, and cannot tell you what they were. I deleted my history on MSE (dumb thing to do, but did it).

    I checked with Comcast and they couldn't find anything wrong on their end. I did reset my modem and rebooted to no avail.

    NOW, HERE's MY PROBLEM:

    Windows firewall is turned off and I cannot turn it back on. I can't run Windows 7 update or update MSE. I also can't update Registry Mechanic. I CAN update Super Antispyware Professional however.

    Any thoughts out there? I am a basic user. When you get into stuff like making changes to the registry, etc. I get lost quickly. I appreciate any help you can provide. Thanks.
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,497
    heyya Greg Bassine, welcome to TSG.

    First, I've removed your email, as that is a great way to get on a spam list (publishing it on an open forum). Second, you are probably still infected, so you may want to follow the instructions here and get the logs posted.

    Finally, steer clear of stuff like registry mechanic; anything that states it will clean your registry and optimize performance is a scam, and can do a lot more harm than good.

    thanks,

    v
     
  3. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    Thanks for the feedback. I didn't know I recieved an e-mail letting me know I have a reply. I will remove Registry Mechanic right after this post. Thanks for the heads up.

    I ran HiJack and first got the message: "For some reason the system denied write access to the hosts file. Hijack this my not be able to fix this". I then clicked on "OK". Then I got a Notepad log file (see below). Your thoughts and thanks...

    -------------------------- H I J A C K L O G F I L E -------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:55:17 AM, on 9/12/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Normal
    Running processes:
    C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\CNYHKey.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Windows\ModLedKey.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Greg\Downloads\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.teleport.com"); (C:\Program Files (x86)\Netscape\Users\dmginc\prefs.js)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
    O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.netflix.com
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136326936791
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 13831 bytes
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,497
    now give it a few.......I'm not qualified to give malware advice, but if someone isn't along in 24 hours or so, bump the thread and I'll try to track someone down. :)

    thanks,

    v
     
  5. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Right-click and Run as Administrator dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt

    Attach.txt
    ----------

    Please download aswMBR to your desktop.

    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------
     
  6. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,497
    thanks, jeffce......that was rather quick. :)
     
  7. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Not a problem....I happened to be here and looked right at the topic. :)
     
  8. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    Hi Guys. OK, here is what I have:

    -------------------------------- DDS.TXT ----------------------------------
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Greg at 12:54:20 on 2012-09-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5440 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\MHotKey.exe
    C:\Windows\ChiFuncExt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\System32\StikyNot.exe
    C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\CNYHKey.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\ModLedKey.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Greg\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Akamai NetSession Interface] "C:\Users\Greg\AppData\Local\Akamai\netsession_win.exe"
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [eRecoveryService]
    mRun: [LchDrvKey] LchDrvKey.exe
    mRun: [LedKey] CNYHKey.exe
    mRun: [Mixghost]
    mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-explorer: EditLevel = 0 (0x0)
    uPolicies-explorer: HideClock = 0 (0x0)
    uPolicies-explorer: NoInstrumentation = 1
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoFileAssociate = 0 (0x0)
    mPolicies-explorer: NoResolveTrack = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: netflix.com
    DPF: DirectAnimation Java Classes - file://C:\WINDOWS\SYSTEM\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
    DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
    DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136326936791
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - hxxp://ftp.us.dell.com/fixes/PROFILER.CAB
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37606.5907291667
    DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9712E214-2095-4240-BE72-812D046DB980} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [eRecoveryService]
    mRun-x64: [LchDrvKey] LchDrvKey.exe
    mRun-x64: [LedKey] CNYHKey.exe
    mRun-x64: [Mixghost]
    mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    SEH-X64: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\lu2hrwto.default\
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Greg\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 nvamacpi;Nvidia Away Mode System;C:\Windows\system32\DRIVERS\NVAMACPI.sys --> C:\Windows\system32\DRIVERS\NVAMACPI.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-5-6 24576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-19 2214504]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2009-8-12 90352]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?]
    R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTS5121.sys --> C:\Windows\system32\Drivers\RTS5121.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250568]
    S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-09-12 16:18:31 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0643B283-000D-4725-92BA-FC8878B343CA}\mpengine.dll
    2012-09-12 16:00:46 -------- d-----w- C:\Users\Greg\AppData\Local\{E91A4E8A-C352-4BCB-AA57-7E4A28172243}
    2012-09-12 03:20:34 -------- d-----w- C:\Users\Greg\AppData\Local\{6C9032D7-0354-49BB-A1D9-DF34FB8F249E}
    2012-09-11 15:20:10 -------- d-----w- C:\Users\Greg\AppData\Local\{44BE0299-F2D2-44A3-A26A-2BD6228C1A37}
    2012-09-10 15:33:29 -------- d-----w- C:\Users\Greg\AppData\Local\{817A7ACC-C74B-4F7A-B50F-70ABD0C26576}
    2012-09-09 16:55:17 -------- d-----w- C:\Users\Greg\AppData\Local\{089ABA8D-DCB2-430C-85F9-2B1ADBA6E958}
    2012-09-07 14:13:36 -------- d-----w- C:\Users\Greg\AppData\Local\{D29C90E7-F4E6-4044-83D3-18FAB972AF50}
    2012-09-07 00:23:08 -------- d-----w- C:\Users\Greg\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-07 00:23:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-09-06 20:06:25 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C1857026-0769-4A9F-BEC4-70C3D67E69C4}\gapaengine.dll
    2012-09-06 20:06:16 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-06 20:05:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-09-06 20:05:30 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-09-06 16:24:23 -------- d-----w- C:\Users\Greg\AppData\Local\{036E0695-E89B-4F1B-8FCE-F1FC9C6E775A}
    2012-09-05 18:54:17 -------- d-----w- C:\Users\Greg\AppData\Roaming\PC Utility Kit
    2012-09-05 18:54:11 -------- d-----w- C:\ProgramData\PC Utility Kit
    2012-09-05 17:46:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-09-05 15:20:27 -------- d-----w- C:\Users\Greg\AppData\Local\{06D4302A-1D1C-4B4D-8C30-87BD4E48353C}
    2012-09-04 15:34:40 -------- d-----w- C:\Users\Greg\AppData\Local\{D43F0CEF-EAEA-4A15-BE01-D5277A616091}
    2012-09-03 15:19:47 -------- d-----w- C:\Users\Greg\AppData\Local\{154C894D-69CA-4B03-8397-90CA5E4ED108}
    2012-09-02 17:38:43 -------- d-----w- C:\Users\Greg\AppData\Local\{1DB5D971-5167-421A-9EC1-4091AC3566D9}
    2012-09-01 15:16:42 -------- d-----w- C:\Users\Greg\AppData\Local\{259B8B63-88E6-4C5D-BF29-365840E19A89}
    2012-09-01 03:16:30 -------- d-----w- C:\Users\Greg\AppData\Local\{4A2307EA-143F-4586-837D-4A1B8D40254C}
    2012-08-31 15:16:18 -------- d-----w- C:\Users\Greg\AppData\Local\{259FD788-AF2A-48B3-8B71-208B39C05888}
    2012-08-30 18:35:22 -------- d-----w- C:\Users\Greg\AppData\Local\{9E58F188-2716-4665-BE82-AA8433322F32}
    2012-08-30 06:35:27 -------- d-----w- C:\Users\Greg\AppData\Local\{1CACD71F-5BEE-4401-95ED-1A85397A07E8}
    2012-08-29 15:58:15 -------- d-----w- C:\Users\Greg\AppData\Local\{47B6D164-9624-4304-A9E5-415DF30A67D3}
    2012-08-28 15:56:16 -------- d-----w- C:\Users\Greg\AppData\Local\{321D9183-03FD-4EDA-908E-09F23953641E}
    2012-08-27 15:15:24 -------- d-----w- C:\Users\Greg\AppData\Local\{41712895-9C44-4174-9F87-9010164F5DFD}
    2012-08-26 15:04:31 -------- d-----w- C:\Users\Greg\AppData\Local\{E99BB402-BAC1-4B1D-923D-039A13AE70ED}
    2012-08-25 18:34:35 -------- d-----w- C:\Users\Greg\AppData\Local\{826DD7B9-773E-436B-B92D-53509D0017EE}
    2012-08-25 06:34:41 -------- d-----w- C:\Users\Greg\AppData\Local\{264D4E36-8155-409D-A852-A7CCE533BC4E}
    2012-08-24 18:25:15 -------- d-----w- C:\Users\Greg\AppData\Local\{F437E164-442F-47D3-A208-E5AF6BBA9D1F}
    2012-08-24 06:25:15 -------- d-----w- C:\Users\Greg\AppData\Local\{FE952314-A23B-4DA5-A5E2-8B3B1A4D5022}
    2012-08-23 16:20:39 -------- d-----w- C:\Users\Greg\AppData\Local\{A645E5DC-B05A-43A9-B3C7-18F877D789DE}
    2012-08-22 19:20:43 -------- d-----w- C:\Users\Greg\AppData\Local\{BF526917-16F5-4C54-9CD0-7F6CEB79B19B}
    2012-08-21 15:21:21 -------- d-----w- C:\Users\Greg\AppData\Local\{9F31DF46-C59A-44C8-938E-8D2484BBB043}
    2012-08-21 02:57:55 -------- d-----w- C:\Users\Greg\AppData\Local\{C0E6F94E-8754-4800-8122-D2D0C1640279}
    2012-08-21 00:14:52 -------- d-----w- C:\Users\Greg\AppData\Roaming\SpeedyPC Software
    2012-08-21 00:14:52 -------- d-----w- C:\Users\Greg\AppData\Roaming\DriverCure
    2012-08-21 00:14:27 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2012-08-20 14:57:31 -------- d-----w- C:\Users\Greg\AppData\Local\{EE6B26B9-808F-473F-AE27-F578F5F30DD4}
    2012-08-17 13:26:22 -------- d-----w- C:\Users\Greg\AppData\Local\{6E6DEF13-8BBA-4D53-9E18-CD3D6EDFA042}
    2012-08-17 13:26:11 -------- d-----w- C:\Users\Greg\AppData\Local\{DE1B8EB0-C954-4C7A-905B-3119C04B28A3}
    2012-08-16 15:51:35 -------- d-----w- C:\Users\Greg\AppData\Local\{94B50CA9-0E51-4D5D-81B0-B0839E7C2756}
    2012-08-16 15:51:24 -------- d-----w- C:\Users\Greg\AppData\Local\{55A2F1F3-0E2C-4349-8A47-7A6FFF68AAAC}
    2012-08-16 03:51:11 -------- d-----w- C:\Users\Greg\AppData\Local\{B17F8279-78AA-4133-A39A-2A759575D28D}
    2012-08-16 03:51:01 -------- d-----w- C:\Users\Greg\AppData\Local\{ECB661C6-1859-4C7E-8343-F90F5B64B7AE}
    2012-08-15 15:50:36 -------- d-----w- C:\Users\Greg\AppData\Local\{37A093E8-BE59-4908-9E9F-4DFEBF192774}
    2012-08-15 15:50:25 -------- d-----w- C:\Users\Greg\AppData\Local\{1B3F451A-8BC8-47A6-84EE-A5FECDC5600E}
    2012-08-14 16:30:59 -------- d-----w- C:\Users\Greg\AppData\Local\{6B297404-E62D-11E1-8270-B8AC6F996F26}
    2012-08-14 15:02:05 -------- d-----w- C:\Users\Greg\AppData\Local\{A428453D-4D5A-49C0-B6FD-25855A7A625B}
    2012-08-14 15:01:54 -------- d-----w- C:\Users\Greg\AppData\Local\{A7D112DE-6F80-4A14-AD6C-C65AFD3006ED}
    2012-08-14 03:01:41 -------- d-----w- C:\Users\Greg\AppData\Local\{014BFD23-346B-4FEC-85B3-5A219A76D8C2}
    2012-08-14 03:01:30 -------- d-----w- C:\Users\Greg\AppData\Local\{BA6EB036-7B4E-491A-A4E9-57B87CE74448}
    .
    ==================== Find3M ====================
    .
    2012-08-30 20:31:06 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-30 20:31:06 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 12:55:17.47 ===============

    ________________________________ ATTACH.TXT -------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/25/2009 10:08:17 AM
    System Uptime: 9/12/2012 10:27:17 AM (2 hours ago)
    .
    Motherboard: Gateway | | FMCP7AM
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 414.266 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&2D45C30F&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&2D45C30F&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP1039: 6/16/2012 12:00:12 PM - Windows Update
    RP1040: 6/17/2012 12:00:15 PM - Windows Update
    RP1041: 6/18/2012 8:49:49 AM - Windows Update
    RP1042: 6/18/2012 12:00:12 PM - Windows Update
    RP1044: 6/19/2012 9:18:20 AM - Restore Point before Corrupt Patch Registry keys
    RP1045: 6/19/2012 9:22:13 AM - Windows Update
    RP1047: 6/19/2012 9:50:08 AM - Restore Point before Adobe Dreamweaver CS3 was removed using Program Install and Uninstall troubleshooter
    RP1049: 6/19/2012 9:51:38 AM - Adobe Dreamweaver CS3
    RP1050: 6/20/2012 8:01:17 AM - Windows Update
    RP1051: 6/23/2012 6:30:47 AM - Windows Update
    RP1052: 6/23/2012 8:45:23 AM - Windows Update
    RP1053: 7/2/2012 8:12:23 AM - Windows Update
    RP1054: 7/5/2012 9:43:41 AM - Windows Update
    RP1055: 7/8/2012 1:49:32 PM - Windows Update
    RP1056: 7/11/2012 4:00:12 PM - Windows Update
    RP1057: 7/12/2012 9:37:06 AM - Windows Update
    RP1058: 7/16/2012 11:46:06 AM - Windows Update
    RP1059: 7/17/2012 10:09:59 AM - Installed Garmin Lifetime Updater
    RP1060: 7/23/2012 10:42:08 AM - Windows Update
    RP1061: 7/27/2012 8:57:00 AM - Windows Update
    RP1062: 7/31/2012 8:31:46 AM - Windows Update
    RP1063: 8/3/2012 9:15:17 AM - Windows Update
    RP1064: 8/6/2012 4:02:43 PM - Windows Update
    RP1065: 8/9/2012 6:32:56 PM - Windows Update
    RP1066: 8/13/2012 9:55:51 AM - Windows Update
    RP1067: 8/15/2012 10:08:12 AM - Windows Update
    RP1068: 8/20/2012 8:05:26 AM - Windows Update
    RP1069: 8/24/2012 9:17:53 AM - Windows Update
    RP1070: 8/27/2012 3:59:47 PM - Windows Update
    RP1071: 8/28/2012 10:02:10 AM - Created by PC Tools Registry Mechanic
    RP1072: 9/1/2012 8:16:43 AM - Windows Update
    RP1073: 9/4/2012 8:54:36 AM - Windows Update
    RP1074: 9/6/2012 12:57:11 PM - Removed Symantec AntiVirus
    RP1075: 9/12/2012 9:22:31 AM - Created by PC Tools Registry Mechanic
    RP1076: 9/12/2012 9:24:25 AM - Created by PC Tools Registry Mechanic
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    123 Free Solitaire
    1999 TurboTax for Business
    2000 TurboTax for Business
    Acoustica CD/DVD Label Maker
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player Plugin
    Adobe Media Player
    Adobe Reader 9.5.2
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Ashampoo WinOptimizer 4.41
    AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
    BlackBerry Device Software Updater
    Brother MFL-Pro Suite MFC-5895CW
    Business Contact Manager for Outlook 2007 SP2
    CameraHelperMsi
    CheckIt Diagnostics
    Compatibility Pack for the 2007 Office system
    Core FTP LE 2.0
    CyberLink LabelPrint
    CyberLink MediaShow
    CyberLink Power2Go
    CyberLink PowerDirector
    D3DX10
    erLT
    Garmin Lifetime Updater
    Garmin USB Drivers
    Garmin WebUpdater
    Gateway Games
    Gateway Recovery Management
    GearDrvs
    Genesis One DPM
    getPlus(R)_ocx
    GoToMeeting/GoToWebinar 3.0.0.198
    hp instant support
    HP Photo Printing Software
    Iomega Software
    iPIX Netscape Plugin Viewer
    Java 2 Runtime Environment, SE v1.4.0_01
    Java 2 Runtime Environment, SE v1.4.0_03
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_15
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Junk Mail filter update
    KB0817 Keyboard Driver
    List Builder Add-in for Microsoft Office Publisher 2003
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    MarketResearch
    MediaFACE 5.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliPoint 5.1
    Microsoft IntelliType Pro 5.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Sounds
    Microsoft Office Suite Activation Assistant
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Media Content
    Microsoft Office XP Media Content Deluxe
    Microsoft Picture It! Photo 7.0
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows Journal Viewer
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Move Media Player
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSN Music Assistant
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetObjects Fusion 11.0
    NetObjects Fusion 12.0
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Windows 2000/XP Display Drivers
    PC Pitstop Exterminate2 2.0
    PDFCreator
    Photo Viewer
    PICVideo Codecs
    Presto! ImageFolio LE
    Presto! PageManager
    Presto! PageType
    Presto! PhotoAlbum
    Publisher WordArt Compatibility Add-In
    QuickTime
    RealDownload
    RealPlayer
    Realtek Card Reader
    Realtek High Definition Audio Driver
    SafeCast Shared Components
    ScanSoft PaperPort 11
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype&#8482; 4.1
    SmartCopy
    SmartLauncher
    Solitaire Riches
    Sonic CinePlayer DVD Pack
    Spelling Dictionaries Support For Adobe Reader 9
    Stomp Backup MyPC 4.71
    Symantec AntiVirus
    TBS Montego II
    TBS Montego II Application
    TurboTax 2008
    TurboTax 2008 WinBizFedFormset
    TurboTax 2008 WinBizProgramHelp
    TurboTax 2008 WinBizReleaseEngine
    TurboTax 2008 WinBizTaxSupport
    TurboTax 2008 WinBizUserEducation
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 woriper
    TurboTax 2008 worsbpm
    TurboTax 2008 wrapper
    TurboTax Audit Support Center 3.0
    TurboTax Business 2005
    TurboTax Business 2006
    TurboTax Business 2007
    TurboTax Business 2008
    TurboTax Deluxe 2007
    TurboTax Premier 2005
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Upgrade Kit
    VIEW-NETEZ-Install
    Viewpoint Manager (Remove Only)
    Visual C++ 8.0 Runtime Setup Package (x64)
    VuePrint
    WebEx
    WebFldrs XP
    Winamp (remove only)
    Windows 7 Upgrade Advisor
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinZip 11.2
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2012 10:04:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/7/2012 7:29:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/7/2012 7:18:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/7/2012 5:53:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 9:49:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 9:46:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 9:39:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 9:23:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 9:22:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 12:58:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 12:41:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 12:32:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 12:29:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:43:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:40:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:35:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:35:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:28:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:22:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:05:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/6/2012 1:02:39 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/6/2012 1:02:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/6/2012 1:02:36 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/6/2012 1:00:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/5/2012 12:07:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/12/2012 9:18:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/12/2012 10:28:34 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/12/2012 10:28:34 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/12/2012 10:27:45 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/12/2012 10:27:40 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    9/12/2012 10:27:40 AM, Error: Service Control Manager [7023] - The Business Contact Manager SQL Server Startup Service service terminated with the following error: %%-2147023836
    9/12/2012 10:12:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1079.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/11/2012 8:37:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/11/2012 5:22:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/11/2012 10:06:45 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    9/10/2012 8:50:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/10/2012 5:43:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/10/2012 5:33:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.621.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    .
    ==== End Of File ===========================

    --------------------------------------- aswMBR LOG -----------------------------
    To follow. It's taking forever to scan the following:

    c:/users/Greg/AppData/Local/Microsoft/Windows Live/Installer/Catelog/w.... (can't see the rest). Once it's done, I'll post it as a follow-up.

    Thanks...
     
  9. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Yes when it is complete it will say Scanning Complete and will create a log on your Desktop as well. :)
     
  10. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    Here are the results of the aswMBR scan:

    ------------------------------ aswMBR SCAN -----------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-12 13:37:44
    -----------------------------
    13:37:44.230 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:37:44.230 Number of processors: 4 586 0x1707
    13:37:44.230 ComputerName: GREG-PC UserName: Greg
    13:37:45.977 Initialize success
    13:37:52.904 AVAST engine defs: 12091200
    13:38:48.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
    13:38:48.237 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
    13:38:48.315 Disk 0 MBR read successfully
    13:38:48.315 Disk 0 MBR scan
    13:38:48.393 Disk 0 Windows 7 default MBR code
    13:38:48.424 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
    13:38:48.471 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 595472 MB offset 30734336
    13:38:48.674 Disk 0 scanning C:\Windows\system32\drivers
    13:39:11.902 Service scanning
    13:39:42.977 Modules scanning
    13:39:42.977 Disk 0 trace - called modules:
    13:39:42.993 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
    13:39:42.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a0a790]
    13:39:42.993 3 CLASSPNP.SYS[fffff88000daa43f] -> nt!IofCallDriver -> [0xfffffa80074c3040]
    13:39:43.009 5 ACPI.sys[fffff88000d5d7a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80074c3840]
    13:39:45.037 AVAST engine scan C:\Windows
    13:40:01.354 AVAST engine scan C:\Windows\system32
    13:44:17.803 AVAST engine scan C:\Windows\system32\drivers
    13:44:32.576 AVAST engine scan C:\Users\Greg
    15:02:06.338 AVAST engine scan C:\ProgramData
    15:04:09.823 Scan finished successfully
    15:13:52.234 Disk 0 MBR has been saved successfully to "C:\Users\Greg\Downloads\MBR.dat"
    15:13:52.296 The log file has been saved successfully to "C:\Users\Greg\Downloads\aswMBR.txt"

    Thanks...
     
  11. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Good job!

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

    Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

    If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

    If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
    ----------

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
    ----------
     
  12. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    Hi,

    I ran ComboFix.exe, and when it was done, rebooted. All of a sudden my firewall is on, I just got 6 windows updates, and I can update MSE. Do you think all is well here?
     
  13. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    Sorry, didn't post the file. Here you go:

    ---------------------- COMBOFIX REPORT -------------------------------
    ComboFix 12-09-12.03 - Greg 09/12/2012 17:09:00.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4968 [GMT -7:00]
    Running from: c:\users\Greg\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\index.htm
    C:\install.exe
    c:\program files (x86)\msoffice
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Brick Wall.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Club Deco.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Fancy Green Patterns.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Granite Edifice.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Leaves on the Side.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\MSCREATE.DIR
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Off Yellow Bookcover.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Stained Glass on Side.lnk
    c:\program files (x86)\msoffice\Clipart\Backgrounds\Wheat.lnk
    c:\program files (x86)\msoffice\Clipart\Bullets\3D Diamond.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\Black Dash.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\Green and Black Diamond.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\Green Ball.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\Metallic Orb.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\MSCREATE.DIR
    c:\program files (x86)\msoffice\Clipart\Bullets\Pebble.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\Red Swirl.gif
    c:\program files (x86)\msoffice\Clipart\Bullets\Stained Glass Ball.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Autumn Leaves.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Colorful Stone Stripe.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Etched Double Line.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Green and Black Stripe.gif
    c:\program files (x86)\msoffice\Clipart\Lines\MSCREATE.DIR
    c:\program files (x86)\msoffice\Clipart\Lines\Neighborhood.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Over Under.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Row of Pebbles.gif
    c:\program files (x86)\msoffice\Clipart\Lines\Stained Glass Line.gif
    c:\program files (x86)\msoffice\Clipart\MSCREATE.DIR
    c:\program files (x86)\msoffice\Clipart\Popular\AGREE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMCONFUS.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMDISAST.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMHAPPY.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMIDEA.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMORGANI.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMPROBLE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMVICTOR.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\AMWIN.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS1.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS2.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS3.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS4.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS5.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS6.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS7.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWS8.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\ARROWSGN.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\BANDAID.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\BEARTRAP.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\BOMB.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\BRICK.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\BUILDING.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\CAR.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\CHAMPGNE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\CHECKMRK.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\CLAP.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\CLOCK.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\COINS.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DARTS.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DESTRYER.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DICE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DIPLOMA.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DOMINOES.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DONKEY.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DOOR.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DOVE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\DYNAMITE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\EXAMINE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\FISTSLAM.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\FLOWER.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\HAMMER.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\HATECOMP.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\HNDSHAK1.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\HNDSHAK2.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\HNDSHAK3.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\JETPLANE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\JIGSAW.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\KEY.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\LIGHT.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\LION.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\LOCK.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MAGICHAT.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MAGNIFY.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MEETING.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MEETING2.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MONEY.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MONEYBAG.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\MSCREATE.DIR
    c:\program files (x86)\msoffice\Clipart\Popular\OILDRILL.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\OPENHAND.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\POP97.CAG
    c:\program files (x86)\msoffice\Clipart\Popular\PTRUP.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\RABBIT.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\RIBBON.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\RUNNER.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\SAILBOAT.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\SCALES.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\SHARK.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\SOCCER.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\STAR.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\STOP.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\STOPLGHT.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\TENNIS.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\THUMBDN.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\TRIUMPH.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\TROPHY.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\TURTLE.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\WEARHAT.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\WHATNOW.WMF
    c:\program files (x86)\msoffice\Clipart\Popular\YINYANG.WMF
    c:\program files (x86)\msoffice\Microsoft Excel Setup.lnk
    c:\program files (x86)\msoffice\Microsoft Excel.lnk
    c:\program files (x86)\msoffice\Microsoft Outlook.lnk
    c:\program files (x86)\msoffice\Microsoft Query.lnk
    c:\program files (x86)\msoffice\Microsoft Word Setup.lnk
    c:\program files (x86)\msoffice\Microsoft Word.lnk
    c:\program files (x86)\msoffice\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Actors\CLIPPIT.ACT
    c:\program files (x86)\msoffice\Office\Actors\LOGO.ACT
    c:\program files (x86)\msoffice\Office\Actors\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Actors\POWERPUP.ACT
    c:\program files (x86)\msoffice\Office\Actors\TOFFLOGO.ACT
    c:\program files (x86)\msoffice\Office\Addins\ACTIVEEX.DLL
    c:\program files (x86)\msoffice\Office\Addins\AWFEXT.ECF
    c:\program files (x86)\msoffice\Office\Addins\CCMXP.ECF
    c:\program files (x86)\msoffice\Office\Addins\CSERVE.ECF
    c:\program files (x86)\msoffice\Office\Addins\DLGSETP.ECF
    c:\program files (x86)\msoffice\Office\Addins\DUMPSTER.DLL
    c:\program files (x86)\msoffice\Office\Addins\DUMPSTER.ECF
    c:\program files (x86)\msoffice\Office\Addins\EMSUIX.ECF
    c:\program files (x86)\msoffice\Office\Addins\EMSUIX2.ECF
    c:\program files (x86)\msoffice\Office\Addins\ESCONF.DLL
    c:\program files (x86)\msoffice\Office\Addins\EXCHANGE.DSM
    c:\program files (x86)\msoffice\Office\Addins\FORMPSHT.ECF
    c:\program files (x86)\msoffice\Office\Addins\FRMRDRCT.DLL
    c:\program files (x86)\msoffice\Office\Addins\FRMRDRCT.ECF
    c:\program files (x86)\msoffice\Office\Addins\MAIL3.ECF
    c:\program files (x86)\msoffice\Office\Addins\MINET.ECF
    c:\program files (x86)\msoffice\Office\Addins\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Addins\MSFSMENU.ECF
    c:\program files (x86)\msoffice\Office\Addins\MSFSPROP.ECF
    c:\program files (x86)\msoffice\Office\Addins\MSN.ECF
    c:\program files (x86)\msoffice\Office\Addins\MSSPC.ECF
    c:\program files (x86)\msoffice\Office\Addins\MTMOLMNU.ECF
    c:\program files (x86)\msoffice\Office\Addins\NMEXCHEX.ECF
    c:\program files (x86)\msoffice\Office\Addins\OLMENU.ECF
    c:\program files (x86)\msoffice\Office\Addins\PMAILEXT.ECF
    c:\program files (x86)\msoffice\Office\Addins\RWIZ1.ECF
    c:\program files (x86)\msoffice\Office\Addins\SCRPTXTN.DLL
    c:\program files (x86)\msoffice\Office\Addins\SCRPTXTN.ECF
    c:\program files (x86)\msoffice\Office\Borders\MSART1.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART10.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART11.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART12.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART13.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART14.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART15.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART2.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART3.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART4.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART5.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART6.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART7.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART8.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSART9.BDR
    c:\program files (x86)\msoffice\Office\Borders\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\BSH32.WLL
    c:\program files (x86)\msoffice\Office\Convert\ACT.SAM
    c:\program files (x86)\msoffice\Office\Convert\ACT3.SAM
    c:\program files (x86)\msoffice\Office\Convert\DELIMDOS.FAE
    c:\program files (x86)\msoffice\Office\Convert\DELIMWIN.FAE
    c:\program files (x86)\msoffice\Office\Convert\DESKSAM.SAM
    c:\program files (x86)\msoffice\Office\Convert\ECCO.SAM
    c:\program files (x86)\msoffice\Office\Convert\LOCALDV.DLL
    c:\program files (x86)\msoffice\Office\Convert\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Convert\ODBC.SAM
    c:\program files (x86)\msoffice\Office\Convert\OL.SAM
    c:\program files (x86)\msoffice\Office\Convert\OLADD.FAE
    c:\program files (x86)\msoffice\Office\Convert\OLAPPT.FAE
    c:\program files (x86)\msoffice\Office\Convert\OLJRNL.FAE
    c:\program files (x86)\msoffice\Office\Convert\OLMAIL.FAE
    c:\program files (x86)\msoffice\Office\Convert\OLNOTE.FAE
    c:\program files (x86)\msoffice\Office\Convert\OLTASK.FAE
    c:\program files (x86)\msoffice\Office\Convert\ORG11.SAM
    c:\program files (x86)\msoffice\Office\Convert\ORG21.SAM
    c:\program files (x86)\msoffice\Office\Convert\ORG97.SAM
    c:\program files (x86)\msoffice\Office\Convert\PAB.SAM
    c:\program files (x86)\msoffice\Office\Convert\RM.DLL
    c:\program files (x86)\msoffice\Office\Convert\SC2.SAM
    c:\program files (x86)\msoffice\Office\Convert\SIDEKICK.SAM
    c:\program files (x86)\msoffice\Office\Convert\TRANSMGR.DLL
    c:\program files (x86)\msoffice\Office\CONVERT8.DLL
    c:\program files (x86)\msoffice\Office\CUSTOM.DIC
    c:\program files (x86)\msoffice\Office\CUSTOMER.DBF
    c:\program files (x86)\msoffice\Office\DLGSETP.DLL
    c:\program files (x86)\msoffice\Office\EMAIL.DOT
    c:\program files (x86)\msoffice\Office\EMPLOYEE.DBF
    c:\program files (x86)\msoffice\Office\EULA8.CNT
    c:\program files (x86)\msoffice\Office\EULA8.HLP
    c:\program files (x86)\msoffice\Office\EULAOEM.CNT
    c:\program files (x86)\msoffice\Office\EULAOEM.HLP
    c:\program files (x86)\msoffice\Office\Examples\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Examples\SAMPLES.XLS
    c:\program files (x86)\msoffice\Office\Examples\Solver\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Examples\Solver\SOLVSAMP.XLS
    c:\program files (x86)\msoffice\Office\Examples\Test.doc
    c:\program files (x86)\msoffice\Office\EXCEL.EXE
    c:\program files (x86)\msoffice\Office\EXCEL8.OLB
    c:\program files (x86)\msoffice\Office\EXCEL8.SRG
    c:\program files (x86)\msoffice\Office\EXCHCSP.DLL
    c:\program files (x86)\msoffice\Office\EXCHNG.HLP
    c:\program files (x86)\msoffice\Office\FILTERS.TXT
    c:\program files (x86)\msoffice\Office\FINDER.EXE
    c:\program files (x86)\msoffice\Office\FINDFAST.CNT
    c:\program files (x86)\msoffice\Office\FINDFAST.EXE
    c:\program files (x86)\msoffice\Office\FINDFAST.HLP
    c:\program files (x86)\msoffice\Office\FLAME.DOT
    c:\program files (x86)\msoffice\Office\Forms\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Forms\POSTL.ICO
    c:\program files (x86)\msoffice\Office\Forms\POSTS.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDCNCLL.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDCNCLS.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDREQL.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDREQS.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDRESNL.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDRESNS.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDRESPL.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDRESPS.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDRESTL.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCDRESTS.ICO
    c:\program files (x86)\msoffice\Office\Forms\SCHDCNCL.CFG
    c:\program files (x86)\msoffice\Office\Forms\SCHDREQ.CFG
    c:\program files (x86)\msoffice\Office\Forms\SCHDRESN.CFG
    c:\program files (x86)\msoffice\Office\Forms\SCHDRESP.CFG
    c:\program files (x86)\msoffice\Office\Forms\SCHDREST.CFG
    c:\program files (x86)\msoffice\Office\GR8409.DLL
    c:\program files (x86)\msoffice\Office\GR8GALRY.GRA
    c:\program files (x86)\msoffice\Office\GRAPH8.AW
    c:\program files (x86)\msoffice\Office\GRAPH8.CNT
    c:\program files (x86)\msoffice\Office\GRAPH8.EXE
    c:\program files (x86)\msoffice\Office\GRAPH8.HLP
    c:\program files (x86)\msoffice\Office\GRAPH8.OLB
    c:\program files (x86)\msoffice\Office\GRAPH8.SRG
    c:\program files (x86)\msoffice\Office\GRINTL32.DLL
    c:\program files (x86)\msoffice\Office\Headers\APPTHDR.HTM
    c:\program files (x86)\msoffice\Office\Headers\APPTHDR.RTF
    c:\program files (x86)\msoffice\Office\Headers\APPTHDR.USA
    c:\program files (x86)\msoffice\Office\Headers\APPTHDR.USH
    c:\program files (x86)\msoffice\Office\Headers\FORWARD.HTM
    c:\program files (x86)\msoffice\Office\Headers\FORWARD.RTF
    c:\program files (x86)\msoffice\Office\Headers\FORWARD.USA
    c:\program files (x86)\msoffice\Office\Headers\FORWARD.USH
    c:\program files (x86)\msoffice\Office\Headers\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Headers\POST.HTM
    c:\program files (x86)\msoffice\Office\Headers\POST.RTF
    c:\program files (x86)\msoffice\Office\Headers\POST.USA
    c:\program files (x86)\msoffice\Office\Headers\POST.USH
    c:\program files (x86)\msoffice\Office\Headers\REPLY.HTM
    c:\program files (x86)\msoffice\Office\Headers\REPLY.RTF
    c:\program files (x86)\msoffice\Office\Headers\REPLY.USA
    c:\program files (x86)\msoffice\Office\Headers\REPLY.USH
    c:\program files (x86)\msoffice\Office\Headers\TASKHDR.HTM
    c:\program files (x86)\msoffice\Office\Headers\TASKHDR.RTF
    c:\program files (x86)\msoffice\Office\Headers\TASKHDR.USA
    c:\program files (x86)\msoffice\Office\Headers\TASKHDR.USH
    c:\program files (x86)\msoffice\Office\HIGHTECH.DOT
    c:\program files (x86)\msoffice\Office\HLINK.SRG
    c:\program files (x86)\msoffice\Office\HTML.DOT
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET1.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET2.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET3.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET4.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET5.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET6.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET7.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\BULLET8.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE1.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE2.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE3.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE4.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE5.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE6.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE7.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE8.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\LINE9.GIF
    c:\program files (x86)\msoffice\Office\HTML\Dialogs\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\HTML\HTML.WLL
    c:\program files (x86)\msoffice\Office\HTML\HTMLMARQ.OCX
    c:\program files (x86)\msoffice\Office\HTML\HTMLMM.OCX
    c:\program files (x86)\msoffice\Office\HTML\HTMLVIEW.DOT
    c:\program files (x86)\msoffice\Office\HTML\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\HTML\WDHTML8.AW
    c:\program files (x86)\msoffice\Office\HTML\WDHTML8.CNT
    c:\program files (x86)\msoffice\Office\HTML\WDHTML8.HLP
    c:\program files (x86)\msoffice\Office\IMPMAIL.DLL
    c:\program files (x86)\msoffice\Office\JOURNAL.SRG
    c:\program files (x86)\msoffice\Office\Library\ACCLINK.XLA
    c:\program files (x86)\msoffice\Office\Library\Analysis\ANALYS32.XLL
    c:\program files (x86)\msoffice\Office\Library\Analysis\ATPVBAEN.XLA
    c:\program files (x86)\msoffice\Office\Library\Analysis\FUNCRES.XLA
    c:\program files (x86)\msoffice\Office\Library\Analysis\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Library\Analysis\PROCDB.XLA
    c:\program files (x86)\msoffice\Office\Library\AUTOSAVE.XLA
    c:\program files (x86)\msoffice\Office\Library\BSHXL.XLA
    c:\program files (x86)\msoffice\Office\Library\COMMON.XLS
    c:\program files (x86)\msoffice\Office\Library\EXPDB.XLS
    c:\program files (x86)\msoffice\Office\Library\FILECONV.XLA
    c:\program files (x86)\msoffice\Office\Library\HTML.XLA
    c:\program files (x86)\msoffice\Office\Library\INVDB.XLS
    c:\program files (x86)\msoffice\Office\Library\LOOKUP.XLA
    c:\program files (x86)\msoffice\Office\Library\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Library\MSQuery\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Library\MSQuery\XLODBC.XLA
    c:\program files (x86)\msoffice\Office\Library\MSQuery\XLODBC32.DLL
    c:\program files (x86)\msoffice\Office\Library\MSQuery\XLQUERY.XLA
    c:\program files (x86)\msoffice\Office\Library\PODB.XLS
    c:\program files (x86)\msoffice\Office\Library\REPORTS.XLA
    c:\program files (x86)\msoffice\Office\Library\Solver\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Library\Solver\SOLVER.XLA
    c:\program files (x86)\msoffice\Office\Library\Solver\SOLVER32.DLL
    c:\program files (x86)\msoffice\Office\Library\SUMIF.XLA
    c:\program files (x86)\msoffice\Office\Library\TMPLTNUM.XLA
    c:\program files (x86)\msoffice\Office\Library\UPDTLINK.XLA
    c:\program files (x86)\msoffice\Office\Library\WEBFORM.XLA
    c:\program files (x86)\msoffice\Office\Library\WZTEMPLT.XLA
    c:\program files (x86)\msoffice\Office\Macros\CONVERT8.WIZ
    c:\program files (x86)\msoffice\Office\Macros\MACROS8.DOT
    c:\program files (x86)\msoffice\Office\Macros\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Macros\SUPPORT8.DOT
    c:\program files (x86)\msoffice\Office\Microsoft Outlook.lnk
    c:\program files (x86)\msoffice\Office\MIDNIGHT.DOT
    c:\program files (x86)\msoffice\Office\MIMEDIR.DLL
    c:\program files (x86)\msoffice\Office\MISC.SRG
    c:\program files (x86)\msoffice\Office\MLSHEXT.DLL
    c:\program files (x86)\msoffice\Office\MSAPPS97.PDF
    c:\program files (x86)\msoffice\Office\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\MSO7ENU.DLL
    c:\program files (x86)\msoffice\Office\MSO7FTP.EXE
    c:\program files (x86)\msoffice\Office\MSO7FTPA.EXE
    c:\program files (x86)\msoffice\Office\MSO7FTPS.EXE
    c:\program files (x86)\msoffice\Office\MSO97.DLL
    c:\program files (x86)\msoffice\Office\MSO97FX.DLL
    c:\program files (x86)\msoffice\Office\MSOC.DLL
    c:\program files (x86)\msoffice\Office\MSOFFICE.SRG
    c:\program files (x86)\msoffice\Office\MSOUTL85.OLB
    c:\program files (x86)\msoffice\Office\MSQRY32.AW
    c:\program files (x86)\msoffice\Office\MSQRY32.CNT
    c:\program files (x86)\msoffice\Office\MSQRY32.EXE
    c:\program files (x86)\msoffice\Office\MSQRY32.HLP
    c:\program files (x86)\msoffice\Office\MSROUTE.DLL
    c:\program files (x86)\msoffice\Office\MSWORD8.OLB
    c:\program files (x86)\msoffice\Office\NEWPROF.EXE
    c:\program files (x86)\msoffice\Office\OCEAN.DOT
    c:\program files (x86)\msoffice\Office\OFFER.MSG
    c:\program files (x86)\msoffice\Office\OFNEW8.CNT
    c:\program files (x86)\msoffice\Office\OFNEW8.HLP
    c:\program files (x86)\msoffice\Office\OFTIP8.HLP
    c:\program files (x86)\msoffice\Office\OLEXCHNG.AW
    c:\program files (x86)\msoffice\Office\OLEXCHNG.CNT
    c:\program files (x86)\msoffice\Office\OLEXCHNG.HLP
    c:\program files (x86)\msoffice\Office\OLKFSTUB.DLL
    c:\program files (x86)\msoffice\Office\OLREADME.TXT
    c:\program files (x86)\msoffice\Office\ORDERS.DBF
    c:\program files (x86)\msoffice\Office\OSA.EXE
    c:\program files (x86)\msoffice\Office\OSAINTL.DLL
    c:\program files (x86)\msoffice\Office\OUTDOM.INF
    c:\program files (x86)\msoffice\Office\OUTFORM.DAT
    c:\program files (x86)\msoffice\Office\OUTL97.PDF
    c:\program files (x86)\msoffice\Office\OUTLAS.DLL
    c:\program files (x86)\msoffice\Office\OUTLBAR.INF
    c:\program files (x86)\msoffice\Office\OUTLCTL.DLL
    c:\program files (x86)\msoffice\Office\OUTLHLP.AW
    c:\program files (x86)\msoffice\Office\OUTLHLP.CNT
    c:\program files (x86)\msoffice\Office\OUTLHLP.DLL
    c:\program files (x86)\msoffice\Office\OUTLHLP.HLP
    c:\program files (x86)\msoffice\Office\OUTLLIB.DLL
    c:\program files (x86)\msoffice\Office\OUTLMIME.DLL
    c:\program files (x86)\msoffice\Office\OUTLNEW.CNT
    c:\program files (x86)\msoffice\Office\OUTLNEW.HLP
    c:\program files (x86)\msoffice\Office\OUTLOOK.EXE
    c:\program files (x86)\msoffice\Office\OUTLOOK.SRG
    c:\program files (x86)\msoffice\Office\OUTLOOK.TXT
    c:\program files (x86)\msoffice\Office\OUTLRPC.DLL
    c:\program files (x86)\msoffice\Office\OUTLSPEC.INI
    c:\program files (x86)\msoffice\Office\OUTLTIP.HLP
    c:\program files (x86)\msoffice\Office\OUTLVBS.DLL
    c:\program files (x86)\msoffice\Office\OUTLWAB.DLL
    c:\program files (x86)\msoffice\Office\OUTLWVW.DLL
    c:\program files (x86)\msoffice\Office\PSS8.CNT
    c:\program files (x86)\msoffice\Office\PSS8.HLP
    c:\program files (x86)\msoffice\Office\PSS85.CNT
    c:\program files (x86)\msoffice\Office\PSS85.HLP
    c:\program files (x86)\msoffice\Office\QRYINT32.DLL
    c:\program files (x86)\msoffice\Office\RAIN.DOT
    c:\program files (x86)\msoffice\Office\RECALL.DLL
    c:\program files (x86)\msoffice\Office\REGMSO.EXE
    c:\program files (x86)\msoffice\Office\REGTLIB.EXE
    c:\program files (x86)\msoffice\Office\RTFHTML.DLL
    c:\program files (x86)\msoffice\Office\SBE97.JFD
    c:\program files (x86)\msoffice\Office\SBFM\AAP.CNT
    c:\program files (x86)\msoffice\Office\SBFM\AAP.HLP
    c:\program files (x86)\msoffice\Office\SBFM\AAPACC.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPBWW.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPDAC.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPGREAT.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPMAS90.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPONE.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPDOS.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPLA44.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPLAT.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPSS.CNT
    c:\program files (x86)\msoffice\Office\SBFM\AAPPSS.HLP
    c:\program files (x86)\msoffice\Office\SBFM\AAPPW35.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPW40.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPW50.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPPWIN.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPQBW.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPQBW40.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPQBW50.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPRDT.ICO
    c:\program files (x86)\msoffice\Office\SBFM\AAPSIM40.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPSIM50.DLL
    c:\program files (x86)\msoffice\Office\SBFM\AAPSIMP.DLL
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\Business Comparison.xlt
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\RMA.MDB
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Business Comparison\Sic Codes.txt
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Create Projection Wizard\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Create Projection Wizard\Projection.exe
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Create Projection Wizard\Projections.xlt
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projected Balance Sheet.xls
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projected Cash Flow.xls
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projected Income Statement.xls
    c:\program files (x86)\msoffice\Office\SBFM\Analysis Tools\Projection Reports\Projection Assumptions.xls
    c:\program files (x86)\msoffice\Office\SBFM\Charts\Balance Sheet Composition.xls
    c:\program files (x86)\msoffice\Office\SBFM\Charts\Cash Flow Trend.xls
    c:\program files (x86)\msoffice\Office\SBFM\Charts\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Charts\Revenue-Expense Trend.xls
    c:\program files (x86)\msoffice\Office\SBFM\Charts\Sales Composition.xls
    c:\program files (x86)\msoffice\Office\SBFM\Database\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Database\Volcano Coffee Company.mdb
    c:\program files (x86)\msoffice\Office\SBFM\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\QBDRIVHK.DLL
    c:\program files (x86)\msoffice\Office\SBFM\README.TXT
    c:\program files (x86)\msoffice\Office\SBFM\Report Workbook.xlt
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Balance Sheet.xls
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Cash Flow.xls
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Changes in Stockholders Equity.xls
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Income Statement.xls
    c:\program files (x86)\msoffice\Office\SBFM\Reports\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Ratios.xls
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Sales Analysis.xls
    c:\program files (x86)\msoffice\Office\SBFM\Reports\Trial Balance.xls
    c:\program files (x86)\msoffice\Office\SBFM\Setup\ACMSETUP.HLP
    c:\program files (x86)\msoffice\Office\SBFM\Setup\COMPLINC.DLL
    c:\program files (x86)\msoffice\Office\SBFM\Setup\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\SBFM\Setup\MSSETUP.DLL
    c:\program files (x86)\msoffice\Office\SBFM\Setup\ODBCKEY.INF
    c:\program files (x86)\msoffice\Office\SBFM\Setup\ODBCSTF.DLL
    c:\program files (x86)\msoffice\Office\SBFM\Setup\OFFSETUP.TTF
    c:\program files (x86)\msoffice\Office\SBFM\Setup\SBFMSTP.DLL
    c:\program files (x86)\msoffice\Office\SBFM\Setup\SBFMSTP.EXE
    c:\program files (x86)\msoffice\Office\SBFM\Setup\SBFMSTP.INF
    c:\program files (x86)\msoffice\Office\SBFM\Setup\sbfmstp.stf
    c:\program files (x86)\msoffice\Office\SBFM\Setup\SETUP.INI
    c:\program files (x86)\msoffice\Office\SBFM\Template.mdb
    c:\program files (x86)\msoffice\Office\SBFM\What-If Workbook.xls
    c:\program files (x86)\msoffice\Office\SBFM\What-If.xla
    c:\program files (x86)\msoffice\Office\SCANLOAD.DLL
    c:\program files (x86)\msoffice\Office\SCANPST.EXE
    c:\program files (x86)\msoffice\Office\SCANPST.HLP
    c:\program files (x86)\msoffice\Office\SCHDMAPI.DLL
    c:\program files (x86)\msoffice\Office\Setup\ACMEWORD.EXE
    c:\program files (x86)\msoffice\Office\Setup\ACMEWORD.LST
    c:\program files (x86)\msoffice\Office\Setup\ACMEXL.EXE
    c:\program files (x86)\msoffice\Office\Setup\ACMEXL.LST
    c:\program files (x86)\msoffice\Office\Setup\Excel97.stf
    c:\program files (x86)\msoffice\Office\Setup\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Setup\outljobs\CORE.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\CPIM.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\EXSVC.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\HELP.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\INFO.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\LOTUS.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\MPI95.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Setup\outljobs\NEWS.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\OFFAS.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\REM97.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\SNDCR.CLT
    c:\program files (x86)\msoffice\Office\Setup\outljobs\XENUS.CLT
    c:\program files (x86)\msoffice\Office\Setup\OUTLOOK.STF
    c:\program files (x86)\msoffice\Office\Setup\Outlook\acmeeng.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\acmsetup.exe
    c:\program files (x86)\msoffice\Office\Setup\Outlook\acmsetup.hlp
    c:\program files (x86)\msoffice\Office\Setup\Outlook\core.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\corepst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\cpim.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\cpimpst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\exsvc.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\exsvcpst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\ffast_bb.dll
    c:\program files (x86)\msoffice\Office\Setup\Outlook\help.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\helppst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\info.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\infopst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\lotus.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\lotuspst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\mpi95.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\mpi95pst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\mssetup.dll
    c:\program files (x86)\msoffice\Office\Setup\Outlook\news.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\newspst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\offas.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\offaspst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\ol98cah.dll
    c:\program files (x86)\msoffice\Office\Setup\Outlook\olmaint.exe
    c:\program files (x86)\msoffice\Office\Setup\Outlook\olmaint.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\Out98Inv.dll
    c:\program files (x86)\msoffice\Office\Setup\Outlook\outsetup.hlp
    c:\program files (x86)\msoffice\Office\Setup\Outlook\rem97.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\rem97pst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\setup.ini
    c:\program files (x86)\msoffice\Office\Setup\Outlook\Setup.tdf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\sndcr.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\sndcrpst.stf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\wmsset32.dll
    c:\program files (x86)\msoffice\Office\Setup\Outlook\xenus.inf
    c:\program files (x86)\msoffice\Office\Setup\Outlook\xenuspst.stf
    c:\program files (x86)\msoffice\Office\Setup\Word97.stf
    c:\program files (x86)\msoffice\Office\Setup\WRD97INV.DLL
    c:\program files (x86)\msoffice\Office\Setup\XL97INV.DLL
    c:\program files (x86)\msoffice\Office\STARTUP\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\URGENT.DOT
    c:\program files (x86)\msoffice\Office\VBAGRP8.CNT
    c:\program files (x86)\msoffice\Office\VBAGRP8.HLP
    c:\program files (x86)\msoffice\Office\VBAOFF8.AW
    c:\program files (x86)\msoffice\Office\VBAOFF8.CNT
    c:\program files (x86)\msoffice\Office\VBAOFF8.HLP
    c:\program files (x86)\msoffice\Office\VBAWRD8.AW
    c:\program files (x86)\msoffice\Office\VBAWRD8.CNT
    c:\program files (x86)\msoffice\Office\VBAWRD8.HLP
    c:\program files (x86)\msoffice\Office\VBAXL8.AW
    c:\program files (x86)\msoffice\Office\VBAXL8.CNT
    c:\program files (x86)\msoffice\Office\VBAXL8.HLP
    c:\program files (x86)\msoffice\Office\WDMAIN8.AW
    c:\program files (x86)\msoffice\Office\WDMAIN8.CNT
    c:\program files (x86)\msoffice\Office\WDMAIN8.HLP
    c:\program files (x86)\msoffice\Office\WDNEW8.CNT
    c:\program files (x86)\msoffice\Office\WDNEW8.HLP
    c:\program files (x86)\msoffice\Office\WDREAD8.TXT
    c:\program files (x86)\msoffice\Office\WDTIP8.HLP
    c:\program files (x86)\msoffice\Office\WDWPH8.HLP
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\2-Column Layout.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\3-Column Layout.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\CALENDAR.DOC
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Centered Layout.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Form - Feedback.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Form - Registration.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Form - Survey.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Personal Home Page.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Simple Layout.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\Content\Table of Contents.doc
    c:\program files (x86)\msoffice\Office\Web Page Templates\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Brick Wall.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Club Deco.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Community.dot
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Contemporary.dot
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\ELEGANT.DOT
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Fancy Green Patterns.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\FESTIVE.DOT
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Granite Edifice.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\HARVEST.DOT
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\JAZZY.DOT
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Leaves on the Side.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Off Yellow Bookcover.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\OUTDOORS.DOT
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Professional.dot
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Stained Glass on Side.gif
    c:\program files (x86)\msoffice\Office\Web Page Templates\Styles\Wheat.gif
    c:\program files (x86)\msoffice\Office\WELCOME.MSG
    c:\program files (x86)\msoffice\Office\WINWORD.EXE
    c:\program files (x86)\msoffice\Office\WINWORD8.SRG
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Email.lnk
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Flame.lnk
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Hightech.lnk
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Midnight.lnk
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Ocean.lnk
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Rain.lnk
    c:\program files (x86)\msoffice\Office\WordMail\Favorites\Urgent.lnk
    c:\program files (x86)\msoffice\Office\WordMail\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\WORKFUNC.AW
    c:\program files (x86)\msoffice\Office\WWINTL32.DLL
    c:\program files (x86)\msoffice\Office\WWPAB.CNV
    c:\program files (x86)\msoffice\Office\XL5EN32.OLB
    c:\program files (x86)\msoffice\Office\XL8409.DLL
    c:\program files (x86)\msoffice\Office\XL8GALRY.XLS
    c:\program files (x86)\msoffice\Office\XL97SPEC.INI
    c:\program files (x86)\msoffice\Office\XLCALL32.DLL
    c:\program files (x86)\msoffice\Office\XLHTML.DLL
    c:\program files (x86)\msoffice\Office\XLINTL32.DLL
    c:\program files (x86)\msoffice\Office\XLMACR8.HLP
    c:\program files (x86)\msoffice\Office\XLMAIN8.AW
    c:\program files (x86)\msoffice\Office\XLMAIN8.CNT
    c:\program files (x86)\msoffice\Office\XLMAIN8.HLP
    c:\program files (x86)\msoffice\Office\XLNEW8.CNT
    c:\program files (x86)\msoffice\Office\XLNEW8.HLP
    c:\program files (x86)\msoffice\Office\XLQPW.DLL
    c:\program files (x86)\msoffice\Office\XLREAD8.TXT
    c:\program files (x86)\msoffice\Office\XLStart\MSCREATE.DIR
    c:\program files (x86)\msoffice\Office\XLTIP8.HLP
    c:\program files (x86)\msoffice\Office\XLTMPL8.HLP
    c:\program files (x86)\msoffice\Queries\Detailed Stock Quote by PC Quote, Inc.iqy
    c:\program files (x86)\msoffice\Queries\Dow Jones Stocks by PC Quote, Inc.iqy
    c:\program files (x86)\msoffice\Queries\Get More Web Queries.iqy
    c:\program files (x86)\msoffice\Queries\MSCREATE.DIR
    c:\program files (x86)\msoffice\Queries\Multiple Stock Quotes by PC Quote, Inc.iqy
    c:\program files (x86)\msoffice\Templates\Appointment.oft
    c:\program files (x86)\msoffice\Templates\Contact.oft
    c:\program files (x86)\msoffice\Templates\Legal Pleadings\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Legal Pleadings\Pleading Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Contemporary Fax.dot
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Contemporary Letter.dot
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Elegant Fax.dot
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Elegant Letter.dot
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Envelope Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Fax Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Letter Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Mailing Label Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Professional Fax.dot
    c:\program files (x86)\msoffice\Templates\Letters & Faxes\Professional Letter.dot
    c:\program files (x86)\msoffice\Templates\Mail.oft
    c:\program files (x86)\msoffice\Templates\Memos\Contemporary Memo.dot
    c:\program files (x86)\msoffice\Templates\Memos\Elegant Memo.dot
    c:\program files (x86)\msoffice\Templates\Memos\Memo Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Memos\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Memos\Professional Memo.dot
    c:\program files (x86)\msoffice\Templates\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Normal.dot
    c:\program files (x86)\msoffice\Templates\Other Documents\Contemporary Resume.dot
    c:\program files (x86)\msoffice\Templates\Other Documents\Elegant Resume.dot
    c:\program files (x86)\msoffice\Templates\Other Documents\More Templates and Wizards.dot
    c:\program files (x86)\msoffice\Templates\Other Documents\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Other Documents\Professional Resume.dot
    c:\program files (x86)\msoffice\Templates\Other Documents\Resume Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Outlook\EMAIL.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\FLAME.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\HIGHTECH.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\MIDNIGHT.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Outlook\OCEAN.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\RAIN.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\URGENT.OFT
    c:\program files (x86)\msoffice\Templates\Outlook\While You Were Out.oft
    c:\program files (x86)\msoffice\Templates\Post.oft
    c:\program files (x86)\msoffice\Templates\Publications\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Publications\Newsletter Wizard.wiz
    c:\program files (x86)\msoffice\Templates\Reports\Contemporary Report.dot
    c:\program files (x86)\msoffice\Templates\Reports\Elegant Report.dot
    c:\program files (x86)\msoffice\Templates\Reports\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Reports\Professional Report.dot
    c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\Expense Statement.xlt
    c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\INVOICE.XLT
    c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\Purchase Order.xlt
    c:\program files (x86)\msoffice\Templates\Spreadsheet Solutions\Village Software.xlt
    c:\program files (x86)\msoffice\Templates\Task.oft
    c:\program files (x86)\msoffice\Templates\Web Pages\Blank Web Page.lnk
    c:\program files (x86)\msoffice\Templates\Web Pages\More Cool Stuff.dot
    c:\program files (x86)\msoffice\Templates\Web Pages\MSCREATE.DIR
    c:\program files (x86)\msoffice\Templates\Web Pages\Web Page Wizard.wiz
    c:\program files (x86)\msoffice\WORDSPEC.INI
    c:\users\Greg\AppData\Roaming\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    c:\users\Greg\Documents\~WRL1471.tmp
    c:\users\Greg\Documents\~WRL2099.tmp
    c:\users\Greg\Documents\pub2CF6.tmp
    c:\users\Greg\Documents\pub3E21.tmp
    c:\users\Greg\Documents\pubC66E.tmp
    c:\users\Greg\g2ax_customer_downloadhelper_win32_x86.exe
    c:\users\Greg\g2mdlhlpx.exe
    c:\users\Greg\GoToAssistDownloadHelper.exe
    c:\users\Greg\WINDOWS
    c:\windows\_detmp.2
    c:\windows\_detmp.4
    c:\windows\CDAC13BA.EXE
    c:\windows\CDAC14BA.DLL
    c:\windows\start.exe
    c:\windows\SysWow64\MSVCRT40.1
    c:\windows\SysWow64\regobj.dll
    c:\windows\SysWow64\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\SysWow64\windows.scr
    c:\windows\Web\default.htt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-13 00:19 . 2012-09-13 00:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-09-13 00:19 . 2012-09-13 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-12 16:18 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0643B283-000D-4725-92BA-FC8878B343CA}\mpengine.dll
    2012-09-07 00:23 . 2012-09-07 00:23 -------- d-----w- c:\users\Greg\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-07 00:23 . 2012-09-07 00:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-09-06 20:06 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1857026-0769-4A9F-BEC4-70C3D67E69C4}\gapaengine.dll
    2012-09-06 20:06 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-06 20:05 . 2012-09-06 20:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-09-06 20:05 . 2012-09-06 20:05 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-05 18:54 . 2012-09-05 18:54 -------- d-----w- c:\users\Greg\AppData\Roaming\PC Utility Kit
    2012-09-05 18:54 . 2012-09-05 19:00 -------- d-----w- c:\programdata\PC Utility Kit
    2012-09-05 17:46 . 2012-09-05 17:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-21 00:14 . 2012-08-21 00:14 -------- d-----w- c:\users\Greg\AppData\Roaming\SpeedyPC Software
    2012-08-21 00:14 . 2012-08-21 00:14 -------- d-----w- c:\users\Greg\AppData\Roaming\DriverCure
    2012-08-21 00:14 . 2012-08-21 00:20 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-08-14 16:30 . 2012-08-14 16:30 -------- d-----w- c:\users\Greg\AppData\Local\{6B297404-E62D-11E1-8270-B8AC6F996F26}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-30 20:31 . 2012-04-05 16:43 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-30 20:31 . 2011-05-17 20:35 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 17:08 . 2009-12-09 17:46 62134624 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] .. c:\windows\SysWOW64\msgsvc.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] .. c:\windows\SysWOW64\srsvc.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Greg\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
    "LedKey"="CNYHKey.exe" [2008-04-24 339968]
    "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileAssociate"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    backup=
    path=
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FriendFinder Messenger.lnk]
    backup=c:\windows\pss\FriendFinder Messenger.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-31 11:20 38872 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 01:36 30040 ----a-w- c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
    2008-01-07 22:53 53248 ----a-w- c:\program files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2002-09-26 22:11 372736 ----a-w- c:\windows\System32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-11 19:54 421888 ----a-w- c:\program files (x86)\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2004-04-06 17:19 204845 ----a-w- c:\program files (x86)\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 21:11 25623336 ----a-r- c:\program files (x86)\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-02-22 12:25 144784 ----a-w- c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2004-04-06 17:19 180269 ----a-w- c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "DefWatch"=2 (0x2)
    "NSCService"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "Symantec AntiVirus"=2 (0x2)
    "Symantec Core LC"=2 (0x2)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
    R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
    R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1255736]
    S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2005-08-27 28192]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2009-04-26 90352]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys [2009-06-25 508672]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-06-04 204288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:31]
    .
    2012-09-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eca26dcd-6616-418b-8ceb-47a83fcf43f3.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
    Trusted Zone: netflix.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
    FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\lu2hrwto.default\
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
    .
    .
    ------- File Associations -------
    .
    JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-eRecoveryService - (no file)
    Wow6432Node-HKLM-Run-Mixghost - (no file)
    ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
    MSConfigStartUp-AdobeUpdater - c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
    MSConfigStartUp-Norton SystemWorks - \CfgWiz.exe
    MSConfigStartUp-RegistryMechanic - c:\program files (x86)\Registry Mechanic\RegMech.exe
    MSConfigStartUp-updateMgr - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-CdaC13Ba - c:\windows\CDAC13BA.EXE
    AddRemove-HP Photo Printing Software - c:\program files (x86)\Hewlett-Packard\Photo Printing\Uninstall.isu
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\windows\MHotKey.exe
    c:\windows\ChiFuncExt.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-12 17:39:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-13 00:38
    .
    Pre-Run: 444,475,064,320 bytes free
    Post-Run: 444,673,789,952 bytes free
    .
    - - End Of File - - 3DFBE99510677B9E296552EBB0431B7F
     
  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    No I would not say we are in the clear yet but definitely going in the right direction. :)

    Are you aware your system is set up to run off of a proxy by chance?
    ----------

    FRST

    Download Farbar Recovery Scan Tool64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
    ----------
     
  15. GregBassine

    GregBassine Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    24
    I don't have a flash drive, so I'll run out and get one (operates off any of my USB ports, yes?). Just to be clear. The computer I am using right now is infected. Can I use that computer to download the Farbar Recovery Tool? Also, every time I access this thread, I get a message from IE Security saying that Adobe wants to open some web content. Is it ok to answer yes to the request (the signature says it's from Adobe), or is this still part of the virus? I guess I'm a little hinky now.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068686