Bobc11

Almost everything freezes or crashes

26 posts in this topic

Malwarebytes froze before the log showed up, but it eventually came up after 5 ish minutes.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.04.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Spencer :: COMPAQ-PC [administrator]

5/4/2012 7:00:54 PM

mbam-log-2012-05-04 (19-00-54).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 512284

Time elapsed: 3 hour(s), 17 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files\Cheat Engine 6.1\ceregreset.exe (Spyware.Password) -> Quarantined and deleted successfully.

(end)

A little about the problem here: http://forums.malwar...ndpost&p=547953

dds.scr or dds.com wont run. see below:

[Window Title]

C:\Users\Spencer\Desktop\dds.com

[Content]

This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.

[OK]

Share this post


Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Share this post


Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

When I tried to download dds.pif it was the same as dds.scr.

[Window Title]

C:\Users\Spencer\Desktop\dds.scr

[Content]

This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.

[OK]

I got that when trying to run it.

Share this post


Link to post
Share on other sites

Please try this instead:

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Share this post


Link to post
Share on other sites

OTL logfile created on: 5/6/2012 10:54:42 AM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Spencer\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 28.57% Memory free

6.75 Gb Paging File | 3.02 Gb Available in Paging File | 44.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 286.71 Gb Total Space | 185.55 Gb Free Space | 64.72% Space Free | Partition Type: NTFS

Drive D: | 11.28 Gb Total Space | 1.48 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

Drive F: | 232.88 Gb Total Space | 114.23 Gb Free Space | 49.05% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Spencer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 10:53:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe

PRC - [2012/04/27 16:44:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/03/19 07:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe

PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe

PRC - [2012/03/18 22:05:00 | 000,108,136 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2012/03/16 01:06:50 | 000,537,600 | ---- | M] () -- C:\Program Files\XChat-WDK\xchat.exe

PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/02/07 19:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe

PRC - [2012/02/07 19:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/16 17:24:22 | 000,274,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2011/11/22 18:54:03 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe

PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe

PRC - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2011/09/10 05:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe

PRC - [2011/09/10 05:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe

PRC - [2011/09/09 13:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccsvchst.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2011/01/07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/05/21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe

PRC - [2010/05/21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010/05/21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe

PRC - [2010/05/21 01:56:12 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

PRC - [2010/05/21 01:55:54 | 000,178,736 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-unity-helper.exe

PRC - [2010/05/21 01:55:50 | 002,751,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware.exe

PRC - [2010/05/21 01:55:20 | 014,535,216 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-vmx.exe

PRC - [2010/05/21 00:44:22 | 000,010,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vprintproxy.exe

PRC - [2010/05/21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2008/10/17 05:39:50 | 002,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Invision\mirc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/29 11:08:40 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll

MOD - [2012/04/27 16:44:31 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012/04/11 03:41:09 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll

MOD - [2012/03/16 01:07:06 | 000,009,728 | ---- | M] () -- C:\Program Files\XChat-WDK\plugins\xcupd.dll

MOD - [2012/03/16 01:06:50 | 000,537,600 | ---- | M] () -- C:\Program Files\XChat-WDK\xchat.exe

MOD - [2012/02/15 04:52:14 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll

MOD - [2012/02/15 04:46:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/15 04:46:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/15 04:46:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/02/01 09:23:40 | 000,324,950 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll

MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2011/12/16 17:24:04 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll

MOD - [2011/12/03 21:17:11 | 000,008,704 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll

MOD - [2011/12/03 21:17:11 | 000,007,680 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll

MOD - [2011/12/03 21:17:11 | 000,006,144 | ---- | M] () -- C:\Users\Spencer\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll

MOD - [2011/11/15 04:02:19 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/10/30 13:40:53 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2011/10/28 12:43:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl

MOD - [2011/08/07 08:56:50 | 001,025,536 | ---- | M] () -- C:\Program Files\XChat-WDK\libxml2.dll

MOD - [2011/07/07 17:21:44 | 000,082,555 | ---- | M] () -- C:\Program Files\XChat-WDK\zlib1.dll

MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

MOD - [2011/01/07 20:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2010/12/27 17:46:54 | 001,182,444 | ---- | M] () -- C:\Program Files\XChat-WDK\libcairo-2.dll

MOD - [2010/12/27 14:12:52 | 000,538,324 | ---- | M] () -- C:\Program Files\XChat-WDK\freetype6.dll

MOD - [2010/10/29 16:00:32 | 000,255,488 | ---- | M] () -- C:\Program Files\XChat-WDK\lib\enchant\libenchant_myspell.dll

MOD - [2010/09/29 22:10:54 | 000,103,139 | ---- | M] () -- C:\Program Files\XChat-WDK\libpangocairo-1.0-0.dll

MOD - [2010/09/12 08:57:08 | 000,097,820 | ---- | M] () -- C:\Program Files\XChat-WDK\lib\gtk-2.0\2.10.0\engines\libwimp.dll

MOD - [2010/08/17 15:38:28 | 000,230,529 | ---- | M] () -- C:\Program Files\XChat-WDK\libpng14-14.dll

MOD - [2010/05/21 01:56:38 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll

MOD - [2010/05/21 01:56:28 | 000,141,872 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\liblber.dll

MOD - [2010/05/21 01:56:00 | 000,109,104 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libcds.dll

MOD - [2010/05/21 01:55:54 | 000,346,672 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libcurl.dll

MOD - [2010/05/21 01:55:50 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll

MOD - [2010/05/21 01:55:44 | 000,563,760 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\glibmm-2.4.dll

MOD - [2010/05/21 01:55:42 | 000,056,368 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\sigc-2.0.dll

MOD - [2010/05/21 01:55:36 | 000,260,656 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libldap_r.dll

MOD - [2010/02/05 21:55:06 | 000,279,059 | ---- | M] () -- C:\Program Files\XChat-WDK\libfontconfig-1.dll

MOD - [2009/01/31 22:42:36 | 000,143,096 | ---- | M] () -- C:\Program Files\XChat-WDK\libexpat-1.dll

MOD - [2000/04/06 22:51:10 | 000,044,032 | ---- | M] () -- C:\Invision\Invision\WinAmp\Amp_in.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDHookService)

SRV - [2012/05/04 18:57:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/27 16:44:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/02/07 19:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/11/22 18:54:03 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)

SRV - [2011/10/31 03:05:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/10/30 14:27:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/09/10 05:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)

SRV - [2011/09/09 13:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2011/06/07 15:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360)

SRV - [2011/04/01 21:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)

SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010/05/21 01:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/05/21 01:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/05/21 01:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)

SRV - [2010/05/21 00:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/04/27 17:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- C:\Program Files\Spybot -- (SDHookDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)

DRV - [2012/05/05 10:46:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/05/04 22:49:16 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\ubwlxglg.sys -- (stupru)

DRV - [2012/04/27 20:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120505.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/02/07 19:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV - [2012/02/06 09:42:06 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/02/06 09:42:06 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/01/18 04:00:41 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)

DRV - [2012/01/09 22:52:44 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120505.016\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/01/09 22:52:44 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120505.016\NAVENG.SYS -- (NAVENG)

DRV - [2011/12/19 15:12:00 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV - [2011/12/19 15:11:58 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)

DRV - [2011/12/19 15:11:58 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)

DRV - [2011/12/19 15:11:58 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)

DRV - [2011/12/07 17:05:54 | 000,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bbcap.sys -- (bbcap)

DRV - [2011/11/22 18:54:24 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\gizmodrv.sys -- (GizmoDrv)

DRV - [2011/10/28 20:22:14 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/09/09 15:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys -- (SymNetS)

DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)

DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)

DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)

DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)

DRV - [2010/11/11 19:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2010/05/21 01:56:56 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)

DRV - [2010/05/21 01:56:56 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)

DRV - [2010/05/21 01:55:04 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)

DRV - [2010/05/21 01:53:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV - [2010/05/21 00:40:08 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV - [2010/05/20 22:19:20 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV - [2010/05/20 22:19:20 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)

DRV - [2010/05/20 22:19:20 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV - [2010/04/27 17:41:40 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)

DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)

DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

DRV - [2009/06/22 15:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2008/02/05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 AC 4D 22 D7 27 CD 01 [binary data]

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5

IE - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 21:32:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/03 16:37:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/03/18 22:06:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 16:44:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/28 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Extensions

[2012/05/01 22:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\extensions

[2011/11/14 18:42:04 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

[2011/11/05 18:08:37 | 000,002,469 | ---- | M] () -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\searchplugins\safesearch.xml

[2012/04/27 16:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/27 16:44:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/09 10:14:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/03 10:30:35 | 000,442,706 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 15209 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)

O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)

O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [iSUSPM] -scheduler File not found

O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - HKU\S-1-5-21-2309691462-207129498-3248361963-1001..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()

O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000001] C:\Windows\is-E181S.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A64821-6BF4-42D4-857A-66B9A310CC16}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E754E-3C2A-43C3-A03B-77DD412683A7}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E754E-3C2A-43C3-A03B-77DD412683A7}: NameServer = 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0830805-1F03-4D7E-8761-621B549C499B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A47C34A4-5646-456A-8634-096416A4FD39}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/12/01 22:32:56 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]

O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{088f2bbf-4276-11e1-8288-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{088f2bbf-4276-11e1-8288-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/06 10:53:25 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe

[2012/05/06 10:24:47 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Spencer\Desktop\dds.scr

[2012/05/05 16:15:53 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\LDW

[2012/05/05 10:46:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/05/04 16:10:56 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Spencer\Desktop\dds.com

[2012/05/02 17:32:03 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\TeamViewer

[2012/05/01 18:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2012/04/29 11:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/04/29 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/04/27 16:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/27 16:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/04/25 16:51:17 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Desktop\Backyard Improvement Plans

[2012/04/22 10:39:10 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Documents\Upload

[2012/04/20 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Desktop\HQPlants

[2012/04/17 16:09:55 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Local\{086E6A7A-531E-45FD-96C4-4191E663E804}

[2012/04/11 16:03:51 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/04/11 03:09:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/04/11 03:09:16 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/04/11 03:09:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/04/11 03:09:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/04/11 03:09:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/04/11 03:09:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/04/11 03:00:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/04/11 03:00:49 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/04/10 08:14:21 | 000,000,000 | ---D | C] -- C:\Users\Spencer\Desktop\Peach Canker

[2012/04/09 23:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/04/09 23:35:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/04/09 23:35:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/04/09 23:35:39 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/04/09 23:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2012/05/06 10:56:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/06 10:53:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe

[2012/05/06 10:25:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Spencer\Desktop\dds.scr

[2012/05/05 10:46:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/05/04 22:49:16 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ubwlxglg.sys

[2012/05/04 18:57:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/05/04 18:57:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/05/04 18:56:38 | 000,711,240 | ---- | M] () -- C:\Windows\is-E181S.exe

[2012/05/04 18:56:38 | 000,010,498 | ---- | M] () -- C:\Windows\is-E181S.msg

[2012/05/04 18:56:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/04 18:56:38 | 000,000,441 | ---- | M] () -- C:\Windows\is-E181S.lst

[2012/05/04 16:11:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Spencer\Desktop\dds.com

[2012/05/03 18:14:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/03 18:14:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/03 16:37:47 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job

[2012/05/03 16:37:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/03 16:37:20 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err

[2012/05/03 16:37:03 | 2716,721,152 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/03 10:30:36 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2012/05/03 10:30:35 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/05/01 20:16:03 | 000,001,205 | ---- | M] () -- C:\Users\Spencer\Desktop\cmd.exe.lnk

[2012/05/01 18:07:11 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012/05/01 11:00:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

[2012/05/01 08:27:39 | 000,348,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/04/29 12:15:27 | 000,002,042 | -H-- | M] () -- C:\Users\Spencer\Documents\Default.rdp

[2012/04/29 11:45:56 | 000,001,110 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120429_114554.reg

[2012/04/29 11:45:45 | 000,052,854 | ---- | M] () -- C:\Users\Spencer\Documents\cc_20120429_114540.reg

[2012/04/29 11:41:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/29 10:43:24 | 000,001,827 | ---- | M] () -- C:\Users\Spencer\AppData\Roaming\simplemoneymanager.ini

[2012/04/29 10:41:15 | 000,306,290 | ---- | M] () -- C:\Users\Spencer\Documents\hqplants.amj

[2012/04/26 10:30:37 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120503-103035.backup

[2012/04/19 10:30:32 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120426-103037.backup

[2012/04/13 23:02:49 | 000,075,766 | ---- | M] () -- C:\Users\Spencer\Documents\epach.odt

[2012/04/12 10:30:42 | 000,442,706 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120419-103032.backup

[2012/04/11 22:41:50 | 000,081,874 | ---- | M] () -- C:\Users\Spencer\Documents\Doss Faimly.odt

[2012/04/11 22:34:26 | 000,073,870 | ---- | M] () -- C:\Users\Spencer\Documents\HQPlants Documents.odt

[2012/04/11 03:30:48 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/04/11 03:30:14 | 001,400,698 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\Cat.DB

[2012/04/11 03:25:09 | 000,001,656 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2012/04/11 03:05:43 | 000,739,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/11 03:05:43 | 000,151,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/09 23:35:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012/04/09 23:35:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/04/09 23:35:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/04/09 23:35:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2012/05/04 22:49:16 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ubwlxglg.sys

[2012/05/04 18:56:38 | 000,711,240 | ---- | C] () -- C:\Windows\is-E181S.exe

[2012/05/04 18:56:38 | 000,010,498 | ---- | C] () -- C:\Windows\is-E181S.msg

[2012/05/04 18:56:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/04 18:56:38 | 000,000,441 | ---- | C] () -- C:\Windows\is-E181S.lst

[2012/05/01 20:15:58 | 000,001,205 | ---- | C] () -- C:\Users\Spencer\Desktop\cmd.exe.lnk

[2012/05/01 18:07:11 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012/05/01 18:07:10 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012/05/01 08:27:30 | 000,348,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/04/29 11:45:55 | 000,001,110 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120429_114554.reg

[2012/04/29 11:45:42 | 000,052,854 | ---- | C] () -- C:\Users\Spencer\Documents\cc_20120429_114540.reg

[2012/04/29 11:41:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/13 23:02:47 | 000,075,766 | ---- | C] () -- C:\Users\Spencer\Documents\epach.odt

[2012/04/11 22:34:42 | 000,081,874 | ---- | C] () -- C:\Users\Spencer\Documents\Doss Faimly.odt

[2012/04/11 22:34:24 | 000,073,870 | ---- | C] () -- C:\Users\Spencer\Documents\HQPlants Documents.odt

[2012/04/11 16:03:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/11 03:30:48 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/03/18 21:45:32 | 000,001,656 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2012/02/18 19:05:55 | 000,001,827 | ---- | C] () -- C:\Users\Spencer\AppData\Roaming\simplemoneymanager.ini

[2012/02/12 12:04:44 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012/02/12 12:04:44 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2040.DAT

[2012/02/01 18:01:51 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2012/01/22 09:15:01 | 000,000,600 | ---- | C] () -- C:\Users\Spencer\AppData\Local\PUTTY.RND

[2012/01/16 22:12:53 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2012/01/16 22:12:53 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2012/01/16 22:12:52 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2012/01/16 22:12:52 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2012/01/16 22:12:52 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2011/12/19 21:33:49 | 000,000,095 | ---- | C] () -- C:\Users\Spencer\AppData\Local\fusioncache.dat

[2011/11/30 22:36:17 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2011/11/23 00:06:51 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/11/23 00:06:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/11/14 19:07:42 | 000,016,384 | ---- | C] () -- C:\Users\Spencer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/05 16:01:12 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL

[2011/11/05 08:51:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011/10/30 17:58:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL

[2011/10/30 17:58:16 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI

[2011/10/30 17:58:12 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT

[2011/10/14 22:15:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\phpc.exe

[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 5/6/2012 10:54:42 AM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Spencer\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 28.57% Memory free

6.75 Gb Paging File | 3.02 Gb Available in Paging File | 44.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 286.71 Gb Total Space | 185.55 Gb Free Space | 64.72% Space Free | Partition Type: NTFS

Drive D: | 11.28 Gb Total Space | 1.48 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

Drive F: | 232.88 Gb Total Space | 114.23 Gb Free Space | 49.05% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Spencer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03B78A2B-6750-4864-B887-5D0A7691B4C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{070BAB16-136C-4E3A-9019-2CBBF05AE53F}" = lport=139 | protocol=6 | dir=in | app=system |

"{16433C9A-4797-47E9-8C99-DA57323DE65B}" = lport=445 | protocol=6 | dir=in | app=system |

"{1E66EA7D-AB59-4A95-9730-6903A3EC0D84}" = lport=137 | protocol=17 | dir=in | app=system |

"{2EB2EB01-4BAD-402D-896E-9235502110D9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3FB47F8A-7F3D-48C8-AC3B-4E8D7FCF0A75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{447C8479-6798-4A17-8E4B-A56CA65194B7}" = rport=445 | protocol=6 | dir=out | app=system |

"{46650DBF-7973-4955-905F-18BF52D792E1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{4714518F-2EF5-47D8-811D-09FF679CE3B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4A3055C7-77E1-4828-AB9B-B90D716D1A70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5A709EDE-EDAA-4FCA-82D4-A1691CB601BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{6249C688-92B5-44E7-B5FB-F9A5D9BE518C}" = rport=138 | protocol=17 | dir=out | app=system |

"{77686C1C-92C7-43DE-81F5-C4E2AD1828F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7F26C02C-D95D-4AE3-BF25-0CFB943A8582}" = lport=138 | protocol=17 | dir=in | app=system |

"{81230C68-C49A-4CB7-A778-3219FBCDBAC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{839F5130-BB4E-4016-9349-B4B596D189E5}" = rport=139 | protocol=6 | dir=out | app=system |

"{9047FB1F-D2D2-4356-839D-762886FCD967}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{95FCE36E-A072-4E8D-8641-8C1B96CBC015}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A4C07174-33AA-48CF-AC32-B2D350F89400}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{ACE60D0D-DF42-4A17-8D0E-96F8D47E0964}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C930928F-6B5C-410E-A422-917F35FF483D}" = rport=137 | protocol=17 | dir=out | app=system |

"{D3360DDE-808D-4F4C-98B3-D9C5EBF848EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D600AFF2-E01F-4EBD-9045-94692AFD342A}" = rport=10243 | protocol=6 | dir=out | app=system |

"{EC5B24BB-7C3F-4C2E-BA98-A7673D7CB047}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EE6BA617-0BE6-43B9-8B7B-43A3E831DC98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F59D0ADA-A475-4C05-987B-2D5A08480A94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08C2E9EA-01E7-4DE3-A05F-49D055B6588E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |

"{0C6E88F8-80EC-4CCE-86B8-E863BF22B988}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{211D376B-3F15-48AB-87CD-0E1514605D22}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |

"{2F2C5FEF-EBA0-4843-820D-0A6A1A852CFE}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\install\data\disk1\setup.exe |

"{3809B2F6-F457-4586-AD70-27EF6D70ABD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3AF5EA17-E555-41B4-9D61-33070F4C42DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3B1C067C-7621-4392-9DA7-9ACE411DD860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3F58E7A7-08EC-486A-9315-110DF6577BAB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |

"{4B7ECB67-03B0-441D-A60C-487FC776BD8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4E4012EA-B533-4295-9F3E-4EAF59EEE81F}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |

"{4FE090A0-755C-40EE-A7EA-B6ED6F683AFB}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe |

"{66C1A355-BBC0-4DD4-B52E-B0A746695CCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7D7B858C-6BDE-4082-8568-ED1A1F5DCB4D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{80B0FFA5-3E60-4566-915F-AB015D776054}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{85F23A58-B4D3-47E1-8BC0-C4E70EC3CC54}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{8A11EB3C-1B52-46B5-B0AD-E384C2567B26}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |

"{92B083AD-5A25-4AEB-8441-DBF520E0284F}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |

"{9CC61EE7-4953-4962-B9A5-3DD65CE8A789}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |

"{9E4773CC-E72A-4503-AA58-2F217662B238}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.1\bin\xnaliveproxy.exe |

"{A14723CD-BEB5-4748-9FB4-2FDF3258F636}" = protocol=17 | dir=in | app=c:\users\spencer\appdata\roaming\dropbox\bin\dropbox.exe |

"{A5970757-CAA4-46B1-8FAF-3B10F65F3724}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A7368DD1-C2ED-47A7-98C6-1C9A0009CCC9}" = protocol=6 | dir=in | app=c:\users\spencer\appdata\roaming\dropbox\bin\dropbox.exe |

"{B26E0519-BDF5-425D-805B-C32519126D30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B66F857D-7BD4-4EE2-98F8-A0573F46A52B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |

"{B6BAD3C6-4B76-4CF5-B6BA-603984D067E7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |

"{B742EF41-4829-419C-81D0-5CCD2B2C5E4C}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |

"{B860C31E-DD35-4FF7-937F-DB55A0FC9D89}" = protocol=6 | dir=out | app=system |

"{E6E73279-EF0D-4594-BC42-8F4C2A110CE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8B795AE-2615-494A-9929-FC41D951910E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{ECABEE9B-59E4-4174-938D-358FC900D388}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EF7262E6-7C8C-489B-9F9D-8A0336CEEDFB}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |

"{F2BAE63A-6150-45D0-911A-9FA8620B6FAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F88552DB-4299-42D7-88A6-A279313752DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FB38D306-EE2E-48A5-AE09-E67BED1F6BD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FDE35096-DAB8-4926-BB87-91CEDBCE15C7}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\install\data\disk1\setup.exe |

"TCP Query User{3F2247E6-23A3-4864-947A-71B4111A951F}C:\program files\xchat-wdk\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat-wdk\xchat.exe |

"TCP Query User{8CB13CF6-DEB7-4756-99A0-9D0A25D75DE8}C:\mircbot\mirc.exe" = protocol=6 | dir=in | app=c:\mircbot\mirc.exe |

"TCP Query User{B10A534A-75A7-4892-8B33-6CE563A6040E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{CD801980-5517-4A45-9790-4BC0C3AEF3BD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{0449FDE1-DAA3-4CA7-BD46-B396C5D4BA91}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{3EA2D4B8-B533-4089-B754-891339144D16}C:\program files\xchat-wdk\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat-wdk\xchat.exe |

"UDP Query User{697067B2-249D-4C95-821A-125548A00B3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{C506B4B0-00F9-420D-9473-7714596A6595}C:\mircbot\mirc.exe" = protocol=17 | dir=in | app=c:\mircbot\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)

"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools

"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update

"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2

"{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{3A504FB1-9593-48B4-81AE-D39F37EF7139}" = TortoiseSVN 1.7.3.22386 (32 bit)

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation

"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU

"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack

"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared

"{4E3E9F50-0068-440B-BCD1-DB28AA667BA3}" = PHP 5.3.8

"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{53A29530-55DF-4B19-8C70-066ED22046BD}" = InstallShield 2010 Expansion Pack for Visual Studio 2010

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{611E3800-CE31-4953-8AD4-5657B6EE7ACF}" = Oracle VM VirtualBox 4.1.8

"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)

"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{7E00A9F0-BBCC-4CD2-9310-ECF29D116D01}" = Phalanger 2.1 (October 2011) for .NET 4.0

"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects

"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CE57049-ECC4-4B93-9DCD-74B117592637}" = InstallShield 2010 SP1

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{AF86B015-1024-4C7A-9A79-34624A754E91}" = IntelliStar Emulator

"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)

"{B2C4F577-F756-4897-9B59-60DFBE074F75}" = Simple Money Manager Standard

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser

"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)

"{EC40F18F-1105-4B30-ABBD-6895393F037F}" = WeatherSTAR 4000 emulator

"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1

"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files

"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"7-Zip" = 7-Zip 9.20

"AceMoney Lite_is1" = AceMoney Lite

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AI RoboForm" = RoboForm 7-7-4 (All Users)

"Any Video Converter_is1" = Any Video Converter 3.3.1

"BB FlashBack Express" = BB FlashBack Express

"Bejeweled 31.0" = Bejeweled 3

"CCleaner" = CCleaner

"Cheat Engine 6.1_is1" = Cheat Engine 6.1

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition

"FileZilla Client" = FileZilla Client 3.5.3

"Free PDF Tablet" = Free PDF Tablet 0.1

"Git_is1" = Git version 1.7.9-preview20120201

"Gizmo Central" = Gizmo Central

"GR2Analyst_is1" = GR2Analyst Version 1.71

"HyperCam 2" = HyperCam 2

"Hyperionics DB Toolbar" = Hyperionics DB Toolbar

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Basic)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2

"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU

"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU

"mIRC" = mIRC

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner 3.41

"N360" = Norton 360

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PerformanceTest 7_is1" = PerformanceTest v7.0

"Plants vs. Zombies" = Plants vs. Zombies

"Roadsend Compiler_is1" = Roadsend Compiler 2.0.0

"Roadsend PHP_is1" = Roadsend PHP 2.9.0 beta

"Sandboxie" = Sandboxie 3.64 (32-bit)

"Supermarket Mania 2 1.00" = Supermarket Mania 2 1.00

"TeamViewer 7" = TeamViewer 7

"VMware_Workstation" = VMware Workstation

"WebSite Downloader" = WebSite Downloader 1.1

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"WinRAR archiver" = WinRAR 4.10 beta 2 (32-bit)

"Wireshark" = Wireshark 1.6.4

"xampp" = XAMPP 1.7.7

"XChat-WDK (x86)_is1" = XChat-WDK (x86)

"XChat-WDK Spelling Dictionaries_is1" = XChat-WDK Spelling Dictionaries

"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1

"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

"Xvid Video Codec 1.3.2" = Xvid Video Codec

"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/29/2012 11:46:17 AM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002

Description = The program explorer.exe version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 448 Start

Time: 01cd261b31dd2f20 Termination Time: 30 Application Path: C:\Windows\explorer.exe

Report

Id: 6f7097b1-9212-11e1-85d6-005056c00008

Error - 4/30/2012 5:03:41 PM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: e2c Start

Time: 01cd2618fd304ca0 Termination Time: 120 Application Path: C:\Windows\Explorer.EXE

Report

Id: f3c5a501-9307-11e1-85d6-005056c00008

Error - 4/30/2012 6:44:16 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Gizmo\glauncher-x64.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/30/2012 6:44:38 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Program Files\Microsoft

Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly

Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/1/2012 5:33:21 PM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 11f0 Start

Time: 01cd27e080198c80 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report

Id: 42486f51-93d5-11e1-8c2e-005056c00008

Error - 5/1/2012 6:12:03 PM | Computer Name = Compaq-PC | Source = Application Error | ID = 1000

Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,

time stamp: 0x4d6727a7 Faulting module name: SHELL32.dll, version: 6.1.7601.17755,

time stamp: 0x4f0412de Exception code: 0xc0000005 Fault offset: 0x000b4b21 Faulting

process id: 0x2fd8 Faulting application start time: 0x01cd27e20813c550 Faulting application

path: C:\Windows\explorer.exe Faulting module path: C:\Windows\system32\SHELL32.dll

Report

Id: adbf2b70-93da-11e1-8c2e-005056c00008

Error - 5/3/2012 6:09:53 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Gizmo\glauncher-x64.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/3/2012 6:10:14 PM | Computer Name = Compaq-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Program Files\Microsoft

Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly

Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/4/2012 4:10:03 PM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: b2c Start

Time: 01cd296ca55f37a0 Termination Time: 42 Application Path: C:\Windows\Explorer.EXE

Report

Id: 1e3e4fb1-9625-11e1-85e7-005056c00008

Error - 5/5/2012 10:46:32 AM | Computer Name = Compaq-PC | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.60.0.80 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 4054 Start Time:

01cd2acda98ae1f0 Termination Time: 14 Application Path: C:\Program Files\Malwarebytes'

Anti-Malware\mbam.exe Report Id: 14c8d491-96c1-11e1-85e7-005056c00008

[ System Events ]

Error - 5/1/2012 8:29:28 AM | Computer Name = Compaq-PC | Source = DCOM | ID = 10016

Description =

Error - 5/1/2012 5:15:22 PM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 5/1/2012 5:16:41 PM | Computer Name = Compaq-PC | Source = HTTP | ID = 15005

Description =

Error - 5/1/2012 5:16:42 PM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023

Description = The Web Deployment Agent Service service terminated with the following

error: %%-2146233088

Error - 5/1/2012 5:18:05 PM | Computer Name = Compaq-PC | Source = DCOM | ID = 10016

Description =

Error - 5/3/2012 4:37:21 PM | Computer Name = Compaq-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 4:35:33 PM on ?5/?3/?2012 was unexpected.

Error - 5/3/2012 4:37:41 PM | Computer Name = Compaq-PC | Source = HTTP | ID = 15005

Description =

Error - 5/3/2012 4:37:41 PM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023

Description = The Web Deployment Agent Service service terminated with the following

error: %%-2146233088

Error - 5/3/2012 4:38:42 PM | Computer Name = Compaq-PC | Source = DCOM | ID = 10016

Description =

Error - 5/5/2012 3:02:49 AM | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Error Reporting Service service to connect.

< End of report >

Share this post


Link to post
Share on other sites

There is indeed some malware running here.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

Question: Why did it remove my IntelliStar Emulator Project files?

ComboFix 12-05-07.02 - Spencer 05/07/2012 13:32:38.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3454.2083 [GMT -4:00]

Running from: c:\users\Spencer\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Hyperionics DB Toolbar\tbHElper.dll

c:\users\Spencer\111

c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport.css

c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport.xslt

c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport_Minus.gif

c:\users\Spencer\111\21321\_UpgradeReport_Files\UpgradeReport_Plus.gif

c:\users\Spencer\111\21321\Backup\WindowsApplication2.sln

c:\users\Spencer\111\21321\Backup\WindowsApplication2\Form1.Designer.vb

c:\users\Spencer\111\21321\Backup\WindowsApplication2\Form1.resx

c:\users\Spencer\111\21321\Backup\WindowsApplication2\Form1.vb

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Application.Designer.vb

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Application.myapp

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\AssemblyInfo.vb

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Resources.Designer.vb

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Resources.resx

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Settings.Designer.vb

c:\users\Spencer\111\21321\Backup\WindowsApplication2\My Project\Settings.settings

c:\users\Spencer\111\21321\Backup\WindowsApplication2\WindowsApplication2.vbproj

c:\users\Spencer\111\21321\Backup\WindowsApplication2\WindowsApplication2.vbproj.user

c:\users\Spencer\111\21321\UpgradeLog.XML

c:\users\Spencer\111\21321\WindowsApplication2.sln

c:\users\Spencer\111\21321\WindowsApplication2.suo

c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\1.wmv

c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.pdb

c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.vshost.exe

c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.vshost.exe.manifest

c:\users\Spencer\111\21321\WindowsApplication2\bin\Debug\WindowsApplication2.xml

c:\users\Spencer\111\21321\WindowsApplication2\Form1.Designer.vb

c:\users\Spencer\111\21321\WindowsApplication2\Form1.resx

c:\users\Spencer\111\21321\WindowsApplication2\Form1.vb

c:\users\Spencer\111\21321\WindowsApplication2\My Project\Application.Designer.vb

c:\users\Spencer\111\21321\WindowsApplication2\My Project\Application.myapp

c:\users\Spencer\111\21321\WindowsApplication2\My Project\AssemblyInfo.vb

c:\users\Spencer\111\21321\WindowsApplication2\My Project\Resources.Designer.vb

c:\users\Spencer\111\21321\WindowsApplication2\My Project\Resources.resx

c:\users\Spencer\111\21321\WindowsApplication2\My Project\Settings.Designer.vb

c:\users\Spencer\111\21321\WindowsApplication2\My Project\Settings.settings

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\DesignTimeResolveAssemblyReferencesInput.cache

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\GenerateResource.read.1.tlog

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\GenerateResource.write.1.tlog

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.Form1.resources

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.pdb

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.Resources.resources

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.vbproj.FileListAbsolute.txt

c:\users\Spencer\111\21321\WindowsApplication2\obj\Debug\WindowsApplication2.xml

c:\users\Spencer\111\21321\WindowsApplication2\WindowsApplication2.vbproj

c:\users\Spencer\111\21321\WindowsApplication2\WindowsApplication2.vbproj.user

c:\users\Spencer\111\Intellistar Emulator.sln

c:\users\Spencer\111\Intellistar Emulator\app.config

c:\users\Spencer\111\Intellistar Emulator\ApplicationEvents.cs

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\0s.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\10.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\10.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\10.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\100.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\101.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\102.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\103.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\104.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\105.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\106.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\107.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\108.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\109.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\11.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\11.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\11.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\110.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\111.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\112.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\113.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\114.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\115.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\116.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\117.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\118.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\119.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\12.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\12.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\12.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\120.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\121.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\122.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\123.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\124.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\125.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\126.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\127.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\128.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\129.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\13.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\13.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\13.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\130.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\131.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\132.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\133.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\134.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\135.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\136.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\137.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\138.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\139.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\14.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\14.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\14.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\15.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\15.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\15.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\16.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\16.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\16.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\17.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\17.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\17.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\18.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\18.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\18.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\19.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\19.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\19.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1L.JPG

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\1s.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\20.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\20.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\20.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\21.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\21.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\21.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\22.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\22.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\22.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\23.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\23.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\23.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\24.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\24.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\24.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\25.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\25.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\25.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\26.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\26.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\26.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\27.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\27.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\27.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\28.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\28.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\28.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\29.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\29.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\29.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\2L.JPG

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\30.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\30.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\30.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\31.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\31.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\31.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\32.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\32.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\32.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3200.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\33.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\33.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\33.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\34.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\34.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\34.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\35.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\35.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\36.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\36.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\36.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\37.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\37.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\37.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\38.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\38.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\38.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\39.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\39.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\39.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\3L.JPG

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\40.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\40.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\40.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\41.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\41.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\41.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\42.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\42.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\42.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\43.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\43.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\43.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\44.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\44.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\44.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\45.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\45.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\45.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\46.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\46.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\46.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\47.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\47.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\47.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\48.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\49.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\4L.JPG

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\50.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\51.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\52.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\53.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\54.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\55.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\56.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\57.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\58.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\59.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\5L.JPG

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\6.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\6.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\6.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\60.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\61.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\62.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\63.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\64.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\65.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\66.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\67.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\68.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\69.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\70.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\71.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\72.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\73.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\74.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\75.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\76.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\77.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\78.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\79.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\7DAYFCST.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\8.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\8.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\8.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\80.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\81.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\82.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\83.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\84.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\85.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\86.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\87.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\88.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\89.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\9.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\9.gif

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\9.png

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\90.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\91.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\92.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\93.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\94.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\95.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\96.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\97.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\98.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\99.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\ALERTS.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\AxInterop.WMPLib.dll

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\beep.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blizzard.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Dust.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Sand in the Vicinity.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Sand Nearby.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Sand.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Snow 2.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Blowing Snow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CC_INTRO1.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CC_INTRO2.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CCONDIT.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Clear and Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Clear.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Cloudy and Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Cloudy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\CONFIG.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Drifting Snow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Drizzle & Fog.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Drizzle.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Dust Storm.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\error.txt

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Fair & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Fair.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Foggy Conditions.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\FORECAST.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\forecastTranslation.xml

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Drizzle (1).dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Drizzle (2).dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Rain (1).dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Freezing Rain (2).dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Haze.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Rain & Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Rain & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Sleet & Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Sleet & Thunder.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Sleet.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Snow & Thunder.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Snow & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Snow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Heavy Thunderstorm.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Ice Crystals.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.exe

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.exe.config

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.pdb

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe.config

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe.manifest

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.xml

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\IntelliStar.7z

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Interop.WMPLib.dll

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Drizzle.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Snow & Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Light Snow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\LOCAL_DOPPLER.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\LOCAL_DOPPLER_1.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M1.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M10.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M11.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M12.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M13.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M14.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M15.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M16.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M17.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M18.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M19.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M2.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M20.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M21.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M22.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M23.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M24.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M25.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M26.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M27.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M28.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M29.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M3.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M30.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M31.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M32.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M33.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M34.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M35.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M36.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M37.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M38.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M39.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M4.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M40.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M41.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M42.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M43.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M44.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M45.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M46.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M47.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M48.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M49.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M5.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M50.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M51.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M52.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M53.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M54.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M55.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M56.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M57.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M58.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M59.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M6.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M60.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M61.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M62.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M63.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M64.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M65.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M66.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M67.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M68.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M69.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M7.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M70.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M71.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M72.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M73.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M74.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M75.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M76.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M77.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M78.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M79.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M8.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M80.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M81.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M82.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M83.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M84.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M85.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M86.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M87.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M88.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M89.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M9.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M90.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M91.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M92.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M93.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M94.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M95.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M96.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M97.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M98.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\M99.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Microsoft.DirectX.AudioVideoPlayback.dll

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Mostly Cloudy & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Mostly Cloudy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Partly Cloudy & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Partly Cloudy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Sleet.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Snow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain & Some Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT1.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT2.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT3.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\RCONDIT4.XML

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sand Storm in the Vicinity.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sand Storm.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers & Foggy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers in the Vicinity & Fog.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers in the Vicinity & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers in the Vicinity.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers Nearby.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Showers.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sleet & Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sleet.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Smoke.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow & Freezing Rain.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow & Sleet.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow Flurries.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow Showers.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Snow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Strong Thunderstorm & Hail.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Strong Thunderstorm.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sunny & Windy.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Sunny.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thunder.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thundersleet.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thundersnow.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Thunderstorm.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Windy Conditions.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Wintry Mix & Thunder.dat

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Wintry Mix.dat

c:\users\Spencer\111\Intellistar Emulator\Cleanup.cs

c:\users\Spencer\111\Intellistar Emulator\Cleanup.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog1.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog1.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog2.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog2.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog3.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog3.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog4.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog4.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog5.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog5.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog6.cs

c:\users\Spencer\111\Intellistar Emulator\Dialog6.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\extw.cs

c:\users\Spencer\111\Intellistar Emulator\extw.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\fcst.cs

c:\users\Spencer\111\Intellistar Emulator\Form1.cs

c:\users\Spencer\111\Intellistar Emulator\Form1.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form10.cs

c:\users\Spencer\111\Intellistar Emulator\Form10.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form11.cs

c:\users\Spencer\111\Intellistar Emulator\Form11.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form12.cs

c:\users\Spencer\111\Intellistar Emulator\Form12.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form13.cs

c:\users\Spencer\111\Intellistar Emulator\Form13.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form14.cs

c:\users\Spencer\111\Intellistar Emulator\Form14.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form15.cs

c:\users\Spencer\111\Intellistar Emulator\Form15.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form16.cs

c:\users\Spencer\111\Intellistar Emulator\Form16.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form17.cs

c:\users\Spencer\111\Intellistar Emulator\Form17.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form2.cs

c:\users\Spencer\111\Intellistar Emulator\Form2.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form3.cs

c:\users\Spencer\111\Intellistar Emulator\Form3.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form4.cs

c:\users\Spencer\111\Intellistar Emulator\Form4.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form5.cs

c:\users\Spencer\111\Intellistar Emulator\Form5.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form6.cs

c:\users\Spencer\111\Intellistar Emulator\Form6.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form7.cs

c:\users\Spencer\111\Intellistar Emulator\Form7.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form8.cs

c:\users\Spencer\111\Intellistar Emulator\Form8.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Form9.cs

c:\users\Spencer\111\Intellistar Emulator\Form9.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Intellistar Emulator.csproj

c:\users\Spencer\111\Intellistar Emulator\Intellistar Emulator.suo

c:\users\Spencer\111\Intellistar Emulator\Intellistar Emulator.vbproj.user

c:\users\Spencer\111\Intellistar Emulator\LDL.cs

c:\users\Spencer\111\Intellistar Emulator\LDL.Designer - Copy.cs

c:\users\Spencer\111\Intellistar Emulator\LDL.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Module1.cs

c:\users\Spencer\111\Intellistar Emulator\My Project\Application.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\My Project\AssemblyInfo.cs

c:\users\Spencer\111\Intellistar Emulator\My Project\Resources.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\My Project\Resources.resx

c:\users\Spencer\111\Intellistar Emulator\My Project\Settings.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\AxInterop.WMPLib.dll

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\DesignTimeResolveAssemblyReferencesInput.cache

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\GenerateResource.read.1.tlog

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\GenerateResource.write.1.tlog

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Intellistar Emulator.csproj.FileListAbsolute.txt

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Intellistar Emulator.csproj.ResolveComReference.cache

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Intellistar_Emulator.Resources.resources

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\Interop.WMPLib.dll

c:\users\Spencer\111\Intellistar Emulator\obj\x86\Debug\ResolveAssemblyReference.cache

c:\users\Spencer\111\Intellistar Emulator\Parsing.cs

c:\users\Spencer\111\Intellistar Emulator\Properties\Resources.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Properties\Resources.resx

c:\users\Spencer\111\Intellistar Emulator\Resources\0.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\1.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\10.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\11.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\12.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\12.png

c:\users\Spencer\111\Intellistar Emulator\Resources\13.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\14.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\15.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\15.png

c:\users\Spencer\111\Intellistar Emulator\Resources\16.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\16.png

c:\users\Spencer\111\Intellistar Emulator\Resources\17.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\18.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\19.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\2.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\20.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\21.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\22.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\23.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\24.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\2405805-glassy-blue-exclamation-button.png

c:\users\Spencer\111\Intellistar Emulator\Resources\25.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\26.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\27.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\27355468_27011216_22e2415bcbb0.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\28.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\29.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\3.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\30.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\31.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\32.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\33.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\34.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\36.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\37.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\38.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\39.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\4.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\40.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\41.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\42.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\43.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\44.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\45.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\46.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\47.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\5.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\6.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\7.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\7_Day_Forecast.png

c:\users\Spencer\111\Intellistar Emulator\Resources\7DAYFCST.png

c:\users\Spencer\111\Intellistar Emulator\Resources\8.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\9.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\Alerts.png

c:\users\Spencer\111\Intellistar Emulator\Resources\animated_lightning.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\animated_lightning_left.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\BAKGROUNDA.BMP

c:\users\Spencer\111\Intellistar Emulator\Resources\blue-folder--exclamation.png

c:\users\Spencer\111\Intellistar Emulator\Resources\canstock2816877.png

c:\users\Spencer\111\Intellistar Emulator\Resources\CC.png

c:\users\Spencer\111\Intellistar Emulator\Resources\CC_REG-AL.png

c:\users\Spencer\111\Intellistar Emulator\Resources\CC_REG_ALL_NEW.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Clds.jpeg

c:\users\Spencer\111\Intellistar Emulator\Resources\clear.png

c:\users\Spencer\111\Intellistar Emulator\Resources\clouds.jpg

c:\users\Spencer\111\Intellistar Emulator\Resources\Copy (5) of New_TEMPLATE.png

c:\users\Spencer\111\Intellistar Emulator\Resources\cross-circle.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Current_Conditions.png

c:\users\Spencer\111\Intellistar Emulator\Resources\CurrentConditions_new.png

c:\users\Spencer\111\Intellistar Emulator\Resources\CurrentConditions_new1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\documents.png

c:\users\Spencer\111\Intellistar Emulator\Resources\EXT_FCST_NEW.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Extended Forecast.png

c:\users\Spencer\111\Intellistar Emulator\Resources\flag--exclamation.png

c:\users\Spencer\111\Intellistar Emulator\Resources\flag-gray.png

c:\users\Spencer\111\Intellistar Emulator\Resources\flag-green.png

c:\users\Spencer\111\Intellistar Emulator\Resources\flag-yellow.png

c:\users\Spencer\111\Intellistar Emulator\Resources\forecast.png

c:\users\Spencer\111\Intellistar Emulator\Resources\FORECAST_NEW.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Forecast1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Forecast2.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Getaway forecast.png

c:\users\Spencer\111\Intellistar Emulator\Resources\image_preview.jpeg

c:\users\Spencer\111\Intellistar Emulator\Resources\LDL.png

c:\users\Spencer\111\Intellistar Emulator\Resources\LDL1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\lot8snarration.wav

c:\users\Spencer\111\Intellistar Emulator\Resources\New_Final_CC.png

c:\users\Spencer\111\Intellistar Emulator\Resources\NEW_RAD.png

c:\users\Spencer\111\Intellistar Emulator\Resources\NewFCST.png

c:\users\Spencer\111\Intellistar Emulator\Resources\OrangeLDL1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\radarnarration.wav

c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat.png

c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat2007.png

c:\users\Spencer\111\Intellistar Emulator\Resources\RadarSat20071.png

c:\users\Spencer\111\Intellistar Emulator\Resources\RedLDL1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\REG_ALL.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Reg_All_CC.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Reg_All_CC1.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Regional_Conditions.png

c:\users\Spencer\111\Intellistar Emulator\Resources\RegRadar.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Satellite3-DayBlackFont.png

c:\users\Spencer\111\Intellistar Emulator\Resources\snow-animation2.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\snow-animation21.gif

c:\users\Spencer\111\Intellistar Emulator\Resources\SWA2007.png

c:\users\Spencer\111\Intellistar Emulator\Resources\TEMPLATE.png

c:\users\Spencer\111\Intellistar Emulator\Resources\TF2007.png

c:\users\Spencer\111\Intellistar Emulator\Resources\Thumbs.db

c:\users\Spencer\111\Intellistar Emulator\Resources\TWCBlackBar2.png

c:\users\Spencer\111\Intellistar Emulator\Resources\weekendrectangle.png

c:\users\Spencer\111\Intellistar Emulator\Resources\xl36.wav

c:\users\Spencer\111\Intellistar Emulator\Resources\xl7day.wav

c:\users\Spencer\111\Intellistar Emulator\Resources\xlcc.wav

c:\users\Spencer\111\Intellistar Emulator\Resources\YellowLDL1.png

c:\users\Spencer\111\Intellistar Emulator\Settings.cs

c:\users\Spencer\111\Intellistar Emulator\SplashScreen1.cs

c:\users\Spencer\111\Intellistar Emulator\SplashScreen1.Designer.cs

c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Backup Files\Intellistar Emulator\~AutoRecover.Dialog1.cs

c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Backup Files\Intellistar Emulator\~AutoRecover.Form3.cs

c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Backup Files\Intellistar Emulator\~AutoRecover.Intellistar Emulator.csproj

c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Visualizers\autoexp.cs

c:\users\Spencer\111\Intellistar Emulator\Visual Studio 2010\Visualizers\autoexpce.cs

c:\users\Spencer\AppData\Local\assembly\tmp

c:\users\Spencer\AppData\Local\Minibar

c:\users\Spencer\AppData\Local\Minibar\chrome\background.html

c:\users\Spencer\AppData\Local\Minibar\chrome\cached_http_request.js

c:\users\Spencer\AppData\Local\Minibar\chrome\extension_info.json

c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon128.png

c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon19.png

c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon32.png

c:\users\Spencer\AppData\Local\Minibar\chrome\icons\icon48.png

c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content.js

c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content_kango.js

c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content_messaging.js

c:\users\Spencer\AppData\Local\Minibar\chrome\includes\content_userscript.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango-ui\button.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango-ui\ui.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\browser.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\console.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\event_listener.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\initialize.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\io.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\jsonstorage.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\kango.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\lang.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\messaging.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\userscript_engine.js

c:\users\Spencer\AppData\Local\Minibar\chrome\kango\xhr.js

c:\users\Spencer\AppData\Local\Minibar\chrome\main.js

c:\users\Spencer\AppData\Local\Minibar\chrome\manifest.json

c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\actions.js

c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\cachedxhr.js

c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\config.js

c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\macros.js

c:\users\Spencer\AppData\Local\Minibar\chrome\minibar\minibar.js

c:\users\Spencer\AppData\Local\Minibar\chrome\popup.html

c:\users\Spencer\AppData\Local\Minibar\chrome\popup.js

c:\users\Spencer\AppData\Local\Minibar\chrome\tab.html

c:\users\Spencer\AppData\Local\Minibar\chrome\tab.js

c:\users\Spencer\AppData\Local\Minibar\chrome_installer.js

c:\users\Spencer\AppData\Local\Minibar\common.js

c:\users\Spencer\AppData\Local\Minibar\install.json

c:\users\Spencer\AppData\Local\Minibar\minibar.crx

c:\users\Spencer\AppData\Local\Minibar\sqlite3.exe

c:\users\Spencer\AppData\Local\Minibar\Uninstall.exe

c:\users\Spencer\Spencer

c:\windows\isRS-000.tmp

F:\autorun.inf

F:\setup.exe

f:\ticket-tracker\Ticket-Tracker\bin\Debug\Ticket-Tracker.vshost.exe

.

----- File Replicators -----

.

c:\all emulator stuff\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

c:\all emulator stuff\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

c:\all emulator stuff\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debugg\Intellistar Emulator.vshost.exe

c:\installshield 2010 projects\My Project Name-2\Product Configuration 1\Release 1\DiskImages\DISK1\program files\IntelliStar Emulator\IntelliStar Emulator\Intellistar Emulator.vshost.exe

c:\installshield 2010 projects\My Project Name-2\Product Configuration 1\Release 1\DiskImages\DISK1\program files\IntelliStar Emulator\IntelliStar Emulator\IntelliStar Update.vshost.exe

c:\program files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

c:\program files\Git\libexec\git-core\git-add.exe

c:\program files\Git\libexec\git-core\git-annotate.exe

c:\program files\Git\libexec\git-core\git-apply.exe

c:\program files\Git\libexec\git-core\git-archive.exe

c:\program files\Git\libexec\git-core\git-bisect--helper.exe

c:\program files\Git\libexec\git-core\git-blame.exe

c:\program files\Git\libexec\git-core\git-branch.exe

c:\program files\Git\libexec\git-core\git-bundle.exe

c:\program files\Git\libexec\git-core\git-cat-file.exe

c:\program files\Git\libexec\git-core\git-check-attr.exe

c:\program files\Git\libexec\git-core\git-check-ref-format.exe

c:\program files\Git\libexec\git-core\git-checkout-index.exe

c:\program files\Git\libexec\git-core\git-checkout.exe

c:\program files\Git\libexec\git-core\git-cherry-pick.exe

c:\program files\Git\libexec\git-core\git-cherry.exe

c:\program files\Git\libexec\git-core\git-clean.exe

c:\program files\Git\libexec\git-core\git-clone.exe

c:\program files\Git\libexec\git-core\git-commit-tree.exe

c:\program files\Git\libexec\git-core\git-commit.exe

c:\program files\Git\libexec\git-core\git-config.exe

c:\program files\Git\libexec\git-core\git-count-objects.exe

c:\program files\Git\libexec\git-core\git-describe.exe

c:\program files\Git\libexec\git-core\git-diff-files.exe

c:\program files\Git\libexec\git-core\git-diff-index.exe

c:\program files\Git\libexec\git-core\git-diff-tree.exe

c:\program files\Git\libexec\git-core\git-diff.exe

c:\program files\Git\libexec\git-core\git-fast-export.exe

c:\program files\Git\libexec\git-core\git-fetch-pack.exe

c:\program files\Git\libexec\git-core\git-fetch.exe

c:\program files\Git\libexec\git-core\git-fmt-merge-msg.exe

c:\program files\Git\libexec\git-core\git-for-each-ref.exe

c:\program files\Git\libexec\git-core\git-format-patch.exe

c:\program files\Git\libexec\git-core\git-fsck-objects.exe

c:\program files\Git\libexec\git-core\git-fsck.exe

c:\program files\Git\libexec\git-core\git-gc.exe

c:\program files\Git\libexec\git-core\git-get-tar-commit-id.exe

c:\program files\Git\libexec\git-core\git-grep.exe

c:\program files\Git\libexec\git-core\git-hash-object.exe

c:\program files\Git\libexec\git-core\git-help.exe

c:\program files\Git\libexec\git-core\git-index-pack.exe

c:\program files\Git\libexec\git-core\git-init-db.exe

c:\program files\Git\libexec\git-core\git-init.exe

c:\program files\Git\libexec\git-core\git-log.exe

c:\program files\Git\libexec\git-core\git-ls-files.exe

c:\program files\Git\libexec\git-core\git-ls-remote.exe

c:\program files\Git\libexec\git-core\git-ls-tree.exe

c:\program files\Git\libexec\git-core\git-mailinfo.exe

c:\program files\Git\libexec\git-core\git-mailsplit.exe

c:\program files\Git\libexec\git-core\git-merge-base.exe

c:\program files\Git\libexec\git-core\git-merge-file.exe

c:\program files\Git\libexec\git-core\git-merge-index.exe

c:\program files\Git\libexec\git-core\git-merge-ours.exe

c:\program files\Git\libexec\git-core\git-merge-recursive.exe

c:\program files\Git\libexec\git-core\git-merge-subtree.exe

c:\program files\Git\libexec\git-core\git-merge-tree.exe

c:\program files\Git\libexec\git-core\git-merge.exe

c:\program files\Git\libexec\git-core\git-mktag.exe

c:\program files\Git\libexec\git-core\git-mktree.exe

c:\program files\Git\libexec\git-core\git-mv.exe

c:\program files\Git\libexec\git-core\git-name-rev.exe

c:\program files\Git\libexec\git-core\git-notes.exe

c:\program files\Git\libexec\git-core\git-pack-objects.exe

c:\program files\Git\libexec\git-core\git-pack-redundant.exe

c:\program files\Git\libexec\git-core\git-pack-refs.exe

c:\program files\Git\libexec\git-core\git-patch-id.exe

c:\program files\Git\libexec\git-core\git-peek-remote.exe

c:\program files\Git\libexec\git-core\git-prune-packed.exe

c:\program files\Git\libexec\git-core\git-prune.exe

c:\program files\Git\libexec\git-core\git-push.exe

c:\program files\Git\libexec\git-core\git-read-tree.exe

c:\program files\Git\libexec\git-core\git-receive-pack.exe

c:\program files\Git\libexec\git-core\git-reflog.exe

c:\program files\Git\libexec\git-core\git-remote-ext.exe

c:\program files\Git\libexec\git-core\git-remote-fd.exe

c:\program files\Git\libexec\git-core\git-remote.exe

c:\program files\Git\libexec\git-core\git-replace.exe

c:\program files\Git\libexec\git-core\git-repo-config.exe

c:\program files\Git\libexec\git-core\git-rerere.exe

c:\program files\Git\libexec\git-core\git-reset.exe

c:\program files\Git\libexec\git-core\git-rev-list.exe

c:\program files\Git\libexec\git-core\git-rev-parse.exe

c:\program files\Git\libexec\git-core\git-revert.exe

c:\program files\Git\libexec\git-core\git-rm.exe

c:\program files\Git\libexec\git-core\git-send-pack.exe

c:\program files\Git\libexec\git-core\git-shortlog.exe

c:\program files\Git\libexec\git-core\git-show-branch.exe

c:\program files\Git\libexec\git-core\git-show-ref.exe

c:\program files\Git\libexec\git-core\git-show.exe

c:\program files\Git\libexec\git-core\git-stage.exe

c:\program files\Git\libexec\git-core\git-status.exe

c:\program files\Git\libexec\git-core\git-stripspace.exe

c:\program files\Git\libexec\git-core\git-symbolic-ref.exe

c:\program files\Git\libexec\git-core\git-tag.exe

c:\program files\Git\libexec\git-core\git-tar-tree.exe

c:\program files\Git\libexec\git-core\git-unpack-file.exe

c:\program files\Git\libexec\git-core\git-unpack-objects.exe

c:\program files\Git\libexec\git-core\git-update-index.exe

c:\program files\Git\libexec\git-core\git-update-ref.exe

c:\program files\Git\libexec\git-core\git-update-server-info.exe

c:\program files\Git\libexec\git-core\git-upload-archive.exe

c:\program files\Git\libexec\git-core\git-var.exe

c:\program files\Git\libexec\git-core\git-verify-pack.exe

c:\program files\Git\libexec\git-core\git-verify-tag.exe

c:\program files\Git\libexec\git-core\git-whatchanged.exe

c:\program files\Git\libexec\git-core\git-write-tree.exe

c:\program files\Git\libexec\git-core\git.exe

c:\program files\IntelliStar Emulator\IntelliStar Emulator\Intellistar Emulator.vshost.exe

c:\program files\IntelliStar Emulator\IntelliStar Emulator\IntelliStar Update.vshost.exe

c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\vshost32.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\16707\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\16707\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\16707\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\17407\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\17407\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\17407\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\28313\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\28313\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\28313\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\29690\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\29690\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\29690\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\30973\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\30973\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\30973\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\485\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\485\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.1\485\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\16707\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\16707\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\16707\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\17407\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\17407\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\17407\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\28313\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\28313\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\28313\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\29690\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\29690\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\29690\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\30973\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\30973\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\30973\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\485\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\485\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.1\485\ReaderUpdater.exe

c:\users\Spencer\1\DirectX videoPlayer\bin\Debug\DirectX videoPlayer.vshost.exe

c:\users\Spencer\111\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\DirectX\21\bin\Debug\WindowsApplication3.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\Authentication\Authentication\bin\Debug\Authentication.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\DirectX Video\DirectX Video\bin\Debug\DirectX Video.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\Frost-Detector\Frost-Detector\bin\Debug\Frost-Detector.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\HelloWorld\HelloWorld\bin\Debug\HelloWorld.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\IntelliStar Update\IntelliStar Update\bin\Debug\IntelliStar Update.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\sdmgr.exe\sdmgr.exe\bin\Debug\sdmgr.exe.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\Ticket-Tracker\Ticket-Tracker\bin\Debug\Ticket-Tracker.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\track-it\track-it\bin\Debug\track-it.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\track-it\track-it\bin\Debug\WindowsApplication1.vshost.exe

c:\users\Spencer\Documents\Visual Studio 2010\Projects\WindowsApplication1\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe

c:\users\Spencer\Music\bin\Debug\Intellistar Emulator.vshost.exe

f:\all emulator stuff\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\all emulator stuff\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\backup of gateway\inc\Crapola soft\Crapolasoft Global Bussisness\Crapolasoft Global Bussisness\bin\Debug\Crapolasoft Global Bussisness.vshost.exe

f:\backup of gateway\inc\Emulator Backup\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\backup of gateway\inc\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\backup of gateway\inc\New Folder\Storage\Trakit\Trak-It! Advanced Tracking Software!.vshost.exe

f:\backup of gateway\inc\Projects\GEN\Generate\Generate\bin\Debug\Generate.vshost.exe

f:\backup of gateway\inc\Projects\WFA\WindowsApplication1\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe

f:\gifted\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\gifted\Code\Intellistar Emulator\Intellistar Emulator\bin\Debugg\Intellistar Emulator.vshost.exe

f:\gifted\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\gifted\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\intellistar emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\intellistar emulator\u\Intellistar Emulator.vshost.exe

f:\isrepo\VB\IntelliStar Emulator\Emulator Project\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\isrepo\VB\IntelliStar Emulator\Emulator Project\Intellistar Emulator\bin\Debug\IntelliStar Update.vshost.exe

f:\isrepo\VB\IntelliStar Emulator\Update Projects\IntelliStar Update\IntelliStar Update\bin\Debug\IntelliStar Update.vshost.exe

f:\ticket-tracker\Ticket-Tracker\bin\Debug\Ticket-Tracker.vshost.exe

f:\trip to ag\Emulator\Emulator Project\Code - Copy\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\trip to ag\Emulator\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debug\Intellistar Emulator.vshost.exe

f:\trip to ag\Emulator\Emulator Project\Code\Intellistar Emulator\Intellistar Emulator\bin\Debugg\Intellistar Emulator.vshost.exe

f:\vb\embedded_font\embedded_font\bin\Debug\embedded_font.vshost.exe

f:\vb\Test OS\Test OS\bin\Debug\Test OS.vshost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))

.

.

2012-05-07 17:55 . 2012-05-07 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-06 23:44 . 2012-05-06 23:44 -------- d-----w- c:\program files\QuickTime

2012-05-06 23:44 . 2012-05-06 23:44 -------- d-----w- c:\programdata\Apple Computer

2012-05-06 23:42 . 2012-05-06 23:42 -------- d-----w- c:\users\Spencer\AppData\Local\Apple

2012-05-06 23:42 . 2012-05-06 23:42 -------- d-----w- c:\programdata\Apple

2012-05-06 23:42 . 2012-05-06 23:42 -------- d-----w- c:\program files\Apple Software Update

2012-05-02 21:32 . 2012-05-02 23:27 -------- d-----w- c:\users\Spencer\AppData\Roaming\TeamViewer

2012-05-01 22:06 . 2012-05-01 22:06 -------- d-----w- c:\program files\TeamViewer

2012-04-29 15:41 . 2012-04-29 15:41 -------- d-----w- c:\program files\CCleaner

2012-04-27 20:45 . 2012-04-27 20:45 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-27 20:44 . 2012-04-27 20:44 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-27 20:44 . 2012-04-27 20:44 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-04-11 20:03 . 2012-05-04 22:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-11 07:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-10 03:36 . 2012-04-10 03:36 -------- d-----w- c:\program files\Common Files\Java

2012-04-10 03:35 . 2012-04-10 03:35 -------- d-----w- c:\program files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 22:57 . 2011-10-29 01:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-10 03:35 . 2011-10-30 17:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 19:56 . 2011-12-23 01:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-20 01:08 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-17 05:34 . 2012-03-14 09:43 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 04:14 . 2012-03-14 09:43 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13 . 2012-03-14 09:43 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:38 . 2012-03-14 09:46 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-04-27 20:44 . 2011-10-28 23:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="-scheduler" [X]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 451856]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-19 108136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-11-22 223640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-05-21 129584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]

R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]

R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2011-09-09 1265216]

R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-31 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-02 821880]

S1 GizmoDrv;Gizmo Device Driver; [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120505.001\IDSvix86.sys [2012-04-28 368248]

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [2010-11-16 136312]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [2011-04-21 299640]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]

S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2011-11-22 34728]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-05-21 70704]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-21 539184]

S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-12-07 4096]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 106104]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - MBAMSwissArmy

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:57]

.

2012-05-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-28 19:46]

.

2012-05-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-28 19:46]

.

2012-05-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-28 19:46]

.

.

------- Supplementary Scan -------

.

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{914E754E-3C2A-43C3-A03B-77DD412683A7}: NameServer = 208.67.222.222

FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\1jji5kqh.default\

.

- - - - ORPHANS REMOVED - - - -

.

Notify-SDWinLogon - SDWinLogon.dll

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2309691462-207129498-3248361963-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-07 14:25:25

ComboFix-quarantined-files.txt 2012-05-07 18:25

.

Pre-Run: 194,769,002,496 bytes free

Post-Run: 194,418,552,832 bytes free

.

- - End Of File - - 38FD9EA25EF34A9CDDB07FFA60461AE3

Share this post


Link to post
Share on other sites

Looks like a legit program might have been deleted. Is Intellistar emulator a program you use?

Share this post


Link to post
Share on other sites

Looks like a legit program might have been deleted. Is Intellistar emulator a program you use?

Its a program im writing. If you need proof http://intellistaremulator.x10.mx

(Im The Weather Guy)

Share this post


Link to post
Share on other sites

No proof needed. :) Do you need the deleted files dequarantined or will you be able to just reinstall the program?

How are things running at this point?

Share this post


Link to post
Share on other sites

[Window Title]

explorer.exe

[Content]

The remote procedure call failed and did not execute.

[OK]

Explorer freezes ocasionally and I just got this error.

Share this post


Link to post
Share on other sites

Did you get that error only once or on a regular basis. Can you reboot your computer in safe mode with networking and see if you have the same issues or if explorer runs normally there.

Share this post


Link to post
Share on other sites

Only once, but explorer is still freezing occasionally.

Share this post


Link to post
Share on other sites

Please do a clean boot and let me know if explorer still freezes. If not, enable applications one at a time and see which one causes the freezes.

Share this post


Link to post
Share on other sites

one more thing- The right click freeze thing is back.

Share this post


Link to post
Share on other sites

Please see my previous post and try that. Most likely both issues are related.

Share this post


Link to post
Share on other sites

I have a question, will that process take a long time? If it will is it ok if I wait until the weekend?

Share this post


Link to post
Share on other sites

Setting your system to clean boot doesn't take long, it only takes as much as altering the settings as described and rebooting the computer. :)

Share this post


Link to post
Share on other sites

OK another issue: My pc is canceling all UAC prompts when they appear. csrss.exe is always using 11-50% of the processor.

Starting clean boot thing now.

Share this post


Link to post
Share on other sites

When I went to do a clean boot, the UAC Window was very tall, and I could not see the buttons. I did though get into msconfig. Starting now.

Share this post


Link to post
Share on other sites

Ive enabled back the services I use, and all seems to be running normally, but I will see how it behaves over tomorrow.

2 Things:

Xchat WDK Freezes when opening channels when it is first opened (this has been going on the whole time)

Do I have to re enable other things one by one to see which one specificly which is causing the problem

Share this post


Link to post
Share on other sites

I would try to reinstall XChat and see if that fixes the problem (I think you can export your configuration for autojoin and such so you won't have to set it up afterwards if that is a problem).

Do I have to re enable other things one by one to see which one specificly which is causing the problem
Yes, this may be a bit time consuming but is the best way to proceed.

Share this post


Link to post
Share on other sites

Hey-

Thanks for your help, Im just going to reinstall windows. I can afford to do that on this pc, and have been meaning to. Meanwhile I need to open a thread about a laptop... but anyway, thanks your your help. It is appreciated.

Share this post


Link to post
Share on other sites

That may indeed be the fastest solution for the problem. :)

Good luck to you!

I will request this topic to be closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.