Jump to content

cestmoi1337

Honorary Members
  • Posts

    65
  • Joined

  • Last visited

Everything posted by cestmoi1337

  1. Done. This is all it found: C:\Windows\Installer\{8f1182c6-af1a-7035-2b12-4fc3271a0f44}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined C:\Windows\Installer\{8f1182c6-af1a-7035-2b12-4fc3271a0f44}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Windows\Installer\{8f1182c6-af1a-7035-2b12-4fc3271a0f44}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined C:\Windows\Installer\{8f1182c6-af1a-7035-2b12-4fc3271a0f44}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined F:\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined F:\Downloads\cdbxp_setup_4.4.0.2905.exe Win32/OpenCandy application deleted - quarantined F:\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined F:\Downloads\Launchy2.5.exe Win32/OpenCandy application deleted - quarantined F:\Downloads\registryboosterplc.exe Win32/RegistryBooster application deleted - quarantined F:\Downloads\SoftonicDownloader_for_clipx.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined F:\Downloads\SoftonicDownloader_for_filemenu-tools.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined F:\Downloads\SoftonicDownloader_for_unlocker.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined F:\Downloads\winx-dvd-author.exe a variant of Win32/BHO.OEG trojan deleted - quarantined F:\Downloads\WinSnap 3.5.5\WinSnap 3.5.5 Multilenguaje + Portable By Seba\WinSnap_3.5.5-setup.exe Win32/HiddenStart.A application deleted - quarantined F:\eBooks\Sigil-0.4.2-Windows-x64-Setup.exe Win32/OpenCandy application deleted - quarantined F:\Files\instacodecs.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined F:\Files\instacodecs_2504.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined F:\Files\SUPERsetup.exe Win32/OpenCandy application deleted - quarantined Operating memory a variant of Win32/Sirefef.EZ trojan
  2. Done. This is the log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-18 11:18:05 ----------------------------- 11:18:05.534 OS Version: Windows x64 6.1.7600 11:18:05.535 Number of processors: 8 586 0x1E05 11:18:05.537 ComputerName: TRMDU2 UserName: 11:18:06.950 Initialize success 11:18:41.187 AVAST engine defs: 12051800 11:20:24.032 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:20:24.035 Disk 0 Vendor: WDC_WD5000BEKT-75KA9T0 01.01A01 Size: 476940MB BusType: 11 11:20:24.039 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 11:20:24.042 Disk 1 Vendor: WDC_WD5000BEKT-75KA9T0 01.01A01 Size: 476940MB BusType: 11 11:20:24.045 Disk 2 \Device\Harddisk2\DR0 -> \Device\00000012 11:20:24.049 Disk 2 Vendor: ( Size: 2055MB BusType: 0 11:20:24.108 Disk 0 MBR read successfully 11:20:24.112 Disk 0 MBR scan 11:20:24.119 Disk 0 Windows 7 default MBR code 11:20:24.123 Disk 0 Partition 1 00 42 SFS 0 MB offset 63 11:20:24.131 Disk 0 Partition 2 80 (A) 42 SFS NTFS 100 MB offset 2048 11:20:24.146 Disk 0 Partition 3 00 42 SFS NTFS 102400 MB offset 206848 11:20:24.169 Disk 0 Partition 4 00 42 SFS NTFS 374438 MB offset 209922048 11:20:24.178 Disk 0 scanning C:\Windows\system32\drivers 11:20:24.184 Service scanning 11:20:50.106 Modules scanning 11:20:50.113 Disk 0 trace - called modules: 11:20:50.173 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 11:20:50.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800df9b790] 11:20:50.185 3 CLASSPNP.SYS[fffff88001a0643f] -> nt!IofCallDriver -> [0xfffffa800dd49960] 11:20:50.190 5 stdcfltn.sys[fffff880017ddc52] -> nt!IofCallDriver -> [0xfffffa800dd49cf0] 11:20:50.196 7 PCTCore64.sys[fffff88001161094] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800dbbf1f0] 11:20:52.678 AVAST engine scan C:\Windows 11:20:52.687 AVAST engine scan C:\Windows\system32 11:20:52.696 AVAST engine scan C:\Windows\system32\drivers 11:20:52.703 AVAST engine scan C:\Users\grevolorio 11:20:52.711 AVAST engine scan C:\ProgramData 11:20:52.718 Scan finished successfully 11:21:21.162 Disk 0 MBR has been saved successfully to "C:\Users\grevolorio\Desktop\MBR.dat" 11:21:21.169 The log file has been saved successfully to "C:\Users\grevolorio\Desktop\aswMBR.txt"
  3. MrC, I don't know exactly if ComboFix is running. After viewing the instructions at bleepingcomputer website, I don't see anything like that. I was able to capture a screenprint of how it runs (attached). After that I don't see anything and I noticed that it creates some type of folder/network connection on my C drive. Please advise. Thanks!!
  4. That is where I first try but it is not there. I searched my whole drive and is not anywhere. I even ran it again but no log.
  5. I ran a fresh copy of ComboFix but can't find the log (?). I checked and the PING.EXE process is still running and browser still going to random sites.
  6. No luck MrC, It did not find anything Here is the log: 08:37:34.0449 3300 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57 08:37:34.0832 3300 ============================================================ 08:37:34.0832 3300 Current date / time: 2012/05/18 08:37:34.0832 08:37:34.0832 3300 SystemInfo: 08:37:34.0832 3300 08:37:34.0832 3300 OS Version: 6.1.7600 ServicePack: 0.0 08:37:34.0832 3300 Product type: Workstation 08:37:34.0832 3300 ComputerName: TRMDU2 08:37:34.0833 3300 UserName: GRevolorio 08:37:34.0833 3300 Windows directory: C:\Windows 08:37:34.0833 3300 System windows directory: C:\Windows 08:37:34.0833 3300 Running under WOW64 08:37:34.0833 3300 Processor architecture: Intel x64 08:37:34.0833 3300 Number of processors: 8 08:37:34.0833 3300 Page size: 0x1000 08:37:34.0833 3300 Boot type: Normal boot 08:37:34.0833 3300 ============================================================ 08:37:36.0333 3300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:37:36.0346 3300 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:37:36.0355 3300 Drive \Device\Harddisk2\DR0 - Size: 0x80700000 (2.01 Gb), SectorSize: 0x200, Cylinders: 0x2AD, SectorsPerTrack: 0x20, TracksPerCylinder: 0xC0, Type 'W' 08:37:36.0356 3300 Drive \Device\Harddisk3\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9264F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W' 08:37:36.0371 3300 ============================================================ 08:37:36.0371 3300 \Device\Harddisk0\DR0: 08:37:36.0371 3300 MBR partitions: 08:37:36.0371 3300 \Device\Harddisk1\DR1: 08:37:36.0371 3300 MBR partitions: 08:37:36.0371 3300 \Device\Harddisk2\DR0: 08:37:36.0371 3300 MBR partitions: 08:37:36.0371 3300 \Device\Harddisk2\DR0\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x4037E0 08:37:36.0371 3300 \Device\Harddisk3\DR2: 08:37:36.0378 3300 MBR partitions: 08:37:36.0378 3300 \Device\Harddisk3\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1 08:37:36.0378 3300 ============================================================ 08:37:36.0378 3300 D: <-> \Device\Harddisk2\DR0\Partition0 08:37:36.0402 3300 I: <-> \Device\Harddisk3\DR2\Partition0 08:37:36.0402 3300 ============================================================ 08:37:36.0402 3300 Initialize success 08:37:36.0402 3300 ============================================================ 08:38:13.0547 1808 ============================================================ 08:38:13.0547 1808 Scan started 08:38:13.0547 1808 Mode: Manual; 08:38:13.0547 1808 ============================================================ 08:38:13.0750 1808 !SASCORE - ok 08:38:13.0777 1808 1394ohci - ok 08:38:13.0786 1808 Acceler - ok 08:38:13.0790 1808 ACPI - ok 08:38:13.0794 1808 AcpiPmi - ok 08:38:13.0810 1808 adfs - ok 08:38:13.0815 1808 Adobe Version Cue CS4 - ok 08:38:13.0826 1808 AdobeARMservice - ok 08:38:13.0832 1808 AdobeFlashPlayerUpdateSvc - ok 08:38:13.0837 1808 adp94xx - ok 08:38:13.0840 1808 adpahci - ok 08:38:13.0844 1808 adpu320 - ok 08:38:13.0850 1808 AeLookupSvc - ok 08:38:13.0862 1808 AERTFilters - ok 08:38:13.0866 1808 AFD - ok 08:38:13.0870 1808 agp440 - ok 08:38:13.0874 1808 ALG - ok 08:38:13.0877 1808 aliide - ok 08:38:13.0881 1808 amdide - ok 08:38:13.0885 1808 AmdK8 - ok 08:38:13.0888 1808 AmdPPM - ok 08:38:13.0892 1808 amdsata - ok 08:38:13.0895 1808 amdsbs - ok 08:38:13.0899 1808 amdxata - ok 08:38:13.0903 1808 AppID - ok 08:38:13.0906 1808 AppIDSvc - ok 08:38:13.0910 1808 Appinfo - ok 08:38:13.0914 1808 Apple Mobile Device - ok 08:38:13.0918 1808 applebmt - ok 08:38:13.0921 1808 AppMgmt - ok 08:38:13.0925 1808 arc - ok 08:38:13.0929 1808 arcsas - ok 08:38:13.0935 1808 aspnet_state - ok 08:38:13.0939 1808 AsyncMac - ok 08:38:13.0943 1808 atapi - ok 08:38:13.0947 1808 AudioEndpointBuilder - ok 08:38:13.0950 1808 AudioSrv - ok 08:38:13.0954 1808 AxInstSV - ok 08:38:13.0958 1808 b06bdrv - ok 08:38:13.0961 1808 b57nd60a - ok 08:38:13.0967 1808 BDESVC - ok 08:38:13.0970 1808 Beep - ok 08:38:13.0974 1808 BITS - ok 08:38:13.0977 1808 blbdrive - ok 08:38:14.0026 1808 Bonjour Service - ok 08:38:14.0030 1808 bowser - ok 08:38:14.0034 1808 BrFiltLo - ok 08:38:14.0038 1808 BrFiltUp - ok 08:38:14.0044 1808 BridgeMP - ok 08:38:14.0047 1808 Browser - ok 08:38:14.0051 1808 Brserid - ok 08:38:14.0056 1808 BrSerWdm - ok 08:38:14.0061 1808 BrUsbMdm - ok 08:38:14.0064 1808 BrUsbSer - ok 08:38:14.0095 1808 BthEnum - ok 08:38:14.0099 1808 BTHMODEM - ok 08:38:14.0103 1808 BthPan - ok 08:38:14.0107 1808 BTHPORT - ok 08:38:14.0112 1808 bthserv - ok 08:38:14.0116 1808 BTHUSB - ok 08:38:14.0120 1808 btwaudio - ok 08:38:14.0124 1808 btwavdt - ok 08:38:14.0137 1808 btwdins - ok 08:38:14.0141 1808 btwl2cap - ok 08:38:14.0145 1808 btwrchid - ok 08:38:14.0149 1808 ccEvtMgr - ok 08:38:14.0155 1808 ccSetMgr - ok 08:38:14.0160 1808 cdfs - ok 08:38:14.0165 1808 cdrom - ok 08:38:14.0168 1808 CertPropSvc - ok 08:38:14.0172 1808 circlass - ok 08:38:14.0176 1808 CLFS - ok 08:38:14.0180 1808 clr_optimization_v2.0.50727_32 - ok 08:38:14.0185 1808 clr_optimization_v2.0.50727_64 - ok 08:38:14.0190 1808 clr_optimization_v4.0.30319_32 - ok 08:38:14.0194 1808 clr_optimization_v4.0.30319_64 - ok 08:38:14.0199 1808 CmBatt - ok 08:38:14.0204 1808 cmdide - ok 08:38:14.0207 1808 CNG - ok 08:38:14.0211 1808 Compbatt - ok 08:38:14.0215 1808 CompositeBus - ok 08:38:14.0221 1808 COMSysApp - ok 08:38:14.0225 1808 crcdisk - ok 08:38:14.0240 1808 CronService - ok 08:38:14.0245 1808 CryptSvc - ok 08:38:14.0249 1808 CSC - ok 08:38:14.0254 1808 CscService - ok 08:38:14.0258 1808 CVirtA - ok 08:38:14.0261 1808 CVPND - ok 08:38:14.0265 1808 CVPNDRVA - ok 08:38:14.0269 1808 dc3d - ok 08:38:14.0275 1808 DcomLaunch - ok 08:38:14.0279 1808 defragsvc - ok 08:38:14.0283 1808 DfsC - ok 08:38:14.0287 1808 Dhcp - ok 08:38:14.0291 1808 discache - ok 08:38:14.0296 1808 Disk - ok 08:38:14.0299 1808 DNE - ok 08:38:14.0303 1808 Dnscache - ok 08:38:14.0306 1808 dot3svc - ok 08:38:14.0310 1808 DPS - ok 08:38:14.0313 1808 drmkaud - ok 08:38:14.0319 1808 DXGKrnl - ok 08:38:14.0323 1808 EapHost - ok 08:38:14.0327 1808 ebdrv - ok 08:38:14.0330 1808 eeCtrl - ok 08:38:14.0334 1808 EFS - ok 08:38:14.0338 1808 ehRecvr - ok 08:38:14.0341 1808 ehSched - ok 08:38:14.0345 1808 ElbyCDIO - ok 08:38:14.0349 1808 elxstor - ok 08:38:14.0359 1808 EraserUtilRebootDrv - ok 08:38:14.0363 1808 ErrDev - ok 08:38:14.0371 1808 EventSystem - ok 08:38:14.0375 1808 exfat - ok 08:38:14.0379 1808 fastfat - ok 08:38:14.0382 1808 Fax - ok 08:38:14.0386 1808 fdc - ok 08:38:14.0390 1808 fdPHost - ok 08:38:14.0395 1808 FDResPub - ok 08:38:14.0399 1808 FileInfo - ok 08:38:14.0403 1808 Filetrace - ok 08:38:14.0407 1808 FLEXnet Licensing Service - ok 08:38:14.0411 1808 FLEXnet Licensing Service 64 - ok 08:38:14.0415 1808 flpydisk - ok 08:38:14.0418 1808 FltMgr - ok 08:38:14.0422 1808 FontCache - ok 08:38:14.0426 1808 FontCache3.0.0.0 - ok 08:38:14.0430 1808 FsDepends - ok 08:38:14.0434 1808 Fs_Rec - ok 08:38:14.0438 1808 fvevol - ok 08:38:14.0441 1808 gagp30kx - ok 08:38:14.0445 1808 GEARAspiWDM - ok 08:38:14.0449 1808 glavcam - ok 08:38:14.0453 1808 GoogleDesktopManager-051210-111108 - ok 08:38:14.0457 1808 gpsvc - ok 08:38:14.0460 1808 gupdate - ok 08:38:14.0464 1808 gupdatem - ok 08:38:14.0468 1808 hcmon - ok 08:38:14.0471 1808 hcw85cir - ok 08:38:14.0475 1808 HdAudAddService - ok 08:38:14.0479 1808 HDAudBus - ok 08:38:14.0483 1808 HidBatt - ok 08:38:14.0487 1808 HidBth - ok 08:38:14.0490 1808 HidIr - ok 08:38:14.0494 1808 hidserv - ok 08:38:14.0497 1808 HidUsb - ok 08:38:14.0501 1808 hkmsvc - ok 08:38:14.0505 1808 HomeGroupListener - ok 08:38:14.0508 1808 HomeGroupProvider - ok 08:38:14.0512 1808 HpSAMD - ok 08:38:14.0516 1808 HTTP - ok 08:38:14.0519 1808 hwpolicy - ok 08:38:14.0523 1808 i8042prt - ok 08:38:14.0526 1808 iaStorV - ok 08:38:14.0530 1808 idsvc - ok 08:38:14.0534 1808 iirsp - ok 08:38:14.0537 1808 IKEEXT - ok 08:38:14.0546 1808 IntcAzAudAddService - ok 08:38:14.0551 1808 intelide - ok 08:38:14.0555 1808 intelppm - ok 08:38:14.0560 1808 IPBusEnum - ok 08:38:14.0563 1808 IpFilterDriver - ok 08:38:14.0577 1808 iphlpsvc - ok 08:38:14.0581 1808 IPMIDRV - ok 08:38:14.0584 1808 IPNAT - ok 08:38:14.0601 1808 iPod Service - ok 08:38:14.0605 1808 IRENUM - ok 08:38:14.0608 1808 isapnp - ok 08:38:14.0612 1808 iScsiPrt - ok 08:38:14.0615 1808 JMCR - ok 08:38:14.0619 1808 kbdclass - ok 08:38:14.0623 1808 kbdhid - ok 08:38:14.0626 1808 KeyIso - ok 08:38:14.0630 1808 KSecDD - ok 08:38:14.0633 1808 KSecPkg - ok 08:38:14.0637 1808 ksthunk - ok 08:38:14.0641 1808 KtmRm - ok 08:38:14.0644 1808 LanmanServer - ok 08:38:14.0648 1808 LanmanWorkstation - ok 08:38:14.0653 1808 LiveUpdate - ok 08:38:14.0657 1808 lltdio - ok 08:38:14.0660 1808 lltdsvc - ok 08:38:14.0664 1808 lmhosts - ok 08:38:14.0668 1808 LMIGuardianSvc - ok 08:38:14.0672 1808 LMIInfo - ok 08:38:14.0679 1808 LMIMaint - ok 08:38:14.0683 1808 lmimirr - ok 08:38:14.0686 1808 LMIRfsClientNP - ok 08:38:14.0690 1808 LMIRfsDriver - ok 08:38:14.0693 1808 LogMeIn - ok 08:38:14.0699 1808 LSI_FC - ok 08:38:14.0702 1808 LSI_SAS - ok 08:38:14.0706 1808 LSI_SAS2 - ok 08:38:14.0709 1808 LSI_SCSI - ok 08:38:14.0713 1808 luafv - ok 08:38:14.0716 1808 Mcx2Svc - ok 08:38:14.0720 1808 megasas - ok 08:38:14.0723 1808 MegaSR - ok 08:38:14.0727 1808 MMCSS - ok 08:38:14.0730 1808 Modem - ok 08:38:14.0734 1808 monitor - ok 08:38:14.0737 1808 motandroidusb - ok 08:38:14.0750 1808 MotoHelper - ok 08:38:14.0753 1808 mouclass - ok 08:38:14.0757 1808 mouhid - ok 08:38:14.0760 1808 mountmgr - ok 08:38:14.0768 1808 MouseWithoutBordersSvc - ok 08:38:14.0772 1808 mpio - ok 08:38:14.0775 1808 mpsdrv - ok 08:38:14.0779 1808 MRxDAV - ok 08:38:14.0782 1808 mrxsmb - ok 08:38:14.0786 1808 mrxsmb10 - ok 08:38:14.0790 1808 mrxsmb20 - ok 08:38:14.0793 1808 msahci - ok 08:38:14.0797 1808 msdsm - ok 08:38:14.0801 1808 MSDTC - ok 08:38:14.0808 1808 Msfs - ok 08:38:14.0812 1808 mshidkmdf - ok 08:38:14.0815 1808 msisadrv - ok 08:38:14.0819 1808 MSiSCSI - ok 08:38:14.0823 1808 msiserver - ok 08:38:14.0826 1808 MSKSSRV - ok 08:38:14.0830 1808 MSPCLOCK - ok 08:38:14.0834 1808 MSPQM - ok 08:38:14.0837 1808 MsRPC - ok 08:38:14.0843 1808 mssmbios - ok 08:38:14.0847 1808 MSTEE - ok 08:38:14.0850 1808 msvsmon80 - ok 08:38:14.0854 1808 MTConfig - ok 08:38:14.0858 1808 Mup - ok 08:38:14.0862 1808 napagent - ok 08:38:14.0865 1808 NativeWifiP - ok 08:38:14.0869 1808 NAUpdate - ok 08:38:14.0873 1808 NAVENG - ok 08:38:14.0877 1808 NAVEX15 - ok 08:38:14.0881 1808 NBVol - ok 08:38:14.0885 1808 NBVolUp - ok 08:38:14.0888 1808 NDIS - ok 08:38:14.0892 1808 NdisCap - ok 08:38:14.0895 1808 NdisTapi - ok 08:38:14.0899 1808 Ndisuio - ok 08:38:14.0903 1808 NdisWan - ok 08:38:14.0906 1808 NDProxy - ok 08:38:14.0910 1808 Netaapl - ok 08:38:14.0914 1808 NetBIOS - ok 08:38:14.0917 1808 NetBT - ok 08:38:14.0921 1808 Netlogon - ok 08:38:14.0926 1808 Netman - ok 08:38:14.0929 1808 NetMsmqActivator - ok 08:38:14.0933 1808 NetPipeActivator - ok 08:38:14.0937 1808 netprofm - ok 08:38:14.0941 1808 NetTcpActivator - ok 08:38:14.0944 1808 NetTcpPortSharing - ok 08:38:14.0948 1808 NETw5s64 - ok 08:38:14.0952 1808 nfrd960 - ok 08:38:14.0955 1808 NlaSvc - ok 08:38:14.0959 1808 nlsX86cc - ok 08:38:14.0962 1808 Npfs - ok 08:38:14.0966 1808 nsi - ok 08:38:14.0969 1808 nsiproxy - ok 08:38:14.0975 1808 Ntfs - ok 08:38:14.0978 1808 NuidFltr - ok 08:38:14.0982 1808 Null - ok 08:38:14.0986 1808 nusb3hub - ok 08:38:14.0989 1808 nusb3xhc - ok 08:38:14.0993 1808 NVHDA - ok 08:38:14.0996 1808 nvlddmkm - ok 08:38:15.0000 1808 nvraid - ok 08:38:15.0004 1808 nvstor - ok 08:38:15.0007 1808 nvsvc - ok 08:38:15.0011 1808 nv_agp - ok 08:38:15.0014 1808 odserv - ok 08:38:15.0018 1808 ohci1394 - ok 08:38:15.0021 1808 ose - ok 08:38:15.0026 1808 osppsvc - ok 08:38:15.0031 1808 p2pimsvc - ok 08:38:15.0034 1808 p2psvc - ok 08:38:15.0038 1808 Parport - ok 08:38:15.0042 1808 partmgr - ok 08:38:15.0045 1808 PcaSvc - ok 08:38:15.0049 1808 pci - ok 08:38:15.0053 1808 pciide - ok 08:38:15.0056 1808 pcmcia - ok 08:38:15.0060 1808 PCTCore - ok 08:38:15.0064 1808 pctDS - ok 08:38:15.0068 1808 pctEFA - ok 08:38:15.0072 1808 pcw - ok 08:38:15.0075 1808 PEAUTH - ok 08:38:15.0079 1808 PeerDistSvc - ok 08:38:15.0084 1808 PerfHost - ok 08:38:15.0093 1808 pla - ok 08:38:15.0096 1808 PlugPlay - ok 08:38:15.0100 1808 PNRPAutoReg - ok 08:38:15.0103 1808 PNRPsvc - ok 08:38:15.0107 1808 Point64 - ok 08:38:15.0111 1808 PolicyAgent - ok 08:38:15.0116 1808 Power - ok 08:38:15.0120 1808 PptpMiniport - ok 08:38:15.0123 1808 Processor - ok 08:38:15.0129 1808 ProfSvc - ok 08:38:15.0132 1808 ProtectedStorage - ok 08:38:15.0136 1808 Psched - ok 08:38:15.0140 1808 PSI_SVC_2 - ok 08:38:15.0143 1808 PxHlpa64 - ok 08:38:15.0147 1808 qicflt - ok 08:38:15.0150 1808 ql2300 - ok 08:38:15.0154 1808 ql40xx - ok 08:38:15.0158 1808 QWAVE - ok 08:38:15.0161 1808 QWAVEdrv - ok 08:38:15.0165 1808 RAMDiskVE - ok 08:38:15.0168 1808 RasAcd - ok 08:38:15.0173 1808 RasAgileVpn - ok 08:38:15.0177 1808 RasAuto - ok 08:38:15.0180 1808 Rasl2tp - ok 08:38:15.0184 1808 RasMan - ok 08:38:15.0187 1808 RasPppoe - ok 08:38:15.0191 1808 RasSstp - ok 08:38:15.0195 1808 rdbss - ok 08:38:15.0198 1808 rdpbus - ok 08:38:15.0202 1808 RDPCDD - ok 08:38:15.0207 1808 RDPDR - ok 08:38:15.0211 1808 RDPENCDD - ok 08:38:15.0218 1808 RDPREFMP - ok 08:38:15.0223 1808 RDPWD - ok 08:38:15.0227 1808 rdyboost - ok 08:38:15.0231 1808 RemoteAccess - ok 08:38:15.0235 1808 RemoteRegistry - ok 08:38:15.0239 1808 Revoflt - ok 08:38:15.0244 1808 RFCOMM - ok 08:38:15.0248 1808 RpcEptMapper - ok 08:38:15.0252 1808 RpcLocator - ok 08:38:15.0257 1808 RpcSs - ok 08:38:15.0261 1808 rspndr - ok 08:38:15.0264 1808 RTL8167 - ok 08:38:15.0268 1808 s3cap - ok 08:38:15.0272 1808 SamSs - ok 08:38:15.0275 1808 SASDIFSV - ok 08:38:15.0279 1808 SASKUTIL - ok 08:38:15.0283 1808 sbp2port - ok 08:38:15.0288 1808 SCardSvr - ok 08:38:15.0292 1808 scfilter - ok 08:38:15.0297 1808 Schedule - ok 08:38:15.0301 1808 SCPolicySvc - ok 08:38:15.0304 1808 sdAuxService - ok 08:38:15.0308 1808 sdCoreService - ok 08:38:15.0311 1808 SDRSVC - ok 08:38:15.0315 1808 SeagateDashboardService - ok 08:38:15.0319 1808 secdrv - ok 08:38:15.0322 1808 seclogon - ok 08:38:15.0326 1808 SENS - ok 08:38:15.0329 1808 SensrSvc - ok 08:38:15.0333 1808 Serenum - ok 08:38:15.0336 1808 Serial - ok 08:38:15.0340 1808 sermouse - ok 08:38:15.0349 1808 SessionEnv - ok 08:38:15.0352 1808 sffdisk - ok 08:38:15.0356 1808 sffp_mmc - ok 08:38:15.0359 1808 sffp_sd - ok 08:38:15.0363 1808 sfloppy - ok 08:38:15.0379 1808 ShellHWDetection - ok 08:38:15.0382 1808 SiSRaid2 - ok 08:38:15.0386 1808 SiSRaid4 - ok 08:38:15.0391 1808 SmartDefragDriver - ok 08:38:15.0395 1808 Smb - ok 08:38:15.0398 1808 SmcService - ok 08:38:15.0405 1808 SNAC - ok 08:38:15.0410 1808 SNMPTRAP - ok 08:38:15.0414 1808 spldr - ok 08:38:15.0417 1808 Spooler - ok 08:38:15.0421 1808 sppsvc - ok 08:38:15.0425 1808 sppuinotify - ok 08:38:15.0428 1808 SRTSP - ok 08:38:15.0432 1808 SRTSPL - ok 08:38:15.0436 1808 SRTSPX - ok 08:38:15.0440 1808 srv - ok 08:38:15.0444 1808 srv2 - ok 08:38:15.0447 1808 srvnet - ok 08:38:15.0451 1808 SSDPSRV - ok 08:38:15.0455 1808 SstpSvc - ok 08:38:15.0458 1808 stdcfltn - ok 08:38:15.0464 1808 Stereo Service - ok 08:38:15.0467 1808 stexstor - ok 08:38:15.0471 1808 stisvc - ok 08:38:15.0475 1808 storflt - ok 08:38:15.0478 1808 StorSvc - ok 08:38:15.0482 1808 storvsc - ok 08:38:15.0485 1808 swenum - ok 08:38:15.0489 1808 swprv - ok 08:38:15.0492 1808 Symantec AntiVirus - ok 08:38:15.0496 1808 SymEvent - ok 08:38:15.0500 1808 SysMain - ok 08:38:15.0504 1808 TabletInputService - ok 08:38:15.0509 1808 TabletServicePen - ok 08:38:15.0513 1808 TapiSrv - ok 08:38:15.0517 1808 TBS - ok 08:38:15.0520 1808 Tcpip - ok 08:38:15.0524 1808 TCPIP6 - ok 08:38:15.0529 1808 tcpipreg - ok 08:38:15.0534 1808 TDPIPE - ok 08:38:15.0538 1808 TDTCP - ok 08:38:15.0541 1808 tdx - ok 08:38:15.0553 1808 TeamViewer7 - ok 08:38:15.0557 1808 TermDD - ok 08:38:15.0560 1808 TermService - ok 08:38:15.0564 1808 Themes - ok 08:38:15.0568 1808 THREADORDER - ok 08:38:15.0575 1808 TouchServicePen - ok 08:38:15.0579 1808 TrkWks - ok 08:38:15.0583 1808 TrustedInstaller - ok 08:38:15.0588 1808 tssecsrv - ok 08:38:15.0592 1808 tunnel - ok 08:38:15.0595 1808 TurboB - ok 08:38:15.0599 1808 TurboBoost - ok 08:38:15.0603 1808 uagp35 - ok 08:38:15.0606 1808 udfs - ok 08:38:15.0610 1808 ufad-ws60 - ok 08:38:15.0617 1808 UI0Detect - ok 08:38:15.0621 1808 uliagpkx - ok 08:38:15.0624 1808 umbus - ok 08:38:15.0628 1808 UmPass - ok 08:38:15.0632 1808 UmRdpService - ok 08:38:15.0635 1808 UnlockerDriver5 - ok 08:38:15.0639 1808 upnphost - ok 08:38:15.0643 1808 USBAAPL64 - ok 08:38:15.0647 1808 usbccgp - ok 08:38:15.0650 1808 usbcir - ok 08:38:15.0654 1808 usbehci - ok 08:38:15.0658 1808 usbhub - ok 08:38:15.0661 1808 usbohci - ok 08:38:15.0665 1808 usbprint - ok 08:38:15.0669 1808 USBSTOR - ok 08:38:15.0672 1808 usbuhci - ok 08:38:15.0676 1808 usbvideo - ok 08:38:15.0679 1808 UxSms - ok 08:38:15.0683 1808 VaultSvc - ok 08:38:15.0687 1808 VBoxDrv - ok 08:38:15.0690 1808 VBoxNetAdp - ok 08:38:15.0694 1808 VBoxNetFlt - ok 08:38:15.0698 1808 VBoxUSBMon - ok 08:38:15.0701 1808 VClone - ok 08:38:15.0705 1808 vdrvroot - ok 08:38:15.0709 1808 vds - ok 08:38:15.0712 1808 vga - ok 08:38:15.0716 1808 VgaSave - ok 08:38:15.0720 1808 vhdmp - ok 08:38:15.0723 1808 viaide - ok 08:38:15.0728 1808 VMAuthdService - ok 08:38:15.0731 1808 vmbus - ok 08:38:15.0735 1808 VMBusHID - ok 08:38:15.0739 1808 vmci - ok 08:38:15.0743 1808 vmkbd - ok 08:38:15.0746 1808 vmm - ok 08:38:15.0750 1808 VMnetAdapter - ok 08:38:15.0754 1808 VMnetBridge - ok 08:38:15.0759 1808 VMnetDHCP - ok 08:38:15.0763 1808 VMnetuserif - ok 08:38:15.0767 1808 vmusb - ok 08:38:15.0771 1808 VMUSBArbService - ok 08:38:15.0777 1808 VMware NAT Service - ok 08:38:15.0781 1808 vmx86 - ok 08:38:15.0785 1808 volmgr - ok 08:38:15.0789 1808 volmgrx - ok 08:38:15.0793 1808 volsnap - ok 08:38:15.0797 1808 VPCNetS2 - ok 08:38:15.0801 1808 vsmraid - ok 08:38:15.0803 1808 VSS - ok 08:38:15.0807 1808 vstor2-ws60 - ok 08:38:15.0811 1808 vwifibus - ok 08:38:15.0815 1808 vwififlt - ok 08:38:15.0818 1808 vwifimp - ok 08:38:15.0824 1808 W32Time - ok 08:38:15.0830 1808 wacmoumonitor - ok 08:38:15.0833 1808 wacommousefilter - ok 08:38:15.0837 1808 WacomPen - ok 08:38:15.0841 1808 wacomvhid - ok 08:38:15.0845 1808 WANARP - ok 08:38:15.0848 1808 Wanarpv6 - ok 08:38:15.0853 1808 WatAdminSvc - ok 08:38:15.0858 1808 wbengine - ok 08:38:15.0863 1808 WbioSrvc - ok 08:38:15.0866 1808 wcncsvc - ok 08:38:15.0870 1808 WcsPlugInService - ok 08:38:15.0874 1808 Wd - ok 08:38:15.0877 1808 WDC_SAM - ok 08:38:15.0881 1808 Wdf01000 - ok 08:38:15.0885 1808 WdiServiceHost - ok 08:38:15.0889 1808 WdiSystemHost - ok 08:38:15.0892 1808 WebClient - ok 08:38:15.0896 1808 Wecsvc - ok 08:38:15.0899 1808 wercplsupport - ok 08:38:15.0903 1808 WerSvc - ok 08:38:15.0907 1808 WfpLwf - ok 08:38:15.0929 1808 WGX - ok 08:38:15.0932 1808 WIMMount - ok 08:38:15.0937 1808 WinDefend - ok 08:38:15.0944 1808 WinHttpAutoProxySvc - ok 08:38:15.0948 1808 Winmgmt - ok 08:38:15.0951 1808 WinRM - ok 08:38:15.0958 1808 WinUsb - ok 08:38:15.0962 1808 Wlansvc - ok 08:38:15.0966 1808 wlcrasvc - ok 08:38:15.0970 1808 wlidsvc - ok 08:38:15.0974 1808 WmiAcpi - ok 08:38:15.0979 1808 wmiApSrv - ok 08:38:15.0983 1808 WMPNetworkSvc - ok 08:38:15.0988 1808 WPCSvc - ok 08:38:15.0993 1808 WPDBusEnum - ok 08:38:15.0998 1808 ws2ifsl - ok 08:38:16.0003 1808 wscsvc - ok 08:38:16.0007 1808 WSearch - ok 08:38:16.0013 1808 wuauserv - ok 08:38:16.0017 1808 WudfPf - ok 08:38:16.0021 1808 WUDFRd - ok 08:38:16.0025 1808 wudfsvc - ok 08:38:16.0029 1808 WwanSvc - ok 08:38:16.0057 1808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 08:38:16.0337 1808 \Device\Harddisk0\DR0 - ok 08:38:16.0361 1808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 08:38:16.0639 1808 \Device\Harddisk1\DR1 - ok 08:38:16.0642 1808 MBR (0x1B8) (f06a21302510bdf961217702b21b1bbc) \Device\Harddisk2\DR0 08:38:16.0688 1808 \Device\Harddisk2\DR0 - ok 08:38:16.0691 1808 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR2 08:38:16.0694 1808 \Device\Harddisk3\DR2 - ok 08:38:16.0696 1808 Boot (0x1200) (ea2b41bf4885dee0dc23bdd7e83dc2ce) \Device\Harddisk2\DR0\Partition0 08:38:16.0697 1808 \Device\Harddisk2\DR0\Partition0 - ok 08:38:16.0701 1808 Boot (0x1200) (fff57aa4b02c6ca325b81aaa04be2657) \Device\Harddisk3\DR2\Partition0 08:38:16.0702 1808 \Device\Harddisk3\DR2\Partition0 - ok 08:38:16.0703 1808 ============================================================ 08:38:16.0703 1808 Scan finished 08:38:16.0703 1808 ============================================================ 08:38:16.0713 3604 Detected object count: 0 08:38:16.0713 3604 Actual detected object count: 0 08:40:03.0883 3112 ============================================================ 08:40:03.0883 3112 Scan started 08:40:03.0883 3112 Mode: Manual; SigCheck; TDLFS; 08:40:03.0883 3112 ============================================================ 08:40:04.0451 3112 !SASCORE - ok 08:40:04.0468 3112 1394ohci - ok 08:40:04.0471 3112 Acceler - ok 08:40:04.0475 3112 ACPI - ok 08:40:04.0479 3112 AcpiPmi - ok 08:40:04.0482 3112 adfs - ok 08:40:04.0486 3112 Adobe Version Cue CS4 - ok 08:40:04.0490 3112 AdobeARMservice - ok 08:40:04.0496 3112 AdobeFlashPlayerUpdateSvc - ok 08:40:04.0501 3112 adp94xx - ok 08:40:04.0506 3112 adpahci - ok 08:40:04.0511 3112 adpu320 - ok 08:40:04.0517 3112 AeLookupSvc - ok 08:40:04.0522 3112 AERTFilters - ok 08:40:04.0525 3112 AFD - ok 08:40:04.0529 3112 agp440 - ok 08:40:04.0532 3112 ALG - ok 08:40:04.0537 3112 aliide - ok 08:40:04.0542 3112 amdide - ok 08:40:04.0547 3112 AmdK8 - ok 08:40:04.0552 3112 AmdPPM - ok 08:40:04.0557 3112 amdsata - ok 08:40:04.0561 3112 amdsbs - ok 08:40:04.0565 3112 amdxata - ok 08:40:04.0568 3112 AppID - ok 08:40:04.0572 3112 AppIDSvc - ok 08:40:04.0576 3112 Appinfo - ok 08:40:04.0581 3112 Apple Mobile Device - ok 08:40:04.0585 3112 applebmt - ok 08:40:04.0588 3112 AppMgmt - ok 08:40:04.0592 3112 arc - ok 08:40:04.0596 3112 arcsas - ok 08:40:04.0606 3112 aspnet_state - ok 08:40:04.0611 3112 AsyncMac - ok 08:40:04.0615 3112 atapi - ok 08:40:04.0618 3112 AudioEndpointBuilder - ok 08:40:04.0622 3112 AudioSrv - ok 08:40:04.0626 3112 AxInstSV - ok 08:40:04.0629 3112 b06bdrv - ok 08:40:04.0635 3112 b57nd60a - ok 08:40:04.0641 3112 BDESVC - ok 08:40:04.0645 3112 Beep - ok 08:40:04.0648 3112 BITS - ok 08:40:04.0652 3112 blbdrive - ok 08:40:04.0656 3112 Bonjour Service - ok 08:40:04.0660 3112 bowser - ok 08:40:04.0664 3112 BrFiltLo - ok 08:40:04.0669 3112 BrFiltUp - ok 08:40:04.0673 3112 BridgeMP - ok 08:40:04.0677 3112 Browser - ok 08:40:04.0681 3112 Brserid - ok 08:40:04.0685 3112 BrSerWdm - ok 08:40:04.0689 3112 BrUsbMdm - ok 08:40:04.0693 3112 BrUsbSer - ok 08:40:04.0697 3112 BthEnum - ok 08:40:04.0701 3112 BTHMODEM - ok 08:40:04.0705 3112 BthPan - ok 08:40:04.0709 3112 BTHPORT - ok 08:40:04.0714 3112 bthserv - ok 08:40:04.0718 3112 BTHUSB - ok 08:40:04.0722 3112 btwaudio - ok 08:40:04.0726 3112 btwavdt - ok 08:40:04.0730 3112 btwdins - ok 08:40:04.0734 3112 btwl2cap - ok 08:40:04.0738 3112 btwrchid - ok 08:40:04.0742 3112 ccEvtMgr - ok 08:40:04.0746 3112 ccSetMgr - ok 08:40:04.0749 3112 cdfs - ok 08:40:04.0753 3112 cdrom - ok 08:40:04.0757 3112 CertPropSvc - ok 08:40:04.0760 3112 circlass - ok 08:40:04.0764 3112 CLFS - ok 08:40:04.0767 3112 clr_optimization_v2.0.50727_32 - ok 08:40:04.0771 3112 clr_optimization_v2.0.50727_64 - ok 08:40:04.0775 3112 clr_optimization_v4.0.30319_32 - ok 08:40:04.0779 3112 clr_optimization_v4.0.30319_64 - ok 08:40:04.0783 3112 CmBatt - ok 08:40:04.0786 3112 cmdide - ok 08:40:04.0790 3112 CNG - ok 08:40:04.0794 3112 Compbatt - ok 08:40:04.0797 3112 CompositeBus - ok 08:40:04.0801 3112 COMSysApp - ok 08:40:04.0805 3112 crcdisk - ok 08:40:04.0809 3112 CronService - ok 08:40:04.0815 3112 CryptSvc - ok 08:40:04.0819 3112 CSC - ok 08:40:04.0822 3112 CscService - ok 08:40:04.0826 3112 CVirtA - ok 08:40:04.0830 3112 CVPND - ok 08:40:04.0834 3112 CVPNDRVA - ok 08:40:04.0838 3112 dc3d - ok 08:40:04.0843 3112 DcomLaunch - ok 08:40:04.0847 3112 defragsvc - ok 08:40:04.0850 3112 DfsC - ok 08:40:04.0854 3112 Dhcp - ok 08:40:04.0858 3112 discache - ok 08:40:04.0862 3112 Disk - ok 08:40:04.0865 3112 DNE - ok 08:40:04.0869 3112 Dnscache - ok 08:40:04.0873 3112 dot3svc - ok 08:40:04.0876 3112 DPS - ok 08:40:04.0880 3112 drmkaud - ok 08:40:04.0886 3112 DXGKrnl - ok 08:40:04.0889 3112 EapHost - ok 08:40:04.0893 3112 ebdrv - ok 08:40:04.0897 3112 eeCtrl - ok 08:40:04.0901 3112 EFS - ok 08:40:04.0905 3112 ehRecvr - ok 08:40:04.0908 3112 ehSched - ok 08:40:04.0912 3112 ElbyCDIO - ok 08:40:04.0916 3112 elxstor - ok 08:40:04.0920 3112 EraserUtilRebootDrv - ok 08:40:04.0923 3112 ErrDev - ok 08:40:04.0931 3112 EventSystem - ok 08:40:04.0934 3112 exfat - ok 08:40:04.0938 3112 fastfat - ok 08:40:04.0941 3112 Fax - ok 08:40:04.0946 3112 fdc - ok 08:40:04.0949 3112 fdPHost - ok 08:40:04.0953 3112 FDResPub - ok 08:40:04.0957 3112 FileInfo - ok 08:40:04.0960 3112 Filetrace - ok 08:40:04.0964 3112 FLEXnet Licensing Service - ok 08:40:04.0968 3112 FLEXnet Licensing Service 64 - ok 08:40:04.0972 3112 flpydisk - ok 08:40:04.0976 3112 FltMgr - ok 08:40:04.0979 3112 FontCache - ok 08:40:04.0983 3112 FontCache3.0.0.0 - ok 08:40:04.0987 3112 FsDepends - ok 08:40:04.0990 3112 Fs_Rec - ok 08:40:04.0994 3112 fvevol - ok 08:40:04.0998 3112 gagp30kx - ok 08:40:05.0001 3112 GEARAspiWDM - ok 08:40:05.0005 3112 glavcam - ok 08:40:05.0009 3112 GoogleDesktopManager-051210-111108 - ok 08:40:05.0012 3112 gpsvc - ok 08:40:05.0016 3112 gupdate - ok 08:40:05.0020 3112 gupdatem - ok 08:40:05.0023 3112 hcmon - ok 08:40:05.0027 3112 hcw85cir - ok 08:40:05.0031 3112 HdAudAddService - ok 08:40:05.0034 3112 HDAudBus - ok 08:40:05.0038 3112 HidBatt - ok 08:40:05.0042 3112 HidBth - ok 08:40:05.0046 3112 HidIr - ok 08:40:05.0049 3112 hidserv - ok 08:40:05.0053 3112 HidUsb - ok 08:40:05.0056 3112 hkmsvc - ok 08:40:05.0060 3112 HomeGroupListener - ok 08:40:05.0064 3112 HomeGroupProvider - ok 08:40:05.0067 3112 HpSAMD - ok 08:40:05.0071 3112 HTTP - ok 08:40:05.0075 3112 hwpolicy - ok 08:40:05.0078 3112 i8042prt - ok 08:40:05.0082 3112 iaStorV - ok 08:40:05.0086 3112 idsvc - ok 08:40:05.0090 3112 iirsp - ok 08:40:05.0093 3112 IKEEXT - ok 08:40:05.0102 3112 IntcAzAudAddService - ok 08:40:05.0105 3112 intelide - ok 08:40:05.0109 3112 intelppm - ok 08:40:05.0115 3112 IPBusEnum - ok 08:40:05.0119 3112 IpFilterDriver - ok 08:40:05.0122 3112 iphlpsvc - ok 08:40:05.0126 3112 IPMIDRV - ok 08:40:05.0130 3112 IPNAT - ok 08:40:05.0134 3112 iPod Service - ok 08:40:05.0138 3112 IRENUM - ok 08:40:05.0141 3112 isapnp - ok 08:40:05.0145 3112 iScsiPrt - ok 08:40:05.0149 3112 JMCR - ok 08:40:05.0153 3112 kbdclass - ok 08:40:05.0157 3112 kbdhid - ok 08:40:05.0161 3112 KeyIso - ok 08:40:05.0166 3112 KSecDD - ok 08:40:05.0169 3112 KSecPkg - ok 08:40:05.0174 3112 ksthunk - ok 08:40:05.0179 3112 KtmRm - ok 08:40:05.0185 3112 LanmanServer - ok 08:40:05.0191 3112 LanmanWorkstation - ok 08:40:05.0197 3112 LiveUpdate - ok 08:40:05.0201 3112 lltdio - ok 08:40:05.0204 3112 lltdsvc - ok 08:40:05.0208 3112 lmhosts - ok 08:40:05.0212 3112 LMIGuardianSvc - ok 08:40:05.0216 3112 LMIInfo - ok 08:40:05.0219 3112 LMIMaint - ok 08:40:05.0223 3112 lmimirr - ok 08:40:05.0226 3112 LMIRfsClientNP - ok 08:40:05.0230 3112 LMIRfsDriver - ok 08:40:05.0234 3112 LogMeIn - ok 08:40:05.0239 3112 LSI_FC - ok 08:40:05.0243 3112 LSI_SAS - ok 08:40:05.0248 3112 LSI_SAS2 - ok 08:40:05.0252 3112 LSI_SCSI - ok 08:40:05.0256 3112 luafv - ok 08:40:05.0259 3112 Mcx2Svc - ok 08:40:05.0263 3112 megasas - ok 08:40:05.0267 3112 MegaSR - ok 08:40:05.0270 3112 MMCSS - ok 08:40:05.0274 3112 Modem - ok 08:40:05.0278 3112 monitor - ok 08:40:05.0281 3112 motandroidusb - ok 08:40:05.0285 3112 MotoHelper - ok 08:40:05.0289 3112 mouclass - ok 08:40:05.0293 3112 mouhid - ok 08:40:05.0297 3112 mountmgr - ok 08:40:05.0301 3112 MouseWithoutBordersSvc - ok 08:40:05.0305 3112 mpio - ok 08:40:05.0309 3112 mpsdrv - ok 08:40:05.0312 3112 MRxDAV - ok 08:40:05.0316 3112 mrxsmb - ok 08:40:05.0319 3112 mrxsmb10 - ok 08:40:05.0323 3112 mrxsmb20 - ok 08:40:05.0326 3112 msahci - ok 08:40:05.0330 3112 msdsm - ok 08:40:05.0334 3112 MSDTC - ok 08:40:05.0340 3112 Msfs - ok 08:40:05.0344 3112 mshidkmdf - ok 08:40:05.0348 3112 msisadrv - ok 08:40:05.0351 3112 MSiSCSI - ok 08:40:05.0355 3112 msiserver - ok 08:40:05.0358 3112 MSKSSRV - ok 08:40:05.0362 3112 MSPCLOCK - ok 08:40:05.0366 3112 MSPQM - ok 08:40:05.0370 3112 MsRPC - ok 08:40:05.0376 3112 mssmbios - ok 08:40:05.0380 3112 MSTEE - ok 08:40:05.0384 3112 msvsmon80 - ok 08:40:05.0387 3112 MTConfig - ok 08:40:05.0392 3112 Mup - ok 08:40:05.0395 3112 napagent - ok 08:40:05.0401 3112 NativeWifiP - ok 08:40:05.0405 3112 NAUpdate - ok 08:40:05.0409 3112 NAVENG - ok 08:40:05.0413 3112 NAVEX15 - ok 08:40:05.0417 3112 NBVol - ok 08:40:05.0421 3112 NBVolUp - ok 08:40:05.0424 3112 NDIS - ok 08:40:05.0428 3112 NdisCap - ok 08:40:05.0432 3112 NdisTapi - ok 08:40:05.0435 3112 Ndisuio - ok 08:40:05.0439 3112 NdisWan - ok 08:40:05.0443 3112 NDProxy - ok 08:40:05.0446 3112 Netaapl - ok 08:40:05.0450 3112 NetBIOS - ok 08:40:05.0454 3112 NetBT - ok 08:40:05.0457 3112 Netlogon - ok 08:40:05.0461 3112 Netman - ok 08:40:05.0466 3112 NetMsmqActivator - ok 08:40:05.0471 3112 NetPipeActivator - ok 08:40:05.0475 3112 netprofm - ok 08:40:05.0479 3112 NetTcpActivator - ok 08:40:05.0483 3112 NetTcpPortSharing - ok 08:40:05.0487 3112 NETw5s64 - ok 08:40:05.0491 3112 nfrd960 - ok 08:40:05.0495 3112 NlaSvc - ok 08:40:05.0498 3112 nlsX86cc - ok 08:40:05.0502 3112 Npfs - ok 08:40:05.0506 3112 nsi - ok 08:40:05.0511 3112 nsiproxy - ok 08:40:05.0517 3112 Ntfs - ok 08:40:05.0520 3112 NuidFltr - ok 08:40:05.0524 3112 Null - ok 08:40:05.0528 3112 nusb3hub - ok 08:40:05.0532 3112 nusb3xhc - ok 08:40:05.0535 3112 NVHDA - ok 08:40:05.0539 3112 nvlddmkm - ok 08:40:05.0543 3112 nvraid - ok 08:40:05.0548 3112 nvstor - ok 08:40:05.0554 3112 nvsvc - ok 08:40:05.0559 3112 nv_agp - ok 08:40:05.0563 3112 odserv - ok 08:40:05.0568 3112 ohci1394 - ok 08:40:05.0572 3112 ose - ok 08:40:05.0576 3112 osppsvc - ok 08:40:05.0582 3112 p2pimsvc - ok 08:40:05.0588 3112 p2psvc - ok 08:40:05.0593 3112 Parport - ok 08:40:05.0597 3112 partmgr - ok 08:40:05.0602 3112 PcaSvc - ok 08:40:05.0608 3112 pci - ok 08:40:05.0611 3112 pciide - ok 08:40:05.0616 3112 pcmcia - ok 08:40:05.0620 3112 PCTCore - ok 08:40:05.0623 3112 pctDS - ok 08:40:05.0627 3112 pctEFA - ok 08:40:05.0631 3112 pcw - ok 08:40:05.0635 3112 PEAUTH - ok 08:40:05.0638 3112 PeerDistSvc - ok 08:40:05.0643 3112 PerfHost - ok 08:40:05.0653 3112 pla - ok 08:40:05.0657 3112 PlugPlay - ok 08:40:05.0661 3112 PNRPAutoReg - ok 08:40:05.0665 3112 PNRPsvc - ok 08:40:05.0668 3112 Point64 - ok 08:40:05.0672 3112 PolicyAgent - ok 08:40:05.0678 3112 Power - ok 08:40:05.0682 3112 PptpMiniport - ok 08:40:05.0686 3112 Processor - ok 08:40:05.0691 3112 ProfSvc - ok 08:40:05.0694 3112 ProtectedStorage - ok 08:40:05.0698 3112 Psched - ok 08:40:05.0702 3112 PSI_SVC_2 - ok 08:40:05.0705 3112 PxHlpa64 - ok 08:40:05.0709 3112 qicflt - ok 08:40:05.0713 3112 ql2300 - ok 08:40:05.0717 3112 ql40xx - ok 08:40:05.0720 3112 QWAVE - ok 08:40:05.0724 3112 QWAVEdrv - ok 08:40:05.0727 3112 RAMDiskVE - ok 08:40:05.0731 3112 RasAcd - ok 08:40:05.0735 3112 RasAgileVpn - ok 08:40:05.0738 3112 RasAuto - ok 08:40:05.0743 3112 Rasl2tp - ok 08:40:05.0746 3112 RasMan - ok 08:40:05.0750 3112 RasPppoe - ok 08:40:05.0753 3112 RasSstp - ok 08:40:05.0757 3112 rdbss - ok 08:40:05.0761 3112 rdpbus - ok 08:40:05.0764 3112 RDPCDD - ok 08:40:05.0770 3112 RDPDR - ok 08:40:05.0773 3112 RDPENCDD - ok 08:40:05.0778 3112 RDPREFMP - ok 08:40:05.0782 3112 RDPWD - ok 08:40:05.0786 3112 rdyboost - ok 08:40:05.0789 3112 RemoteAccess - ok 08:40:05.0793 3112 RemoteRegistry - ok 08:40:05.0797 3112 Revoflt - ok 08:40:05.0800 3112 RFCOMM - ok 08:40:05.0804 3112 RpcEptMapper - ok 08:40:05.0808 3112 RpcLocator - ok 08:40:05.0812 3112 RpcSs - ok 08:40:05.0815 3112 rspndr - ok 08:40:05.0819 3112 RTL8167 - ok 08:40:05.0822 3112 s3cap - ok 08:40:05.0826 3112 SamSs - ok 08:40:05.0830 3112 SASDIFSV - ok 08:40:05.0834 3112 SASKUTIL - ok 08:40:05.0838 3112 sbp2port - ok 08:40:05.0843 3112 SCardSvr - ok 08:40:05.0847 3112 scfilter - ok 08:40:05.0851 3112 Schedule - ok 08:40:05.0854 3112 SCPolicySvc - ok 08:40:05.0858 3112 sdAuxService - ok 08:40:05.0862 3112 sdCoreService - ok 08:40:05.0865 3112 SDRSVC - ok 08:40:05.0869 3112 SeagateDashboardService - ok 08:40:05.0873 3112 secdrv - ok 08:40:05.0877 3112 seclogon - ok 08:40:05.0881 3112 SENS - ok 08:40:05.0884 3112 SensrSvc - ok 08:40:05.0887 3112 Serenum - ok 08:40:05.0891 3112 Serial - ok 08:40:05.0896 3112 sermouse - ok 08:40:05.0907 3112 SessionEnv - ok 08:40:05.0911 3112 sffdisk - ok 08:40:05.0915 3112 sffp_mmc - ok 08:40:05.0919 3112 sffp_sd - ok 08:40:05.0924 3112 sfloppy - ok 08:40:05.0932 3112 ShellHWDetection - ok 08:40:05.0936 3112 SiSRaid2 - ok 08:40:05.0941 3112 SiSRaid4 - ok 08:40:05.0947 3112 SmartDefragDriver - ok 08:40:05.0951 3112 Smb - ok 08:40:05.0955 3112 SmcService - ok 08:40:05.0962 3112 SNAC - ok 08:40:05.0968 3112 SNMPTRAP - ok 08:40:05.0971 3112 spldr - ok 08:40:05.0975 3112 Spooler - ok 08:40:05.0979 3112 sppsvc - ok 08:40:05.0983 3112 sppuinotify - ok 08:40:05.0987 3112 SRTSP - ok 08:40:05.0991 3112 SRTSPL - ok 08:40:05.0996 3112 SRTSPX - ok 08:40:06.0000 3112 srv - ok 08:40:06.0004 3112 srv2 - ok 08:40:06.0008 3112 srvnet - ok 08:40:06.0011 3112 SSDPSRV - ok 08:40:06.0016 3112 SstpSvc - ok 08:40:06.0021 3112 stdcfltn - ok 08:40:06.0027 3112 Stereo Service - ok 08:40:06.0031 3112 stexstor - ok 08:40:06.0035 3112 stisvc - ok 08:40:06.0039 3112 storflt - ok 08:40:06.0044 3112 StorSvc - ok 08:40:06.0049 3112 storvsc - ok 08:40:06.0052 3112 swenum - ok 08:40:06.0056 3112 swprv - ok 08:40:06.0059 3112 Symantec AntiVirus - ok 08:40:06.0063 3112 SymEvent - ok 08:40:06.0067 3112 SysMain - ok 08:40:06.0070 3112 TabletInputService - ok 08:40:06.0074 3112 TabletServicePen - ok 08:40:06.0078 3112 TapiSrv - ok 08:40:06.0082 3112 TBS - ok 08:40:06.0086 3112 Tcpip - ok 08:40:06.0091 3112 TCPIP6 - ok 08:40:06.0097 3112 tcpipreg - ok 08:40:06.0103 3112 TDPIPE - ok 08:40:06.0107 3112 TDTCP - ok 08:40:06.0111 3112 tdx - ok 08:40:06.0115 3112 TeamViewer7 - ok 08:40:06.0120 3112 TermDD - ok 08:40:06.0125 3112 TermService - ok 08:40:06.0129 3112 Themes - ok 08:40:06.0133 3112 THREADORDER - ok 08:40:06.0139 3112 TouchServicePen - ok 08:40:06.0143 3112 TrkWks - ok 08:40:06.0147 3112 TrustedInstaller - ok 08:40:06.0155 3112 tssecsrv - ok 08:40:06.0159 3112 tunnel - ok 08:40:06.0164 3112 TurboB - ok 08:40:06.0169 3112 TurboBoost - ok 08:40:06.0174 3112 uagp35 - ok 08:40:06.0179 3112 udfs - ok 08:40:06.0184 3112 ufad-ws60 - ok 08:40:06.0194 3112 UI0Detect - ok 08:40:06.0198 3112 uliagpkx - ok 08:40:06.0203 3112 umbus - ok 08:40:06.0207 3112 UmPass - ok 08:40:06.0212 3112 UmRdpService - ok 08:40:06.0217 3112 UnlockerDriver5 - ok 08:40:06.0222 3112 upnphost - ok 08:40:06.0228 3112 USBAAPL64 - ok 08:40:06.0232 3112 usbccgp - ok 08:40:06.0237 3112 usbcir - ok 08:40:06.0242 3112 usbehci - ok 08:40:06.0247 3112 usbhub - ok 08:40:06.0252 3112 usbohci - ok 08:40:06.0257 3112 usbprint - ok 08:40:06.0262 3112 USBSTOR - ok 08:40:06.0267 3112 usbuhci - ok 08:40:06.0272 3112 usbvideo - ok 08:40:06.0277 3112 UxSms - ok 08:40:06.0283 3112 VaultSvc - ok 08:40:06.0287 3112 VBoxDrv - ok 08:40:06.0292 3112 VBoxNetAdp - ok 08:40:06.0296 3112 VBoxNetFlt - ok 08:40:06.0301 3112 VBoxUSBMon - ok 08:40:06.0306 3112 VClone - ok 08:40:06.0311 3112 vdrvroot - ok 08:40:06.0317 3112 vds - ok 08:40:06.0322 3112 vga - ok 08:40:06.0326 3112 VgaSave - ok 08:40:06.0331 3112 vhdmp - ok 08:40:06.0336 3112 viaide - ok 08:40:06.0340 3112 VMAuthdService - ok 08:40:06.0346 3112 vmbus - ok 08:40:06.0351 3112 VMBusHID - ok 08:40:06.0356 3112 vmci - ok 08:40:06.0360 3112 vmkbd - ok 08:40:06.0365 3112 vmm - ok 08:40:06.0370 3112 VMnetAdapter - ok 08:40:06.0376 3112 VMnetBridge - ok 08:40:06.0380 3112 VMnetDHCP - ok 08:40:06.0386 3112 VMnetuserif - ok 08:40:06.0392 3112 vmusb - ok 08:40:06.0397 3112 VMUSBArbService - ok 08:40:06.0404 3112 VMware NAT Service - ok 08:40:06.0409 3112 vmx86 - ok 08:40:06.0414 3112 volmgr - ok 08:40:06.0419 3112 volmgrx - ok 08:40:06.0423 3112 volsnap - ok 08:40:06.0428 3112 VPCNetS2 - ok 08:40:06.0433 3112 vsmraid - ok 08:40:06.0437 3112 VSS - ok 08:40:06.0442 3112 vstor2-ws60 - ok 08:40:06.0448 3112 vwifibus - ok 08:40:06.0453 3112 vwififlt - ok 08:40:06.0457 3112 vwifimp - ok 08:40:06.0465 3112 W32Time - ok 08:40:06.0472 3112 wacmoumonitor - ok 08:40:06.0477 3112 wacommousefilter - ok 08:40:06.0480 3112 WacomPen - ok 08:40:06.0484 3112 wacomvhid - ok 08:40:06.0488 3112 WANARP - ok 08:40:06.0492 3112 Wanarpv6 - ok 08:40:06.0495 3112 WatAdminSvc - ok 08:40:06.0499 3112 wbengine - ok 08:40:06.0503 3112 WbioSrvc - ok 08:40:06.0508 3112 wcncsvc - ok 08:40:06.0513 3112 WcsPlugInService - ok 08:40:06.0517 3112 Wd - ok 08:40:06.0521 3112 WDC_SAM - ok 08:40:06.0525 3112 Wdf01000 - ok 08:40:06.0528 3112 WdiServiceHost - ok 08:40:06.0533 3112 WdiSystemHost - ok 08:40:06.0537 3112 WebClient - ok 08:40:06.0540 3112 Wecsvc - ok 08:40:06.0544 3112 wercplsupport - ok 08:40:06.0548 3112 WerSvc - ok 08:40:06.0551 3112 WfpLwf - ok 08:40:06.0555 3112 WGX - ok 08:40:06.0559 3112 WIMMount - ok 08:40:06.0562 3112 WinDefend - ok 08:40:06.0570 3112 WinHttpAutoProxySvc - ok 08:40:06.0573 3112 Winmgmt - ok 08:40:06.0577 3112 WinRM - ok 08:40:06.0584 3112 WinUsb - ok 08:40:06.0587 3112 Wlansvc - ok 08:40:06.0592 3112 wlcrasvc - ok 08:40:06.0595 3112 wlidsvc - ok 08:40:06.0599 3112 WmiAcpi - ok 08:40:06.0606 3112 wmiApSrv - ok 08:40:06.0609 3112 WMPNetworkSvc - ok 08:40:06.0613 3112 WPCSvc - ok 08:40:06.0617 3112 WPDBusEnum - ok 08:40:06.0622 3112 ws2ifsl - ok 08:40:06.0626 3112 wscsvc - ok 08:40:06.0631 3112 WSearch - ok 08:40:06.0639 3112 wuauserv - ok 08:40:06.0642 3112 WudfPf - ok 08:40:06.0647 3112 WUDFRd - ok 08:40:06.0651 3112 wudfsvc - ok 08:40:06.0655 3112 WwanSvc - ok 08:40:06.0729 3112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 08:40:07.0099 3112 \Device\Harddisk0\DR0 - ok 08:40:07.0167 3112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 08:40:07.0589 3112 \Device\Harddisk1\DR1 - ok 08:40:07.0592 3112 MBR (0x1B8) (f06a21302510bdf961217702b21b1bbc) \Device\Harddisk2\DR0 08:40:07.0629 3112 \Device\Harddisk2\DR0 - ok 08:40:07.0632 3112 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR2 08:40:07.0759 3112 \Device\Harddisk3\DR2 - ok 08:40:07.0761 3112 Boot (0x1200) (ea2b41bf4885dee0dc23bdd7e83dc2ce) \Device\Harddisk2\DR0\Partition0 08:40:07.0762 3112 \Device\Harddisk2\DR0\Partition0 - ok 08:40:07.0766 3112 Boot (0x1200) (fff57aa4b02c6ca325b81aaa04be2657) \Device\Harddisk3\DR2\Partition0 08:40:07.0767 3112 \Device\Harddisk3\DR2\Partition0 - ok 08:40:07.0768 3112 ============================================================ 08:40:07.0768 3112 Scan finished 08:40:07.0768 3112 ============================================================ 08:40:07.0777 6800 Detected object count: 0 08:40:07.0777 6800 Actual detected object count: 0
  7. Another thing I have noticed is that in the task manager I see a few instances of PING.EXE running and they are using quite a bit of memory.
  8. For a moment I thought it was better. but when I tried to go to the mbam site. I got a site security certificate message: You attempted to reach store.malwarebytes.org, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker). You should not proceed, especially if you have never seen this warning before for this site. ====================== Then, it opened a new tab to the registry defender site. Thanks again for all your help!!!!
  9. I have noticed that many times it takes me to a site called registrydefender.com I don't know if this is important.
  10. I updated Chrome, disabled all extensions, there were not any suspicious ones. I also cleared all browsing data including saved passwords and forms data. I also tried to browse using IE and firefox and it also takes me to random sites or opens random tabs..
  11. This is the RogueKiller log: RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: GRevolorio [Admin rights] Mode: Scan -- Date: 05/17/2012 14:54:06 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 zabkat.com 127.0.0.1 channel-reward-central.com 127.0.0.1 mgid.com 127.0.0.1 gift-awardcenter.com [...] ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt =================================================================== MBAM did not find anything. This is the log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.17.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 GRevolorio :: TRMDU2 [administrator] 5/17/2012 2:57:05 PM mbam-log-2012-05-17 (14-57-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 277339 Time elapsed: 4 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. Here is the log: All processes killed ========== FILES ========== C:\Users\grevolorio\AppData\Roaming\googleoez.exe moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: administrator User: All Users User: Default User: Default User User: delete User: grevolorio ->Java cache emptied: 0 bytes User: Public User: sharepointadmin Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: delete ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: grevolorio ->Temp folder emptied: 516428 bytes ->Temporary Internet Files folder emptied: 4945348 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 6368202 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: sharepointadmin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 385271 bytes Total Files Cleaned = 12.00 mb OTL by OldTimer - Version 3.2.43.0 log created on 05172012_143249 Files\Folders moved on Reboot... C:\Users\grevolorio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\grevolorio\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully. C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IMJONQ98\favicon[1].ico moved successfully. C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...
  13. https://www.virustotal.com/file/1ecb11ec03cea0785aabc518ce454d2455a4d09e2a1f139e7a449acbf16984d2/analysis/1337276265/
  14. DOne. This is the report: RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: GRevolorio [Admin rights] Mode: Scan -- Date: 05/17/2012 12:06:52 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Google (C:\Users\grevolorio\AppData\Roaming\googleoez.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1085031214-796845957-725345543-2108[...]\Run : Google (C:\Users\grevolorio\AppData\Roaming\googleoez.exe) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 zabkat.com 127.0.0.1 channel-reward-central.com 127.0.0.1 mgid.com 127.0.0.1 gift-awardcenter.com [...] ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[1].txt >> RKreport[1].txt
  15. MrC, I tried to run RogueKiller but it crashed twice. This is the debug.log debug.log
  16. <p>This is the OTL log:</p> <p> </p> <div>All processes killed</div> <div>========== OTL ==========</div> <div>Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D41289F2-69C6-417B-897E-C653D677CBAF}\ deleted successfully.</div> <div>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D41289F2-69C6-417B-897E-C653D677CBAF}\ not found.</div> <div>Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D41289F2-69C6-417B-897E-C653D677CBAF}\ deleted successfully.</div> <div>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.</div> <div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.</div> <div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div> <div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.</div> <div>========== COMMANDS ==========</div> <div> </div> <div>[EMPTYJAVA]</div> <div> </div> <div>User: administrator</div> <div> </div> <div>User: All Users</div> <div> </div> <div>User: Default</div> <div> </div> <div>User: Default User</div> <div> </div> <div>User: delete</div> <div> </div> <div>User: grevolorio</div> <div>->Java cache emptied: 1782154 bytes</div> <div> </div> <div>User: Public</div> <div> </div> <div>User: sharepointadmin</div> <div> </div> <div>Total Java Files Cleaned = 2.00 mb</div> <div> </div> <div> </div> <div>[EMPTYTEMP]</div> <div> </div> <div>User: administrator</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 67 bytes</div> <div> </div> <div>User: All Users</div> <div> </div> <div>User: Default</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 33170 bytes</div> <div>->Flash cache emptied: 56466 bytes</div> <div> </div> <div>User: Default User</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 0 bytes</div> <div>->Flash cache emptied: 0 bytes</div> <div> </div> <div>User: delete</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 67 bytes</div> <div> </div> <div>User: grevolorio</div> <div>->Temp folder emptied: 456226 bytes</div> <div>->Temporary Internet Files folder emptied: 7327537 bytes</div> <div>->Java cache emptied: 0 bytes</div> <div>->FireFox cache emptied: 43678880 bytes</div> <div>->Google Chrome cache emptied: 18864359 bytes</div> <div>->Flash cache emptied: 1396462 bytes</div> <div> </div> <div>User: Public</div> <div>->Temp folder emptied: 0 bytes</div> <div> </div> <div>User: sharepointadmin</div> <div>->Temp folder emptied: 69061 bytes</div> <div>->Temporary Internet Files folder emptied: 2024020 bytes</div> <div>->Flash cache emptied: 57030 bytes</div> <div> </div> <div>%systemdrive% .tmp files removed: 0 bytes</div> <div>%systemroot% .tmp files removed: 0 bytes</div> <div>%systemroot%\System32 .tmp files removed: 0 bytes</div> <div>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes</div> <div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div> <div>Windows Temp folder emptied: 0 bytes</div> <div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83503 bytes</div> <div>RecycleBin emptied: 3251928 bytes</div> <div> </div> <div>Total Files Cleaned = 74.00 mb</div> <div> </div> <div> </div> <div>OTL by OldTimer - Version 3.2.43.0 log created on 05172012_083836</div> <div> </div> <div>Files\Folders moved on Reboot...</div> <div>C:\Users\grevolorio\AppData\Local\Temp\ExchangePerflog_8484fa3109fe5396cfcccd43.dat moved successfully.</div> <div>C:\Users\grevolorio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div> <div>File\Folder C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{282E516B-8A2A-4349-B25F-1278EC64C0A5}.tmp not found!</div> <div>C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{45E331FA-01F3-4ECA-9710-38BDCD408318}.tmp moved successfully.</div> <div>C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9A0ADA71-887C-46D7-85C9-B9D120F23435}.tmp moved successfully.</div> <div>C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CCA1E3D4-6641-4C64-A401-69619E39FAD4}.tmp moved successfully.</div> <div> </div> <div>Registry entries deleted on Reboot...</div> <div> </div> <div>===========================================================</div> <div> </div> <div>The ESETonline scanner took about 3 hours to run. It found and cleaned 4 objects and this is the log.txt:</div> <div> </div> <div> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div> </div> <div> </div>
  17. Thanks again MrC. This is the log I got after running OTL: OTL logfile created on: 5/16/2012 5:13:26 PM - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\grevolorio\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.93 Gb Total Physical Memory | 10.15 Gb Available Physical Memory | 63.72% Memory free 16.43 Gb Paging File | 10.95 Gb Available in Paging File | 66.63% Paging File free Paging file location(s): f:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 9.04 Gb Free Space | 9.04% Space Free | Partition Type: NTFS Drive D: | 2.00 Gb Total Space | 2.00 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive F: | 731.32 Gb Total Space | 213.52 Gb Free Space | 29.20% Space Free | Partition Type: NTFS Drive G: | 930.86 Gb Total Space | 393.00 Gb Free Space | 42.22% Space Free | Partition Type: NTFS Drive I: | 931.51 Gb Total Space | 897.55 Gb Free Space | 96.35% Space Free | Partition Type: NTFS Drive S: | 546.80 Gb Total Space | 126.42 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Drive U: | 546.80 Gb Total Space | 126.42 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Computer Name: TRMDU2 | User Name: GRevolorio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) < End of report >
  18. Ran OTL. I di not get the Extra.txt log. This is the OTL.txt: OTL logfile created on: 5/16/2012 4:22:30 PM - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\grevolorio\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.93 Gb Total Physical Memory | 10.40 Gb Available Physical Memory | 65.24% Memory free 16.43 Gb Paging File | 11.16 Gb Available in Paging File | 67.89% Paging File free Paging file location(s): f:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 9.07 Gb Free Space | 9.07% Space Free | Partition Type: NTFS Drive D: | 2.00 Gb Total Space | 2.00 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive F: | 731.32 Gb Total Space | 213.52 Gb Free Space | 29.20% Space Free | Partition Type: NTFS Drive G: | 930.86 Gb Total Space | 393.00 Gb Free Space | 42.22% Space Free | Partition Type: NTFS Drive I: | 931.51 Gb Total Space | 897.55 Gb Free Space | 96.35% Space Free | Partition Type: NTFS Drive S: | 546.80 Gb Total Space | 126.41 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Drive U: | 546.80 Gb Total Space | 126.41 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Computer Name: TRMDU2 | User Name: GRevolorio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/16 16:21:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\grevolorio\Desktop\OTL.exe PRC - [2012/04/17 07:00:00 | 017,458,000 | ---- | M] () -- C:\Program Files (x86)\Google\Update\Install\{306D79A1-33D4-409D-A157-78EACF52FDA9}\GoogleEarth-Win-Bundle-6.2.2.6613.exe PRC - [2012/04/17 07:00:00 | 014,044,504 | ---- | M] () -- C:\Program Files (x86)\Google\Update\Install\{C27BBDBA-2A67-41B1-B5B7-CD1537159E5C}\GoogleEarth-Win-Plugin-6.2.2.6613.exe PRC - [2012/03/19 07:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012/02/27 00:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012/01/03 09:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/09/22 09:56:34 | 008,528,384 | ---- | M] (mylifeorganized.net) -- C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe PRC - [2011/05/02 10:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe PRC - [2011/01/21 13:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2011/01/17 15:01:57 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe PRC - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010/08/25 13:24:20 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009/04/01 21:50:28 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2009/04/01 21:50:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2009/04/01 21:50:24 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2009/04/01 21:50:22 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011/08/31 09:27:00 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\MyLifeOrganized.net\MLO\MLOWiFiSync.dll MOD - [2011/08/23 11:05:15 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/10 20:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll MOD - [2010/11/10 20:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll MOD - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe MOD - [2010/11/10 20:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll MOD - [2010/11/10 20:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll MOD - [2010/11/10 20:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll MOD - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/05/08 16:45:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV:64bit: - [2011/08/17 12:37:50 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2005/09/23 04:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80) SRV - [2012/04/30 14:11:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/02/02 10:28:18 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2012/02/02 10:28:11 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011/09/19 15:56:20 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc) SRV - [2011/08/17 12:35:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Disabled | Stopped] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService) SRV - [2011/01/21 13:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010/11/08 13:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2010/08/25 13:24:20 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/01 21:50:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2009/04/01 21:50:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2009/04/01 21:50:26 | 000,387,400 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2009/04/01 21:50:24 | 003,092,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2009/04/01 21:50:24 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2008/12/10 16:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/02/02 10:28:12 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2011/12/01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011/12/01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011/11/04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/11 11:04:38 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2010/11/21 10:45:36 | 000,063,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE) DRV:64bit: - [2010/11/11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010/11/11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010/11/11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010/11/11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010/11/11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010/11/11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010/11/11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010/11/11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010/09/23 23:24:04 | 000,080,000 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\glavcam.sys -- (glavcam) DRV:64bit: - [2010/09/17 16:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2010/09/17 16:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2010/08/20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA) DRV:64bit: - [2010/07/01 21:46:56 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS) DRV:64bit: - [2010/06/22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2010/04/27 18:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/04/27 18:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/03/26 16:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/10/15 22:39:50 | 000,051,712 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt) DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/01 21:50:28 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2009/04/01 21:50:28 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009/04/01 21:50:28 | 000,053,968 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WGX64.SYS -- (WGX) DRV:64bit: - [2009/04/01 21:50:28 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008/01/28 21:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008/01/28 20:53:52 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2008/01/28 20:53:52 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2008/01/28 20:53:52 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2007/02/18 01:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2007/01/29 07:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2010/12/17 11:54:46 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110125.040\EX64.SYS -- (NAVEX15) DRV - [2010/12/17 11:54:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010/12/17 11:54:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/12/17 11:54:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110125.040\ENG64.SYS -- (NAVENG) DRV - [2010/09/24 12:24:06 | 000,080,000 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\glavcam.sys -- (glavcam) DRV - [2010/09/17 16:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/04/01 21:50:28 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2009/04/01 21:50:28 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2009/04/01 21:50:28 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20120430&user_guid=81ACE6FCD1174E4A929589B2EBDC1283&machine_id=4eeca63955fab3f575293011f1e42dc3&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source} IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{15261C5A-E2D7-42B4-AE84-D92AE430C800}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=W-bE44BAgug2WmgXtwah32pownw?q={searchTerms} IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms} IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.73.0 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, calshr01" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/23 09:30:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/11/18 16:32:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/15 16:36:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/23 09:30:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/01/17 15:02:29 | 000,000,000 | ---D | M] [2012/04/30 14:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Extensions [2012/04/30 16:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions [2012/02/15 16:36:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2011/05/23 10:01:09 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011/07/26 14:38:01 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\LogMeInClient@logmein.com [2012/01/30 09:55:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\support@lastpass.com [2012/04/30 14:26:03 | 000,002,519 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\searchplugins\Search_Results.xml [2012/04/30 12:57:36 | 000,001,390 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\searchplugins\yahoo-zugo.xml [2012/04/30 14:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/01/25 14:49:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012/03/22 12:07:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/02/23 09:30:53 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2011/11/18 16:32:53 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK [2011/08/08 15:36:46 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\GREVOLORIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5NJU9YAU.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI [2012/02/15 16:36:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/09/06 10:55:45 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/15 16:36:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/30 14:26:03 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/02/15 16:36:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\nplastpass.dll CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.11.30.1_0\plugin/blackfishietab.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: Do Not Track Plus = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.1.0.327_0\ CHR - Extension: Do Not Track Plus = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.1.0.327_2\ CHR - Extension: Proxy Switchy! = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Bubbles = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\edabkoehdjpemgmneocphgaipmfniboi\1_0\ CHR - Extension: FB Photo Zoom = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\ CHR - Extension: AdBlock = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\ CHR - Extension: FlashBlock = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\ CHR - Extension: LastPass = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\ CHR - Extension: IE Tab = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\ CHR - Extension: Facebook: Cleaner = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ionkkjolnjdkpkenblfdghifhdlgmdgl\1.0_0\ CHR - Extension: Facebook Ads Hider = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\leeebdddeggoocipdjiokmjcpidnmoah\1.2.5_0\ CHR - Extension: Skype Extension = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\ CHR - Extension: Poppit = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Ghostery = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\2.4.0_0\ CHR - Extension: deviantART muro = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\ CHR - Extension: NotScripts = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: Evernote Web Clipper = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.3.2_0\ O1 HOSTS File: ([2012/05/16 10:10:02 | 000,442,774 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 zabkat.com O1 - Hosts: 127.0.0.1 channel-reward-central.com O1 - Hosts: 127.0.0.1 mgid.com O1 - Hosts: 127.0.0.1 gift-awardcenter.com O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp O1 - Hosts: 127.0.0.1 activation@nero.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 15238 more lines... O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {D41289F2-69C6-417B-897E-C653D677CBAF} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-21-1085031214-796845957-725345543-2108..\Run: [Google] C:\Users\grevolorio\AppData\Roaming\googleoez.exe () O4 - HKU\S-1-5-21-1085031214-796845957-725345543-2108..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKU\S-1-5-21-1085031214-796845957-725345543-2108..\Run: [WinSnap] C:\Program Files\WinSnap\WinSnap.exe (NTWind Software) O4 - Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) O4 - Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) O4 - Startup: C:\Users\delete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) O4 - Startup: C:\Users\delete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk = C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe () O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyLifeOrganized.lnk = C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe (mylifeorganized.net) O4 - Startup: C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) O4 - Startup: C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O15 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..Trusted Domains: calshr01 ([]http in Trusted sites) O15 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..Trusted Domains: emmarx.com ([reports] http in Trusted sites) O15 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..Trusted Domains: localhost ([]http in Local intranet) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.2.20 10.1.2.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inrange.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: DhcpNameServer = 10.1.2.20 10.1.2.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AFB5A5-9D29-441F-A64B-D2DC0F50AA0C}: DhcpNameServer = 172.16.206.215 172.16.206.215 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/06/07 15:58:27 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2009/04/28 10:57:38 | 000,000,137 | -H-- | M] () - G:\autorun.new -- [ NTFS ] O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - I:\Autorun.inf -- [ NTFS ] O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/16 16:21:38 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\grevolorio\Desktop\OTL.exe [2012/05/16 14:59:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/05/16 14:57:49 | 004,495,010 | R--- | C] (Swearware) -- C:\Users\grevolorio\Desktop\ComboFix.exe [2012/05/16 14:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/05/16 14:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/05/16 10:56:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\grevolorio\Desktop\dds.scr [2012/05/16 10:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0 [2012/05/16 10:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHODemon 2 [2012/05/16 09:40:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\grevolorio\Desktop\HijackThis.exe [2012/05/15 16:17:47 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Google [2012/05/15 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Media Player Classic [2012/05/14 16:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012/05/08 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com [2012/05/08 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/05/08 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2012/05/07 12:35:59 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Local\Nero_AG [2012/05/02 14:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover [2012/05/02 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loaris [2012/05/02 13:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer [2012/05/02 13:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Startup Optimizer [2012/05/01 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\Documents\My Videos [2012/05/01 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Digiarty [2012/05/01 09:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author [2012/05/01 08:36:41 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\Documents\NeroVideo [2012/05/01 08:36:35 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Local\Nero [2012/05/01 08:36:32 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Nero [2012/04/30 17:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012/04/30 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012/04/30 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012/04/30 17:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012/04/30 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/04/30 14:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/04/30 14:26:00 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll [2012/04/30 14:25:59 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\FreeBurner [2012/04/30 12:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012/04/30 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012/04/30 11:40:38 | 000,000,000 | ---D | C] -- C:\DVDTemp [2012/04/25 11:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/04/25 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder [2012/04/17 08:56:54 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Foxit Software [2012/01/30 09:55:32 | 014,534,176 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [2010/11/19 00:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\grevolorio\AppData\Roaming\7za.exe [249 C:\Users\grevolorio\*.tmp files -> C:\Users\grevolorio\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/16 16:21:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\grevolorio\Desktop\OTL.exe [2012/05/16 16:15:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108UA.job [2012/05/16 15:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/16 15:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/16 15:29:41 | 000,041,318 | ---- | M] () -- C:\Users\grevolorio\Desktop\ComboFix.zip [2012/05/16 14:57:52 | 004,495,010 | R--- | M] (Swearware) -- C:\Users\grevolorio\Desktop\ComboFix.exe [2012/05/16 14:30:06 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 14:30:06 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 14:27:23 | 000,000,939 | ---- | M] () -- C:\Users\grevolorio\Desktop\ERUNT.lnk [2012/05/16 10:56:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\grevolorio\Desktop\dds.scr [2012/05/16 10:51:52 | 000,001,023 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2012/05/16 10:44:52 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/16 10:44:30 | 000,005,778 | ---- | M] () -- C:\Users\grevolorio\Documents\cc_20120516_104422.reg [2012/05/16 10:10:02 | 000,442,774 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/16 10:09:52 | 000,789,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/16 10:09:52 | 000,669,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/16 10:09:52 | 000,124,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/16 10:06:45 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/16 10:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/16 09:40:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\grevolorio\Desktop\HijackThis.exe [2012/05/16 08:51:41 | 003,235,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/16 08:40:18 | 001,903,704 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/05/16 01:15:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108Core.job [2012/05/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2012/05/15 14:24:55 | 000,057,609 | ---- | M] () -- C:\Users\grevolorio\Desktop\Linda Warnowicz Repurchase Agreement pdf.pdf [2012/05/14 16:57:22 | 000,002,096 | -H-- | M] () -- C:\Users\grevolorio\Documents\Default.rdp [2012/05/14 10:43:30 | 000,002,515 | ---- | M] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/05/14 10:43:30 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/05/09 09:25:35 | 000,049,311 | ---- | M] () -- C:\Users\grevolorio\Desktop\INRange.ml [2012/05/08 16:35:57 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/05/07 17:00:39 | 001,026,560 | ---- | M] () -- C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp [2012/05/03 16:39:21 | 000,001,931 | ---- | M] () -- C:\Users\grevolorio\Desktop\Pandora (Saver2).lnk [2012/05/03 16:39:21 | 000,001,018 | ---- | M] () -- C:\Users\grevolorio\Desktop\Pandora (Listen Only).lnk [2012/05/03 16:39:21 | 000,001,013 | ---- | M] () -- C:\Users\grevolorio\Desktop\Saver2.lnk [2012/05/02 14:12:37 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk [2012/05/02 13:42:45 | 000,001,022 | ---- | M] () -- C:\Users\grevolorio\Desktop\Startup Optimizer.lnk [2012/05/01 09:50:46 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk [2012/05/01 09:50:46 | 000,000,826 | ---- | M] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk [2012/04/30 17:22:53 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012/04/30 17:22:05 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012/04/30 17:21:04 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012/04/30 17:20:17 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk [2012/04/30 17:03:31 | 000,442,702 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120516-101002.backup [2012/04/30 16:31:39 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2012/04/30 14:27:17 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/26 09:17:18 | 000,001,326 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/04/25 11:54:46 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/04/25 11:42:44 | 022,259,528 | ---- | M] () -- C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe [2012/04/19 13:51:01 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012/04/17 08:57:44 | 000,001,184 | ---- | M] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk [2012/04/17 08:57:44 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012/04/17 08:39:18 | 000,613,152 | ---- | M] () -- C:\Users\grevolorio\Desktop\Potato_April_2012.pdf [249 C:\Users\grevolorio\*.tmp files -> C:\Users\grevolorio\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/16 15:29:41 | 000,041,318 | ---- | C] () -- C:\Users\grevolorio\Desktop\ComboFix.zip [2012/05/16 14:27:23 | 000,000,939 | ---- | C] () -- C:\Users\grevolorio\Desktop\ERUNT.lnk [2012/05/16 10:51:52 | 000,001,023 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2012/05/16 10:44:24 | 000,005,778 | ---- | C] () -- C:\Users\grevolorio\Documents\cc_20120516_104422.reg [2012/05/15 16:17:46 | 000,102,400 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\googleoez.exe [2012/05/15 14:24:49 | 000,057,609 | ---- | C] () -- C:\Users\grevolorio\Desktop\Linda Warnowicz Repurchase Agreement pdf.pdf [2012/05/08 16:35:57 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/05/07 17:00:39 | 001,026,560 | ---- | C] () -- C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp [2012/05/02 14:11:42 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk [2012/05/02 13:42:45 | 000,001,022 | ---- | C] () -- C:\Users\grevolorio\Desktop\Startup Optimizer.lnk [2012/05/01 09:50:46 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk [2012/05/01 09:50:46 | 000,000,826 | ---- | C] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk [2012/04/30 17:22:53 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012/04/30 17:22:05 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012/04/30 17:21:04 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012/04/30 17:20:17 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk [2012/04/30 12:56:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/04/25 11:54:46 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/04/25 11:42:34 | 022,259,528 | ---- | C] () -- C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe [2012/04/17 08:57:44 | 000,001,184 | ---- | C] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk [2012/04/17 08:57:44 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012/04/17 08:39:18 | 000,613,152 | ---- | C] () -- C:\Users\grevolorio\Desktop\Potato_April_2012.pdf [2012/04/02 16:17:38 | 000,040,985 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\a.7z [2012/02/13 11:49:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/02/13 11:49:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/11/15 17:01:39 | 000,000,341 | ---- | C] () -- C:\Windows\KM1Pref.ini [2011/09/07 08:43:43 | 000,000,192 | -H-- | C] () -- C:\Windows\€nlsPreferences.dat [2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\rhog2b5.dll [2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2011/08/10 10:06:25 | 000,000,340 | ---- | C] () -- C:\Windows\SysWow64\ybelu6y.dll [2011/08/10 10:06:25 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2011/08/10 10:06:25 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2011/08/10 10:06:25 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ubl9clt.dll [2011/07/13 15:03:12 | 000,222,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/04/25 14:15:22 | 000,054,457 | ---- | C] () -- C:\Windows\SysWow64\jmpumlzrkdsbo.exe [2011/04/13 11:34:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/04/13 11:34:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/04/13 11:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/04/13 11:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/04/13 11:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/04/11 12:12:24 | 000,008,905 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\0A0E.6B3 [2011/04/11 12:12:21 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini [2011/04/07 16:42:51 | 000,000,600 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\winscp.rnd [2011/04/07 14:14:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll [2011/04/05 09:28:17 | 000,004,608 | ---- | C] () -- C:\Users\grevolorio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/02 14:25:53 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\uninstall.dll [2011/01/25 14:54:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/24 16:51:54 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/01/24 16:51:54 | 000,000,008 | RHS- | C] () -- C:\ProgramData\E2DFE9BF5B.sys [2011/01/18 16:56:05 | 000,000,306 | ---- | C] () -- C:\Windows\ODBC.INI [2011/01/18 13:03:28 | 000,786,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/18 12:18:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\custmon2k.dll [2011/01/18 12:18:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\uninstpw.exe [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2011/01/11 12:09:32 | 000,002,762 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/01/11 08:51:02 | 000,203,376 | ---- | C] () -- C:\Windows\SysWow64\jmcricon.dll [2010/06/15 13:36:37 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll ========== LOP Check ========== [2011/04/20 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\WTouch [2012/02/20 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\.Tribler [2012/03/14 09:11:03 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\5pm-downloader [2011/05/18 08:23:33 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Axosoft [2012/05/16 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\BitTyrant [2011/02/01 13:00:43 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\BreezeTree [2012/02/15 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\calibre [2012/02/13 11:31:14 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Canneverbe Limited [2011/01/21 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 [2012/05/01 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Digiarty [2012/01/03 14:48:54 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\DiskAid [2012/05/16 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Dropbox [2011/06/14 16:37:28 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\eBookConverter [2012/05/03 14:07:14 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Foxit Software [2012/04/30 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\FreeBurner [2011/02/07 15:34:01 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\GetRightToGo [2012/03/14 09:41:20 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Graphic.lyAir.524A3AB5801B9AE08DEEB1BA295EDE84BDC333F2.1 [2012/02/06 12:16:30 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\iConcur [2011/08/12 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\inkscape [2012/03/07 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\IObit [2011/09/14 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\JAM Software [2011/09/14 09:57:51 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Launchy [2011/08/19 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Leadertech [2012/03/13 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Motorola [2011/05/31 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\MySQL [2011/09/09 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Nik Software [2011/01/18 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Notepad++ [2012/01/25 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\ooVoo Details [2012/02/01 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\OpenOffice.org [2011/09/14 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Pantone [2011/06/17 14:18:20 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\PDM [2012/01/03 11:32:46 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\redsn0w [2012/04/30 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\ScanSoft [2011/08/19 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Seagate [2011/01/24 11:01:51 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Smith Micro [2012/05/15 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\SProxy [2011/02/11 16:23:13 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\SYSTEMAX Software Development [2011/07/25 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\TeamViewer [2012/05/16 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\TeraCopy [2012/04/25 11:40:13 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder [2012/02/23 10:45:28 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Wacom [2012/02/23 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011/04/07 14:48:12 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\WindSolutions [2011/01/24 15:31:48 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\WTouch [2011/08/16 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Zeon [2012/05/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2012/04/30 16:31:39 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job [2011/09/27 15:34:35 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/07/14 16:52:59 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\Synch Projects and Forms.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C8B8CEBD @Alternate Data Stream - 108 bytes -> C:\Windows: < End of report >
  19. That is the only log I have. A couple of months ago I ran it out of curiosity just to see if my computer had any spyware from a coworkers advice. I searched my computer and there are not any other logs.
  20. Thanks. Attached is the ComboFIx.txt file zipped. ComboFix.zip
  21. I ran ComboFIx. It ran really quick. WHen I try to post the report I get an error: post_too_long. I zipped the file but can't find the link to attach. Please advise. Thanks, Gus
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.