Jump to content

daveybabs

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, Ive been trying for 24 hours to sort this virus out and I cant. I usually just boot into safe mode go to msconfig, follow the path and delete the file. This time I cant boot into safe mode it just shuts down. Have tried every rescue disk out there and I think Ive removed the virus but the screen still appears when I log on. I have attached a log and hope you can help me. Thank you Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by SYSTEM on 14-06-2013 14:31:32 Running from I:\ Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10135584 2010-03-26] (Realtek Semiconductor) HKLM\...\Run: [MveXinfo.exe] "C:\PROGRA~1\MATROX~1.UTI\System64\MveXinfo.exe" /tray [705640 2012-11-10] (Matrox Electronic Systems) HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [478984 2012-12-15] (Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [403112 2012-04-27] (Acronis) HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b70534b1e5227d8b03ec7790383f2ccc\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [x] HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955280 2012-04-27] (Acronis) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [x] HKLM-x32\...\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [x] HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation) HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284184 2011-02-09] (Intel Corporation) HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [655360 2012-05-29] () HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd) HKLM-x32\...\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [118784 2011-02-14] (Contour Design, Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1611160 2011-03-28] (CANON INC.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-09] (Adobe Systems Inc.) HKLM-x32\...\Run: [NortonSupport] "C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\symerr.exe" /supportreboot [54096 2013-01-25] (Symantec Corporation) HKU\b2b Productions\...\Run: [AdobeBridge] [x] HKU\b2b Productions\...\Run: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none [198144 2012-04-10] (YouSendIt) HKU\b2b Productions\...\Run: [update] C:\Users\b2b Productions\AppData\Roaming\do3Hrdt.exe [x] HKU\b2b Productions\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [x] HKU\b2b Productions\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.) HKU\b2b Productions\...\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation) HKU\b2b Productions\...\Run: [Google Update] "C:\Users\b2b Productions\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] HKU\b2b Productions\...\Run: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon [53341 2006-11-17] (Creative Technology Ltd) HKU\b2b Productions\...\Run: [Akamai NetSession Interface] "C:\Users\b2b Productions\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc) HKU\b2b Productions\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\b2b Productions\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\b2b Productions\...\Command Processor: "C:\Users\B2BPRO~1\AppData\Local\Temp\QJpIKma.exe" <===== ATTENTION! HKU\UpdatusUser\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\GIGABYTE OC Guru.lnk ShortcutTarget: GIGABYTE OC Guru.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\OC_Guru.exe (GIGABYTE Technology Co.,Ltd) Startup: C:\ProgramData\Start Menu\Programs\Startup\SpyderUtility.lnk ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( ) Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ShortcutTarget: ctfmon.lnk -> C:\ProgramData\lsass.exe (Microsoft Corporation) Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-02-11] (Adobe Systems) S4 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-06-14] (SurfRight B.V.) S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-06-08] (Nero AG) S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-06] () S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] () S4 mvOptimizerService; C:\PROGRA~1\MATROX~1.UTI\System64\mvOptimizerService.exe [117352 2012-11-10] (Matrox Electronic Systems) S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation) S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] () S4 ShuttleEngine; C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [86016 2011-02-14] (Contour Design, Inc.) S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) S4 HitmanPro37CrusaderBoot; "G:\HitmanPro_x64.exe" /crusader:boot [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation) S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] () S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) S1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation) S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD03030.013\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-14] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-14] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-18] (Windows ® Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-18] (Windows ® Server 2003 DDK provider) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130613.001\IDSvia64.sys [513184 2013-05-15] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130613.001\IDSvia64.sys [513184 2013-05-15] (Symantec Corporation) S3 mtx_WdmAudioLE; C:\Windows\System32\drivers\mvkWdmAudioLE.sys [47208 2012-11-10] (Matrox Electronic Systems) S3 mvkAudioInput; C:\Windows\System32\DRIVERS\mvkAudioInput.sys [66664 2012-11-10] (Matrox Electronic Systems) S3 mvkAudioOutput; C:\Windows\System32\DRIVERS\mvkAudioOutput.sys [70760 2012-11-10] (Matrox Electronic Systems) S3 mvkAVBus; C:\Windows\System32\DRIVERS\mvkAVBus.sys [342120 2012-11-10] (Matrox Electronic Systems) S3 mvkAVCio; C:\Windows\System32\DRIVERS\mvkAVCio.sys [497256 2012-11-10] (Matrox Electronic Systems) S3 mvkInput; C:\Windows\System32\DRIVERS\mvkInput.sys [79976 2012-11-10] (Matrox Electronic Systems) S3 mvkLQScaler; C:\Windows\System32\DRIVERS\mvkLQScaler.sys [66664 2012-11-10] (Matrox Electronic Systems) S3 mvkMemMngr; C:\Windows\System32\DRIVERS\mvkMemMngr.sys [57960 2012-11-10] (Matrox Electronic Systems) S3 mvkMisc; C:\Windows\System32\DRIVERS\mvkMisc.sys [75880 2012-11-10] (Matrox Electronic Systems) S3 mvkOutput; C:\Windows\System32\DRIVERS\mvkOutput.sys [90216 2012-11-10] (Matrox Electronic Systems) S3 mvkPciOptimizer; C:\Program Files\Matrox Mtx.utils\drivers\mvkPciOptimizer.sys [20072 2012-11-25] (Matrox Electronic Systems) S3 mvkSystemClock; C:\Windows\System32\DRIVERS\mvkSystemClock.sys [63592 2012-11-10] (Matrox Electronic Systems) S3 mvkTransfer; C:\Windows\System32\DRIVERS\mvkTransfer.sys [74344 2012-11-10] (Matrox Electronic Systems) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\ENG64.SYS [126040 2013-05-21] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\ENG64.SYS [126040 2013-05-21] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\EX64.SYS [2098776 2013-05-21] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\EX64.SYS [2098776 2013-05-21] (Symantec Corporation) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor) S1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS [796248 2013-01-28] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NAVx64\1403010.016\SYMDS64.SYS [493656 2013-01-21] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-05-15] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [432800 2013-01-30] (Symantec Corporation) S0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2011-04-28] (TuneClone Software) S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain) S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain) S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain) S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 ALSysIO; \??\C:\Users\B2BPRO~1\AppData\Local\Temp\ALSysIO64.sys [x] S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x] S3 mvkMemManager; system32\DRIVERS\mvkMemManager.sys [x] S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x] S3 WinRing0_1_2_0; \??\C:\Users\b2b Productions\Desktop\RealTemp_360\WinRing0x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2020-05-06 07:24 - 2011-05-06 12:59 - 00000000 ____D C:\Program Files\NewBlue 2013-06-14 14:31 - 2013-06-14 14:31 - 00000000 ____D C:\FRST 2013-06-14 12:55 - 2013-06-14 12:55 - 00000000 ____D C:\NBRT 2013-06-14 01:14 - 2013-06-14 01:14 - 88342528 ____A C:\Windows\System32\config\SOFTWARE.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 30146560 ____A C:\Windows\System32\config\SYSTEM.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SAM.bhv 2013-06-13 18:19 - 2013-06-13 18:19 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-06-13 16:43 - 2013-06-13 16:43 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-06-13 16:43 - 2013-06-13 16:43 - 00003144 ____A C:\Windows\System32\.crusader 2013-06-13 16:40 - 2013-06-14 03:26 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-06-13 16:40 - 2013-06-13 16:43 - 00000000 ____D C:\ProgramData\HitmanPro 2013-06-13 16:40 - 2013-06-13 16:40 - 00000000 ____D C:\Program Files\HitmanPro 2013-06-13 15:59 - 2013-06-13 15:59 - 01038434 ____A C:\ProgramData\2433f433 2013-06-13 15:59 - 2013-06-13 15:59 - 01038410 ____A C:\Users\b2b Productions\AppData\Local\2433f433 2013-06-13 15:59 - 2013-06-13 15:59 - 01038392 ____A C:\Users\b2b Productions\AppData\Roaming\2433f433 2013-06-13 12:39 - 2013-06-13 12:47 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (2).xls 2013-06-12 03:41 - 2013-06-12 03:41 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (1).xls 2013-06-11 06:30 - 2013-06-11 06:30 - 26592511 ____A C:\Users\b2b Productions\Downloads\Colette & Simon Project Files.zip 2013-06-06 03:48 - 2013-06-06 03:48 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota.xls 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\b2b Productions\Documents\Twixtor5AEManual 2013-05-30 20:57 - 2013-05-30 21:02 - 00000000 ____D C:\Program Files (x86)\REVisionEffects 2013-05-30 20:57 - 2013-05-30 20:57 - 17659190 ____A C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy.rar 2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy 2013-05-30 20:49 - 2013-05-30 20:49 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1).zip 2013-05-30 20:49 - 2013-05-30 20:49 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1) 2013-05-30 20:46 - 2013-05-30 20:46 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus.zip 2013-05-28 03:12 - 2013-05-28 03:12 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd (1).wmv 2013-05-26 14:09 - 2013-05-26 14:09 - 00002865 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-09.txt 2013-05-26 14:03 - 2013-05-26 14:03 - 00001424 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-03.txt 2013-05-24 08:21 - 2013-05-24 08:21 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd.wmv 2013-05-20 07:20 - 2013-05-20 07:21 - 79992211 ____A C:\Users\b2b Productions\Downloads\promo_caroline_sd.wmv 2013-05-20 05:17 - 2013-05-20 05:17 - 00000074 ____A C:\Windows\???.ini 2013-05-20 05:14 - 2013-05-21 01:39 - 00000074 ____A C:\Windows\e??.ini 2013-05-20 05:14 - 2013-05-20 05:14 - 00000074 ____A C:\Windows\§??.ini 2013-05-18 03:25 - 2013-05-18 03:25 - 00000074 ____A C:\Windows\???.ini 2013-05-18 03:24 - 2013-05-18 03:24 - 00000074 ____A C:\Windows\e??.ini 2013-05-17 08:13 - 2013-05-17 08:13 - 00000074 ____A C:\Windows\D??.ini 2013-05-17 07:25 - 2013-05-17 07:25 - 00000074 ____A C:\Windows\???.ini 2013-05-17 07:24 - 2013-05-17 07:24 - 00000074 ____A C:\Windows\È??.ini 2013-05-16 11:02 - 2013-05-16 11:02 - 00001071 ____A C:\Users\Public\Desktop\EOS Utility.lnk 2013-05-16 11:01 - 2013-05-16 11:01 - 00000000 ____D C:\ProgramData\Canon_Inc_IC 2013-05-16 02:47 - 2013-05-16 02:47 - 00002397 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64 2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe ==================== One Month Modified Files and Folders ======= 2013-06-14 14:31 - 2013-06-14 14:31 - 00000000 ____D C:\FRST 2013-06-14 12:55 - 2013-06-14 12:55 - 00000000 ____D C:\NBRT 2013-06-14 05:23 - 2009-07-13 20:45 - 00019840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-14 05:23 - 2009-07-13 20:45 - 00019840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-14 03:26 - 2013-06-13 16:40 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-06-14 01:14 - 2013-06-14 01:14 - 88342528 ____A C:\Windows\System32\config\SOFTWARE.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 30146560 ____A C:\Windows\System32\config\SYSTEM.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv 2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SAM.bhv 2013-06-14 01:14 - 2011-02-08 10:32 - 00000000 ____D C:\users\b2b Productions 2013-06-13 18:19 - 2013-06-13 18:19 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-06-13 17:33 - 2013-01-15 03:21 - 01055212 ____A C:\Windows\WindowsUpdate.log 2013-06-13 17:12 - 2012-06-22 05:58 - 00000000 ____D C:\Windows\pss 2013-06-13 17:10 - 2012-10-05 11:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-13 17:10 - 2009-07-13 21:13 - 00789528 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-13 17:00 - 2011-02-09 00:53 - 00000000 ____D C:\Users\b2b Productions\AppData\Local\Adobe 2013-06-13 16:54 - 2013-01-15 03:20 - 00017829 ____A C:\Windows\setupact.log 2013-06-13 16:54 - 2011-02-09 03:36 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-13 16:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-13 16:43 - 2013-06-13 16:43 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-06-13 16:43 - 2013-06-13 16:43 - 00003144 ____A C:\Windows\System32\.crusader 2013-06-13 16:43 - 2013-06-13 16:40 - 00000000 ____D C:\ProgramData\HitmanPro 2013-06-13 16:40 - 2013-06-13 16:40 - 00000000 ____D C:\Program Files\HitmanPro 2013-06-13 16:21 - 2012-10-05 11:59 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-13 16:14 - 2012-05-24 13:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-13 15:59 - 2013-06-13 15:59 - 01038434 ____A C:\ProgramData\2433f433 2013-06-13 15:59 - 2013-06-13 15:59 - 01038410 ____A C:\Users\b2b Productions\AppData\Local\2433f433 2013-06-13 15:59 - 2013-06-13 15:59 - 01038392 ____A C:\Users\b2b Productions\AppData\Roaming\2433f433 2013-06-13 12:47 - 2013-06-13 12:39 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (2).xls 2013-06-13 11:23 - 2011-08-12 07:19 - 00000000 ___RD C:\Users\b2b Productions\Dropbox 2013-06-13 11:23 - 2011-08-12 07:17 - 00000000 ____D C:\Users\b2b Productions\AppData\Roaming\Dropbox 2013-06-13 11:23 - 2011-07-25 06:30 - 00000000 ____D C:\Users\b2b Productions\AppData\Local\Htc 2013-06-12 13:51 - 2011-02-23 13:08 - 00000000 ____D C:\Users\b2b Productions\Documents\b2b Documentation 2013-06-12 11:39 - 2012-09-07 01:30 - 00000000 ____D C:\Users\b2b Productions\AppData\Roaming\TeamViewer 2013-06-12 03:41 - 2013-06-12 03:41 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (1).xls 2013-06-12 03:14 - 2012-05-24 13:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 03:14 - 2011-08-11 05:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 02:21 - 2013-04-10 00:05 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-06-12 01:59 - 2013-02-24 08:55 - 00000000 ____D C:\Users\b2b Productions\Desktop\Stuff 2013-06-11 06:30 - 2013-06-11 06:30 - 26592511 ____A C:\Users\b2b Productions\Downloads\Colette & Simon Project Files.zip 2013-06-11 01:34 - 2011-12-12 18:15 - 00039424 ____A C:\Users\b2b Productions\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-11 01:14 - 2012-01-20 04:14 - 00000000 ____D C:\project copies 2013-06-10 05:29 - 2011-02-10 01:11 - 00000000 ____D C:\Users\b2b Productions\AppData\Local\CrashDumps 2013-06-06 05:18 - 2011-02-09 04:14 - 00000021 ____A C:\Windows\SurCode.INI 2013-06-06 03:48 - 2013-06-06 03:48 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota.xls 2013-06-05 04:43 - 2012-02-10 03:42 - 00000000 ____D C:\ProgramData\CanonIJPLM 2013-05-30 21:02 - 2013-05-30 20:57 - 00000000 ____D C:\Program Files (x86)\REVisionEffects 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\b2b Productions\Documents\Twixtor5AEManual 2013-05-30 20:57 - 2013-05-30 20:57 - 17659190 ____A C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy.rar 2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy 2013-05-30 20:49 - 2013-05-30 20:49 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1).zip 2013-05-30 20:49 - 2013-05-30 20:49 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1) 2013-05-30 20:46 - 2013-05-30 20:46 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus.zip 2013-05-30 11:02 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-28 03:12 - 2013-05-28 03:12 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd (1).wmv 2013-05-26 14:09 - 2013-05-26 14:09 - 00002865 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-09.txt 2013-05-26 14:03 - 2013-05-26 14:03 - 00001424 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-03.txt 2013-05-24 08:21 - 2013-05-24 08:21 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd.wmv 2013-05-22 10:54 - 2013-01-31 06:33 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-21 16:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-21 10:54 - 2013-01-15 03:19 - 00033556 ____A C:\Windows\PFRO.log 2013-05-21 10:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-05-21 07:25 - 2011-02-23 13:05 - 00000000 ____D C:\Users\b2b Productions\Documents\dvd artwork 2013-05-21 05:32 - 2011-02-08 12:24 - 00000000 ____D C:\ProgramData\Adobe 2013-05-21 01:39 - 2013-05-20 05:14 - 00000074 ____A C:\Windows\e??.ini 2013-05-21 01:36 - 2013-03-16 23:56 - 00000074 ____A C:\Windows\e.ini 2013-05-20 07:21 - 2013-05-20 07:20 - 79992211 ____A C:\Users\b2b Productions\Downloads\promo_caroline_sd.wmv 2013-05-20 05:17 - 2013-05-20 05:17 - 00000074 ____A C:\Windows\???.ini 2013-05-20 05:14 - 2013-05-20 05:14 - 00000074 ____A C:\Windows\§??.ini 2013-05-18 16:02 - 2012-09-09 06:19 - 00000000 ____D C:\Users\b2b Productions\AppData\Roaming\Skype 2013-05-18 14:05 - 2011-02-18 01:22 - 00000000 ____D C:\Users\b2b Productions\Documents\Shared 2013-05-18 03:25 - 2013-05-18 03:25 - 00000074 ____A C:\Windows\???.ini 2013-05-18 03:24 - 2013-05-18 03:24 - 00000074 ____A C:\Windows\e??.ini 2013-05-17 08:13 - 2013-05-17 08:13 - 00000074 ____A C:\Windows\D??.ini 2013-05-17 07:25 - 2013-05-17 07:25 - 00000074 ____A C:\Windows\???.ini 2013-05-17 07:24 - 2013-05-17 07:24 - 00000074 ____A C:\Windows\È??.ini 2013-05-16 11:02 - 2013-05-16 11:02 - 00001071 ____A C:\Users\Public\Desktop\EOS Utility.lnk 2013-05-16 11:02 - 2011-06-13 13:04 - 00000000 ____D C:\Program Files (x86)\Canon 2013-05-16 11:01 - 2013-05-16 11:01 - 00000000 ____D C:\ProgramData\Canon_Inc_IC 2013-05-16 02:48 - 2011-02-08 10:53 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64 2013-05-16 02:48 - 2011-02-08 10:51 - 00000000 ____D C:\ProgramData\Norton 2013-05-16 02:47 - 2013-05-16 02:47 - 00002397 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64 2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe 2013-05-15 12:44 - 2011-02-08 10:53 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-05-15 12:44 - 2011-02-08 10:53 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-05-15 12:44 - 2011-02-08 10:53 - 00000000 ____D C:\Program Files\Symantec 2013-05-15 11:59 - 2011-02-08 10:51 - 00000000 ____D C:\Users\Public\Downloads\Norton ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2789869841-2288115831-1932289116-1000\$b70534b1e5227d8b03ec7790383f2ccc ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$b70534b1e5227d8b03ec7790383f2ccc Files to move or delete: ==================== C:\ProgramData\lsass.exe C:\Users\b2b Productions\AppData\Roaming\AltShell.ini C:\Users\Public\Dreamweaver8-en.exe C:\Users\Public\DriverDPSEv1.30-32-64.exe C:\ProgramData\0955336.bat C:\ProgramData\0955336.pad C:\ProgramData\0955336.reg C:\ProgramData\4268165.bat C:\ProgramData\4268165.pad C:\ProgramData\4268165.reg C:\ProgramData\jQBjASj.bat C:\ProgramData\jQBjASj.pad C:\ProgramData\jQBjASj.reg ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-03 02:17:15 Restore point made on: 2013-06-04 02:09:19 Restore point made on: 2013-06-05 04:44:11 Restore point made on: 2013-06-06 00:47:03 Restore point made on: 2013-06-06 17:00:08 Restore point made on: 2013-06-07 13:54:11 Restore point made on: 2013-06-07 17:00:05 Restore point made on: 2013-06-10 01:15:32 Restore point made on: 2013-06-11 00:24:26 Restore point made on: 2013-06-12 01:12:42 Restore point made on: 2013-06-13 11:53:42 Restore point made on: 2013-06-13 17:00:12 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 12286.4 MB Available physical RAM: 11223.41 MB Total Pagefile: 12284.55 MB Available Pagefile: 11227.85 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.47 GB) (Free:65.64 GB) NTFS (Disk=2 Partition=2) Drive d: (Ext Back up) (Fixed) (Total:465.76 GB) (Free:31.52 GB) NTFS (Disk=1 Partition=1) Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=2 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF Drive i: (NBRT) (Removable) (Total:29.79 GB) (Free:29.79 GB) FAT32 (Disk=3 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Raid) (Fixed) (Total:3725.9 GB) (Free:1195.32 GB) NTFS (Disk=0 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 3726 GB) (Disk ID: 6A66A3EA) Partition: GPT Partition Type ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9C0BBAF1) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: B59E0AF0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=30 GB) - (Type=0C) LastRegBack: 2013-06-13 14:00 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.