Please help, computer infected.

cestmoi1337 · May 16, 2012

Hi all,

This morning my computer started acting slow and when I try to use google chrome, it takes me to random sites. I ran MalwareBytes quick scan but it didn't find anything. I ran Spybot and SuperAntispyware but they come out clean as well. This is the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0

Run by GRevolorio at 11:00:32 on 2012-05-16

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.16316.10512 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Windows\SysWOW64\nlssrv32.exe

C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Users\grevolorio\AppData\Roaming\googleoez.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Launchy\Launchy.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\xplorer2\xplorer2_64.exe

C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup

uRun: [Google] C:\Users\grevolorio\AppData\Roaming\googleoez.exe

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BHODEM~1.LNK - C:\Program Files (x86)\BHODemon 2\BHODemon.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYLIFE~1.LNK - C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~2.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

uPolicies-system: HideLogonScripts = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-system: HideLegacyLogonScripts = 1 (0x1)

dPolicies-system: HideLogonScripts = 1 (0x1)

dPolicies-system: HideLogoffScripts = 1 (0x1)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: calshr01

Trusted Zone: emmarx.com\reports

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 10.1.2.20 10.1.2.19

TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : DhcpNameServer = 10.1.2.20 10.1.2.19

TCP: Interfaces\{29AFB5A5-9D29-441F-A64B-D2DC0F50AA0C} : DhcpNameServer = 172.16.206.215 172.16.206.215

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll

BHO-X64: CutePDF Form Filler - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [(Default)]

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe

AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

.

============= SERVICES / DRIVERS ===============

.

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-1-21 64512]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-25 235624]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-4-1 2440120]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-23 6583160]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-23 528760]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 applebmt;Apple Wireless Mouse;C:\Windows\system32\DRIVERS\applebmt.sys --> C:\Windows\system32\DRIVERS\applebmt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-26 132656]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

R3 RAMDiskVE;RAMDiskVE;C:\Windows\system32\Drivers\RAMDiskVE.sys --> C:\Windows\system32\Drivers\RAMDiskVE.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176]

S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-9-19 17920]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-17 1038088]

S3 glavcam;BW Microscope;C:\Windows\System32\drivers\glavcam.sys [2011-3-2 80000]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-8-23 30192]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-27 98208]

S4 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]

S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]

S4 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-26 366840]

S4 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-26 1150936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

.txt=SigilTXT

.

=============== Created Last 30 ================

.

2012-05-16 14:51:51 -------- d-----w- C:\Program Files (x86)\BHODemon 2

2012-05-15 20:17:46 102400 ------w- C:\Users\grevolorio\AppData\Roaming\googleoez.exe

2012-05-10 18:32:56 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 18:32:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 18:32:51 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 18:32:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 18:32:51 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 18:32:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 18:32:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-08 20:36:19 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com

2012-05-08 20:35:57 -------- d-----w- C:\ProgramData\!SASCORE

2012-05-07 16:35:59 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero_AG

2012-05-07 12:33:21 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{366E680E-86A9-4541-9805-3C4E03346FB7}\mpengine.dll

2012-05-02 18:11:38 -------- d-----w- C:\Program Files (x86)\Loaris

2012-05-02 17:42:44 -------- d-----w- C:\Program Files (x86)\Startup Optimizer

2012-05-01 13:50:56 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\Digiarty

2012-05-01 12:36:35 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero

2012-04-30 21:18:45 -------- d-----w- C:\ProgramData\Nero

2012-04-30 21:11:25 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys

2012-04-30 21:11:03 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys

2012-04-30 21:11:03 -------- d-----w- C:\Program Files (x86)\Nero

2012-04-30 21:10:22 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2012-04-30 21:10:22 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2012-04-30 21:10:22 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll

2012-04-30 21:09:04 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2012-04-30 21:07:49 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-04-30 21:06:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2012-04-30 21:05:14 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll

2012-04-30 21:03:51 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll

2012-04-30 19:17:29 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-04-30 18:26:03 -------- d-----w- C:\ProgramData\boost_interprocess

2012-04-30 18:26:00 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll

2012-04-30 18:26:00 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL

2012-04-30 18:26:00 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL

2012-04-30 18:26:00 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX

2012-04-30 18:25:59 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL

2012-04-30 18:25:59 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL

2012-04-30 18:25:59 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\FreeBurner

2012-04-30 16:56:36 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-04-30 16:56:33 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-04-30 15:40:38 -------- d-----w- C:\DVDTemp

2012-04-25 15:40:13 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder

2012-04-17 12:56:54 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\Foxit Software

.

==================== Find3M ====================

.

2012-04-30 18:11:41 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-30 18:11:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys

2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 13:55:36 14534176 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

.

============= FINISH: 11:02:50.60 ===============

This is the Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/11/2011 6:56:15 AM

System Uptime: 5/16/2012 10:04:00 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0T105W

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | U2E1 | 1734/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 9.182 GiB free.

D: is FIXED (FAT32) - 2 GiB total, 2.003 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 731 GiB total, 213.528 GiB free.

G: is NetworkDisk (NTFS) - 931 GiB total, 393.004 GiB free.

H: is CDROM ()

I: is FIXED (NTFS) - 932 GiB total, 897.553 GiB free.

S: is NetworkDisk (NTFS) - 547 GiB total, 126.417 GiB free.

U: is NetworkDisk (NTFS) - 547 GiB total, 126.417 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

AccelerometerP11

Acrobat.com

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Contribute CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 American English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Digital Editions

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe LiveCycle Designer 7.1

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.2)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AI RoboForm

Amazon Kindle

Android SDK Tools

Apple Application Support

Apple Software Update

Axiom 2012

Axosoft OnTime 2010 Windows

Bamboo Dock

BHODemon 2.0.0.23

BitTyrant

BW Microscope

calibre

CDBurnerXP

ClipX

Color Picker

Connect

Content

Corel Painter 11

Corel Painter 11 - ICA

Corel Painter 11 - IPM

CutePDF Professional 3.3

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DiskAid 5.01

Dropbox

eMedia Piano and Keyboard Method

eReader

Evernote v. 4.5.6

ExtraPutty 0.22

Fiddler2

FlowBreeze Standard 2.5.0.68

Foxit Reader 5.1

Google Chrome

Google Desktop

Google Earth

Google Earth Plug-in

Google Update Helper

High-Definition Video Playback

huey 1.0.5

iConcur Axiom for Word

IconHandler 32 bit

IETester v0.4.10 (remove only)

iExplorer 2.2.1.3

Inkscape 0.48.1

iPhoneBrowser

Java 2 Runtime Environment, SE v1.4.1_07

Java Auto Updater

Java Web Start

Java 6 Update 22

Java 6 Update 31

Java 7

Java SE Development Kit 7

JMicron Flash Media Controller Driver

K-Lite Codec Pack 8.6.0 (Full)

kuler

Langauge

LastPass (uninstall only)

Launchy 2.5

LiveUpdate 3.3 (Symantec Corporation)

Loaris Trojan Remover 1.2

LogMeIn

Magic ISO Maker v5.5 (build 0265)

Malwarebytes Anti-Malware version 1.61.0.1400

Manga Studio EX 4.0

Mesh Runtime

Micro-Measure

Microsoft .NET Compact Framework 1.0 SP3 Developer

Microsoft .NET Compact Framework 2.0

Microsoft Device Emulator version 1.0 - ENU

Microsoft Document Explorer 2005

Microsoft Garage Mouse without Borders

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote 2007

Microsoft Office OneNote 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Project 2007 Service Pack 3 (SP3)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office SharePoint Designer MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft OneNote 2010

Microsoft Robocopy GUI

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Books Online (English) (September 2007)

Microsoft SQL Server 2005 Mobile [ENU] Developer Tools

Microsoft SQL Server 2005 Tools

Microsoft SQL Server Setup Support Files (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio 2005 Premier Partner Edition - ENU

Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)

Microsoft Visual Studio 2005 Professional Edition - ENU

Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)

MotoHelper 2.1.32 Driver 5.2.0

MotoHelper MergeModules

Mozilla Firefox 10.0.1 (x86 en-US)

MSDN Library for Visual Studio 2005

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyLifeOrganized v. 3.6.1

MySQL Tools for 5.0

Nero 11

Nero 11 Disc Menus Basic

Nero 11 Effects Basic

Nero 11 Image Samples

Nero 11 Kwik Themes Basic

Nero 11 PiP Effects Basic

Nero Audio Pack 1

Nero BackItUp 11

Nero BackItUp 11 Help (CHM)

Nero Burning ROM 11

Nero Burning ROM 11 Help (CHM)

Nero ControlCenter 11

Nero ControlCenter 11 Help (CHM)

Nero Core Components 11

Nero CoverDesigner 11

Nero CoverDesigner 11 Help (CHM)

Nero Express 11

Nero Express 11 Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Recode 11

Nero Recode 11 Help (CHM)

Nero RescueAgent 11

Nero RescueAgent 11 Help (CHM)

Nero SoundTrax 11

Nero SoundTrax 11 Help (CHM)

Nero Update

Nero Video 11

Nero Video 11 Help (CHM)

Nero WaveEditor 11

Nero WaveEditor 11 Help (CHM)

nero.prerequisites.msi

NewsBin Pro

Notepad++

NVIDIA Stereoscopic 3D Driver

Octoshape add-in for Adobe Flash Player

openCanvas4.5e Plus

OpenOffice.org 3.3

OutlookTools 2

Pandora

ParetoLogic Data Recovery

PDF Settings CS4

PDFill PDF Editor with FREE PDF Writer and Tools

PDFill PDF Writer

Photoshop Camera Raw

Pixel Bender Toolkit

Plex

Polipo 1.0.4.1

Python 2.6 pycrypto-2.3

Qdabra InfoPath to SharePoint List Tool

QuickTime

RAMDisk

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Recover My Files

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller 1.92

Safari

Saver2

Seagate Dashboard

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)

Send to OneNote 2007

Sharpener Pro 3.0

Skype Toolbars

Skype™ 5.1

Smart Defrag 2

Spybot - Search & Destroy

Spyware Doctor 8.0

Startup Optimizer 1.6

Suite Shared Configuration CS4

SysInfoMyWork

TeamViewer 7

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TopStyle (Version 3)

Tor 0.2.1.30

TreeSize Professional 5.3.4

TuneWiki

U2 PCAM

Unlocker 1.9.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Project 2007 Help (KB963668)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)

Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)

Vector Magic

Velvia Vision

Vertus Fluid Mask 3 2.100.2-RC2

Vidalia 0.2.12

Video Enhancer 1.9.6

VirtualCloneDrive

VLC media player 2.0.1

VMware Workstation

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

welcome

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mesh

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

Windows Resource Kit Tools

WinSCP 4.3.5

WinSnap

WinX DVD Author 5.8

.

==== Event Viewer Messages From Past Week ========

.

5/9/2012 6:35:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

5/16/2012 8:57:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481).

5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596880).

5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition.

5/16/2012 8:42:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2007 (KB2597161).

5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2007 (KB2596917).

5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656405).

5/16/2012 8:41:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290).

5/16/2012 8:41:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).

5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition.

5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596672).

5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597969).

5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597162).

5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).

5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596792).

5/16/2012 10:11:56 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

5/16/2012 10:07:35 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

5/16/2012 10:07:13 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

5/16/2012 10:05:39 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started.

5/16/2012 10:05:39 AM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.

5/16/2012 10:05:26 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/16/2012 10:05:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/16/2012 10:05:13 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/16/2012 10:04:54 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

5/16/2012 10:04:38 AM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver.

5/16/2012 10:04:33 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.

5/15/2012 12:05:17 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.

5/15/2012 1:48:46 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

5/14/2012 5:22:59 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is CALPDC00.

5/14/2012 5:02:19 PM, Error: NetBT [4321] - The name "INRANGE :1d" could not be registered on the interface with IP address 10.1.2.112. The computer with the IP address 10.1.2.20 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

Please advise, thanks in advance for your help.

Best,

Gus

MrCharlie · May 16, 2012

Welcome to the forum.

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.

-------------------------------------------

Also........

Before we proceed further, please uninstall uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

Let me know what you decide to do....MrC

cestmoi1337 · May 16, 2012

I have removed utorrent. Please proceed.

Thanks again,

Gus

MrCharlie · May 16, 2012

OK, here you go........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

cestmoi1337 · May 16, 2012

Mr Carlie,

I followed the instructions but no threats were found. Here is the report:

14:29:33.0653 8924 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

14:29:33.0902 8924 ============================================================

14:29:33.0902 8924 Current date / time: 2012/05/16 14:29:33.0902

14:29:33.0902 8924 SystemInfo:

14:29:33.0902 8924

14:29:33.0902 8924 OS Version: 6.1.7600 ServicePack: 0.0

14:29:33.0902 8924 Product type: Workstation

14:29:33.0902 8924 ComputerName: TRMDU2

14:29:33.0903 8924 UserName: GRevolorio

14:29:33.0903 8924 Windows directory: C:\Windows

14:29:33.0903 8924 System windows directory: C:\Windows

14:29:33.0903 8924 Running under WOW64

14:29:33.0903 8924 Processor architecture: Intel x64

14:29:33.0903 8924 Number of processors: 8

14:29:33.0903 8924 Page size: 0x1000

14:29:33.0903 8924 Boot type: Normal boot

14:29:33.0903 8924 ============================================================

14:29:35.0845 8924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:29:35.0866 8924 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:29:35.0879 8924 Drive \Device\Harddisk2\DR0 - Size: 0x80700000 (2.01 Gb), SectorSize: 0x200, Cylinders: 0x2AD, SectorsPerTrack: 0x20, TracksPerCylinder: 0xC0, Type 'W'

14:29:35.0880 8924 Drive \Device\Harddisk3\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9264F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'

14:29:35.0906 8924 ============================================================

14:29:35.0906 8924 \Device\Harddisk0\DR0:

14:29:35.0906 8924 MBR partitions:

14:29:35.0906 8924 \Device\Harddisk1\DR1:

14:29:35.0906 8924 MBR partitions:

14:29:35.0906 8924 \Device\Harddisk2\DR0:

14:29:35.0906 8924 MBR partitions:

14:29:35.0906 8924 \Device\Harddisk2\DR0\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x4037E0

14:29:35.0906 8924 \Device\Harddisk3\DR2:

14:29:35.0912 8924 MBR partitions:

14:29:35.0912 8924 \Device\Harddisk3\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1

14:29:35.0912 8924 ============================================================

14:29:35.0913 8924 D: <-> \Device\Harddisk2\DR0\Partition0

14:29:35.0925 8924 I: <-> \Device\Harddisk3\DR2\Partition0

14:29:35.0925 8924 ============================================================

14:29:35.0925 8924 Initialize success

14:29:35.0925 8924 ============================================================

14:30:28.0171 7984 ============================================================

14:30:28.0172 7984 Scan started

14:30:28.0172 7984 Mode: Manual; SigCheck; TDLFS;

14:30:28.0172 7984 ============================================================

14:30:28.0362 7984 !SASCORE - ok

14:30:28.0392 7984 1394ohci - ok

14:30:28.0395 7984 Acceler - ok

14:30:28.0397 7984 ACPI - ok

14:30:28.0400 7984 AcpiPmi - ok

14:30:28.0413 7984 adfs - ok

14:30:28.0417 7984 Adobe Version Cue CS4 - ok

14:30:28.0422 7984 AdobeARMservice - ok

14:30:28.0433 7984 AdobeFlashPlayerUpdateSvc - ok

14:30:28.0436 7984 adp94xx - ok

14:30:28.0439 7984 adpahci - ok

14:30:28.0442 7984 adpu320 - ok

14:30:28.0446 7984 AeLookupSvc - ok

14:30:28.0457 7984 AERTFilters - ok

14:30:28.0460 7984 AFD - ok

14:30:28.0463 7984 agp440 - ok

14:30:28.0466 7984 ALG - ok

14:30:28.0468 7984 aliide - ok

14:30:28.0471 7984 amdide - ok

14:30:28.0474 7984 AmdK8 - ok

14:30:28.0477 7984 AmdPPM - ok

14:30:28.0480 7984 amdsata - ok

14:30:28.0483 7984 amdsbs - ok

14:30:28.0485 7984 amdxata - ok

14:30:28.0488 7984 AppID - ok

14:30:28.0491 7984 AppIDSvc - ok

14:30:28.0494 7984 Appinfo - ok

14:30:28.0497 7984 Apple Mobile Device - ok

14:30:28.0500 7984 applebmt - ok

14:30:28.0503 7984 AppMgmt - ok

14:30:28.0505 7984 arc - ok

14:30:28.0508 7984 arcsas - ok

14:30:28.0514 7984 aspnet_state - ok

14:30:28.0516 7984 AsyncMac - ok

14:30:28.0519 7984 atapi - ok

14:30:28.0522 7984 AudioEndpointBuilder - ok

14:30:28.0525 7984 AudioSrv - ok

14:30:28.0528 7984 AxInstSV - ok

14:30:28.0531 7984 b06bdrv - ok

14:30:28.0534 7984 b57nd60a - ok

14:30:28.0538 7984 BDESVC - ok

14:30:28.0541 7984 Beep - ok

14:30:28.0544 7984 BITS - ok

14:30:28.0546 7984 blbdrive - ok

14:30:28.0563 7984 Bonjour Service - ok

14:30:28.0566 7984 bowser - ok

14:30:28.0568 7984 BrFiltLo - ok

14:30:28.0571 7984 BrFiltUp - ok

14:30:28.0574 7984 Browser - ok

14:30:28.0577 7984 Brserid - ok

14:30:28.0580 7984 BrSerWdm - ok

14:30:28.0583 7984 BrUsbMdm - ok

14:30:28.0586 7984 BrUsbSer - ok

14:30:28.0598 7984 BthEnum - ok

14:30:28.0601 7984 BTHMODEM - ok

14:30:28.0604 7984 BthPan - ok

14:30:28.0607 7984 BTHPORT - ok

14:30:28.0610 7984 bthserv - ok

14:30:28.0613 7984 BTHUSB - ok

14:30:28.0617 7984 btwaudio - ok

14:30:28.0620 7984 btwavdt - ok

14:30:28.0623 7984 btwdins - ok

14:30:28.0626 7984 btwl2cap - ok

14:30:28.0629 7984 btwrchid - ok

14:30:28.0632 7984 ccEvtMgr - ok

14:30:28.0635 7984 ccSetMgr - ok

14:30:28.0637 7984 cdfs - ok

14:30:28.0640 7984 cdrom - ok

14:30:28.0643 7984 CertPropSvc - ok

14:30:28.0646 7984 circlass - ok

14:30:28.0649 7984 CLFS - ok

14:30:28.0652 7984 clr_optimization_v2.0.50727_32 - ok

14:30:28.0655 7984 clr_optimization_v2.0.50727_64 - ok

14:30:28.0659 7984 clr_optimization_v4.0.30319_32 - ok

14:30:28.0662 7984 clr_optimization_v4.0.30319_64 - ok

14:30:28.0665 7984 CmBatt - ok

14:30:28.0668 7984 cmdide - ok

14:30:28.0670 7984 CNG - ok

14:30:28.0673 7984 Compbatt - ok

14:30:28.0676 7984 CompositeBus - ok

14:30:28.0679 7984 COMSysApp - ok

14:30:28.0682 7984 crcdisk - ok

14:30:28.0693 7984 CronService - ok

14:30:28.0698 7984 CryptSvc - ok

14:30:28.0700 7984 CSC - ok

14:30:28.0703 7984 CscService - ok

14:30:28.0707 7984 CVirtA - ok

14:30:28.0710 7984 CVPND - ok

14:30:28.0712 7984 CVPNDRVA - ok

14:30:28.0715 7984 dc3d - ok

14:30:28.0720 7984 DcomLaunch - ok

14:30:28.0722 7984 defragsvc - ok

14:30:28.0726 7984 DfsC - ok

14:30:28.0728 7984 Dhcp - ok

14:30:28.0731 7984 discache - ok

14:30:28.0734 7984 Disk - ok

14:30:28.0737 7984 DNE - ok

14:30:28.0739 7984 Dnscache - ok

14:30:28.0743 7984 dot3svc - ok

14:30:28.0745 7984 DPS - ok

14:30:28.0748 7984 drmkaud - ok

14:30:28.0752 7984 DXGKrnl - ok

14:30:28.0755 7984 EapHost - ok

14:30:28.0759 7984 ebdrv - ok

14:30:28.0761 7984 eeCtrl - ok

14:30:28.0764 7984 EFS - ok

14:30:28.0767 7984 ehRecvr - ok

14:30:28.0770 7984 ehSched - ok

14:30:28.0774 7984 ElbyCDIO - ok

14:30:28.0779 7984 elxstor - ok

14:30:28.0796 7984 EraserUtilRebootDrv - ok

14:30:28.0800 7984 ErrDev - ok

14:30:28.0809 7984 EventSystem - ok

14:30:28.0814 7984 exfat - ok

14:30:28.0817 7984 fastfat - ok

14:30:28.0821 7984 Fax - ok

14:30:28.0825 7984 fdc - ok

14:30:28.0829 7984 fdPHost - ok

14:30:28.0833 7984 FDResPub - ok

14:30:28.0837 7984 FileInfo - ok

14:30:28.0840 7984 Filetrace - ok

14:30:28.0844 7984 FLEXnet Licensing Service - ok

14:30:28.0847 7984 FLEXnet Licensing Service 64 - ok

14:30:28.0850 7984 flpydisk - ok

14:30:28.0854 7984 FltMgr - ok

14:30:28.0858 7984 FontCache - ok

14:30:28.0862 7984 FontCache3.0.0.0 - ok

14:30:28.0865 7984 FsDepends - ok

14:30:28.0869 7984 Fs_Rec - ok

14:30:28.0878 7984 fvevol - ok

14:30:28.0882 7984 gagp30kx - ok

14:30:28.0886 7984 GEARAspiWDM - ok

14:30:28.0890 7984 glavcam - ok

14:30:28.0894 7984 GoogleDesktopManager-051210-111108 - ok

14:30:28.0899 7984 gpsvc - ok

14:30:28.0904 7984 gupdate - ok

14:30:28.0908 7984 gupdatem - ok

14:30:28.0912 7984 hcmon - ok

14:30:28.0916 7984 hcw85cir - ok

14:30:28.0920 7984 HdAudAddService - ok

14:30:28.0925 7984 HDAudBus - ok

14:30:28.0929 7984 HidBatt - ok

14:30:28.0934 7984 HidBth - ok

14:30:28.0937 7984 HidIr - ok

14:30:28.0941 7984 hidserv - ok

14:30:28.0944 7984 HidUsb - ok

14:30:28.0947 7984 hkmsvc - ok

14:30:28.0951 7984 HomeGroupListener - ok

14:30:28.0955 7984 HomeGroupProvider - ok

14:30:28.0959 7984 HpSAMD - ok

14:30:28.0963 7984 HTTP - ok

14:30:28.0967 7984 hwpolicy - ok

14:30:28.0971 7984 i8042prt - ok

14:30:28.0975 7984 iaStorV - ok

14:30:28.0979 7984 idsvc - ok

14:30:28.0982 7984 iirsp - ok

14:30:28.0986 7984 IKEEXT - ok

14:30:28.0995 7984 IntcAzAudAddService - ok

14:30:28.0999 7984 intelide - ok

14:30:29.0003 7984 intelppm - ok

14:30:29.0007 7984 IPBusEnum - ok

14:30:29.0011 7984 IpFilterDriver - ok

14:30:29.0015 7984 IPMIDRV - ok

14:30:29.0018 7984 IPNAT - ok

14:30:29.0024 7984 iPod Service - ok

14:30:29.0028 7984 IRENUM - ok

14:30:29.0033 7984 isapnp - ok

14:30:29.0038 7984 iScsiPrt - ok

14:30:29.0042 7984 JMCR - ok

14:30:29.0046 7984 kbdclass - ok

14:30:29.0050 7984 kbdhid - ok

14:30:29.0053 7984 KeyIso - ok

14:30:29.0057 7984 KSecDD - ok

14:30:29.0061 7984 KSecPkg - ok

14:30:29.0065 7984 ksthunk - ok

14:30:29.0068 7984 KtmRm - ok

14:30:29.0072 7984 LanmanServer - ok

14:30:29.0076 7984 LanmanWorkstation - ok

14:30:29.0084 7984 LiveUpdate - ok

14:30:29.0089 7984 lltdio - ok

14:30:29.0094 7984 lltdsvc - ok

14:30:29.0100 7984 lmhosts - ok

14:30:29.0105 7984 LMIGuardianSvc - ok

14:30:29.0111 7984 LMIInfo - ok

14:30:29.0117 7984 LMIMaint - ok

14:30:29.0123 7984 lmimirr - ok

14:30:29.0128 7984 LMIRfsClientNP - ok

14:30:29.0132 7984 LMIRfsDriver - ok

14:30:29.0137 7984 LogMeIn - ok

14:30:29.0142 7984 LSI_FC - ok

14:30:29.0146 7984 LSI_SAS - ok

14:30:29.0150 7984 LSI_SAS2 - ok

14:30:29.0154 7984 LSI_SCSI - ok

14:30:29.0159 7984 luafv - ok

14:30:29.0163 7984 Mcx2Svc - ok

14:30:29.0167 7984 megasas - ok

14:30:29.0171 7984 MegaSR - ok

14:30:29.0175 7984 MMCSS - ok

14:30:29.0179 7984 Modem - ok

14:30:29.0183 7984 monitor - ok

14:30:29.0187 7984 motandroidusb - ok

14:30:29.0211 7984 MotoHelper - ok

14:30:29.0215 7984 mouclass - ok

14:30:29.0218 7984 mouhid - ok

14:30:29.0222 7984 mountmgr - ok

14:30:29.0229 7984 MouseWithoutBordersSvc - ok

14:30:29.0233 7984 mpio - ok

14:30:29.0237 7984 mpsdrv - ok

14:30:29.0241 7984 MRxDAV - ok

14:30:29.0245 7984 mrxsmb - ok

14:30:29.0249 7984 mrxsmb10 - ok

14:30:29.0253 7984 mrxsmb20 - ok

14:30:29.0257 7984 msahci - ok

14:30:29.0260 7984 msdsm - ok

14:30:29.0265 7984 MSDTC - ok

14:30:29.0272 7984 Msfs - ok

14:30:29.0275 7984 mshidkmdf - ok

14:30:29.0279 7984 msisadrv - ok

14:30:29.0283 7984 MSiSCSI - ok

14:30:29.0287 7984 msiserver - ok

14:30:29.0291 7984 MSKSSRV - ok

14:30:29.0294 7984 MSPCLOCK - ok

14:30:29.0298 7984 MSPQM - ok

14:30:29.0302 7984 MsRPC - ok

14:30:29.0307 7984 mssmbios - ok

14:30:29.0311 7984 MSTEE - ok

14:30:29.0315 7984 msvsmon80 - ok

14:30:29.0318 7984 MTConfig - ok

14:30:29.0322 7984 Mup - ok

14:30:29.0325 7984 napagent - ok

14:30:29.0329 7984 NativeWifiP - ok

14:30:29.0333 7984 NAUpdate - ok

14:30:29.0337 7984 NAVENG - ok

14:30:29.0340 7984 NAVEX15 - ok

14:30:29.0344 7984 NBVol - ok

14:30:29.0348 7984 NBVolUp - ok

14:30:29.0351 7984 NDIS - ok

14:30:29.0355 7984 NdisCap - ok

14:30:29.0360 7984 NdisTapi - ok

14:30:29.0365 7984 Ndisuio - ok

14:30:29.0369 7984 NdisWan - ok

14:30:29.0374 7984 NDProxy - ok

14:30:29.0377 7984 Netaapl - ok

14:30:29.0381 7984 NetBIOS - ok

14:30:29.0385 7984 NetBT - ok

14:30:29.0389 7984 Netlogon - ok

14:30:29.0396 7984 Netman - ok

14:30:29.0405 7984 NetMsmqActivator - ok

14:30:29.0410 7984 NetPipeActivator - ok

14:30:29.0414 7984 netprofm - ok

14:30:29.0417 7984 NetTcpActivator - ok

14:30:29.0421 7984 NetTcpPortSharing - ok

14:30:29.0425 7984 NETw5s64 - ok

14:30:29.0428 7984 nfrd960 - ok

14:30:29.0432 7984 NlaSvc - ok

14:30:29.0436 7984 nlsX86cc - ok

14:30:29.0439 7984 Npfs - ok

14:30:29.0443 7984 nsi - ok

14:30:29.0446 7984 nsiproxy - ok

14:30:29.0451 7984 Ntfs - ok

14:30:29.0455 7984 NuidFltr - ok

14:30:29.0458 7984 Null - ok

14:30:29.0462 7984 nusb3hub - ok

14:30:29.0465 7984 nusb3xhc - ok

14:30:29.0468 7984 NVHDA - ok

14:30:29.0472 7984 nvlddmkm - ok

14:30:29.0476 7984 nvraid - ok

14:30:29.0479 7984 nvstor - ok

14:30:29.0483 7984 nvsvc - ok

14:30:29.0487 7984 nv_agp - ok

14:30:29.0490 7984 odserv - ok

14:30:29.0494 7984 ohci1394 - ok

14:30:29.0497 7984 ose - ok

14:30:29.0505 7984 osppsvc - ok

14:30:29.0510 7984 p2pimsvc - ok

14:30:29.0514 7984 p2psvc - ok

14:30:29.0517 7984 Parport - ok

14:30:29.0521 7984 partmgr - ok

14:30:29.0524 7984 PcaSvc - ok

14:30:29.0528 7984 pci - ok

14:30:29.0531 7984 pciide - ok

14:30:29.0535 7984 pcmcia - ok

14:30:29.0539 7984 PCTCore - ok

14:30:29.0543 7984 pctDS - ok

14:30:29.0547 7984 pctEFA - ok

14:30:29.0550 7984 pcw - ok

14:30:29.0553 7984 PEAUTH - ok

14:30:29.0556 7984 PeerDistSvc - ok

14:30:29.0561 7984 PerfHost - ok

14:30:29.0570 7984 pla - ok

14:30:29.0581 7984 PlugPlay - ok

14:30:29.0584 7984 PNRPAutoReg - ok

14:30:29.0587 7984 PNRPsvc - ok

14:30:29.0590 7984 Point64 - ok

14:30:29.0593 7984 PolicyAgent - ok

14:30:29.0597 7984 Power - ok

14:30:29.0600 7984 PptpMiniport - ok

14:30:29.0603 7984 Processor - ok

14:30:29.0608 7984 ProfSvc - ok

14:30:29.0611 7984 ProtectedStorage - ok

14:30:29.0614 7984 Psched - ok

14:30:29.0616 7984 PSI_SVC_2 - ok

14:30:29.0620 7984 PxHlpa64 - ok

14:30:29.0623 7984 qicflt - ok

14:30:29.0627 7984 ql2300 - ok

14:30:29.0630 7984 ql40xx - ok

14:30:29.0634 7984 QWAVE - ok

14:30:29.0637 7984 QWAVEdrv - ok

14:30:29.0640 7984 RAMDiskVE - ok

14:30:29.0643 7984 RasAcd - ok

14:30:29.0646 7984 RasAgileVpn - ok

14:30:29.0649 7984 RasAuto - ok

14:30:29.0652 7984 Rasl2tp - ok

14:30:29.0654 7984 RasMan - ok

14:30:29.0657 7984 RasPppoe - ok

14:30:29.0660 7984 RasSstp - ok

14:30:29.0663 7984 rdbss - ok

14:30:29.0666 7984 rdpbus - ok

14:30:29.0669 7984 RDPCDD - ok

14:30:29.0673 7984 RDPDR - ok

14:30:29.0677 7984 RDPENCDD - ok

14:30:29.0682 7984 RDPREFMP - ok

14:30:29.0687 7984 RDPWD - ok

14:30:29.0690 7984 rdyboost - ok

14:30:29.0695 7984 RemoteAccess - ok

14:30:29.0699 7984 RemoteRegistry - ok

14:30:29.0703 7984 Revoflt - ok

14:30:29.0707 7984 RFCOMM - ok

14:30:29.0710 7984 RpcEptMapper - ok

14:30:29.0715 7984 RpcLocator - ok

14:30:29.0718 7984 RpcSs - ok

14:30:29.0722 7984 rspndr - ok

14:30:29.0725 7984 RTL8167 - ok

14:30:29.0728 7984 s3cap - ok

14:30:29.0731 7984 SamSs - ok

14:30:29.0734 7984 SASDIFSV - ok

14:30:29.0737 7984 SASKUTIL - ok

14:30:29.0740 7984 sbp2port - ok

14:30:29.0745 7984 SCardSvr - ok

14:30:29.0748 7984 scfilter - ok

14:30:29.0751 7984 Schedule - ok

14:30:29.0754 7984 SCPolicySvc - ok

14:30:29.0758 7984 sdAuxService - ok

14:30:29.0761 7984 sdCoreService - ok

14:30:29.0765 7984 SDRSVC - ok

14:30:29.0767 7984 SeagateDashboardService - ok

14:30:29.0770 7984 secdrv - ok

14:30:29.0773 7984 seclogon - ok

14:30:29.0777 7984 SENS - ok

14:30:29.0780 7984 SensrSvc - ok

14:30:29.0784 7984 Serenum - ok

14:30:29.0787 7984 Serial - ok

14:30:29.0790 7984 sermouse - ok

14:30:29.0798 7984 SessionEnv - ok

14:30:29.0801 7984 sffdisk - ok

14:30:29.0804 7984 sffp_mmc - ok

14:30:29.0807 7984 sffp_sd - ok

14:30:29.0810 7984 sfloppy - ok

14:30:29.0815 7984 ShellHWDetection - ok

14:30:29.0818 7984 SiSRaid2 - ok

14:30:29.0821 7984 SiSRaid4 - ok

14:30:29.0826 7984 SmartDefragDriver - ok

14:30:29.0830 7984 Smb - ok

14:30:29.0834 7984 SmcService - ok

14:30:29.0841 7984 SNAC - ok

14:30:29.0845 7984 SNMPTRAP - ok

14:30:29.0848 7984 spldr - ok

14:30:29.0851 7984 Spooler - ok

14:30:29.0853 7984 sppsvc - ok

14:30:29.0856 7984 sppuinotify - ok

14:30:29.0859 7984 SRTSP - ok

14:30:29.0862 7984 SRTSPL - ok

14:30:29.0865 7984 SRTSPX - ok

14:30:29.0868 7984 srv - ok

14:30:29.0870 7984 srv2 - ok

14:30:29.0873 7984 srvnet - ok

14:30:29.0876 7984 SSDPSRV - ok

14:30:29.0880 7984 SstpSvc - ok

14:30:29.0883 7984 stdcfltn - ok

14:30:29.0893 7984 Stereo Service - ok

14:30:29.0897 7984 stexstor - ok

14:30:29.0900 7984 stisvc - ok

14:30:29.0903 7984 storflt - ok

14:30:29.0906 7984 StorSvc - ok

14:30:29.0909 7984 storvsc - ok

14:30:29.0912 7984 swenum - ok

14:30:29.0915 7984 swprv - ok

14:30:29.0917 7984 Symantec AntiVirus - ok

14:30:29.0920 7984 SymEvent - ok

14:30:29.0923 7984 SysMain - ok

14:30:29.0927 7984 TabletInputService - ok

14:30:29.0939 7984 TabletServicePen - ok

14:30:29.0943 7984 TapiSrv - ok

14:30:29.0946 7984 TBS - ok

14:30:29.0949 7984 Tcpip - ok

14:30:29.0951 7984 TCPIP6 - ok

14:30:29.0956 7984 tcpipreg - ok

14:30:29.0961 7984 TDPIPE - ok

14:30:29.0963 7984 TDTCP - ok

14:30:29.0966 7984 tdx - ok

14:30:29.0969 7984 TeamViewer7 - ok

14:30:29.0973 7984 TermDD - ok

14:30:29.0977 7984 TermService - ok

14:30:29.0980 7984 Themes - ok

14:30:29.0983 7984 THREADORDER - ok

14:30:29.0986 7984 TouchServicePen - ok

14:30:29.0988 7984 TrkWks - ok

14:30:29.0991 7984 TrustedInstaller - ok

14:30:29.0996 7984 tssecsrv - ok

14:30:29.0999 7984 tunnel - ok

14:30:30.0002 7984 TurboB - ok

14:30:30.0005 7984 TurboBoost - ok

14:30:30.0008 7984 uagp35 - ok

14:30:30.0011 7984 udfs - ok

14:30:30.0014 7984 ufad-ws60 - ok

14:30:30.0020 7984 UI0Detect - ok

14:30:30.0023 7984 uliagpkx - ok

14:30:30.0026 7984 umbus - ok

14:30:30.0029 7984 UmPass - ok

14:30:30.0033 7984 UmRdpService - ok

14:30:30.0037 7984 UnlockerDriver5 - ok

14:30:30.0040 7984 upnphost - ok

14:30:30.0044 7984 USBAAPL64 - ok

14:30:30.0048 7984 usbccgp - ok

14:30:30.0051 7984 usbcir - ok

14:30:30.0055 7984 usbehci - ok

14:30:30.0058 7984 usbhub - ok

14:30:30.0061 7984 usbohci - ok

14:30:30.0064 7984 usbprint - ok

14:30:30.0067 7984 USBSTOR - ok

14:30:30.0069 7984 usbuhci - ok

14:30:30.0072 7984 usbvideo - ok

14:30:30.0075 7984 UxSms - ok

14:30:30.0078 7984 VaultSvc - ok

14:30:30.0081 7984 VBoxDrv - ok

14:30:30.0084 7984 VBoxNetAdp - ok

14:30:30.0086 7984 VBoxNetFlt - ok

14:30:30.0089 7984 VBoxUSBMon - ok

14:30:30.0093 7984 VClone - ok

14:30:30.0095 7984 vdrvroot - ok

14:30:30.0098 7984 vds - ok

14:30:30.0101 7984 vga - ok

14:30:30.0104 7984 VgaSave - ok

14:30:30.0107 7984 vhdmp - ok

14:30:30.0110 7984 viaide - ok

14:30:30.0113 7984 VMAuthdService - ok

14:30:30.0116 7984 vmbus - ok

14:30:30.0119 7984 VMBusHID - ok

14:30:30.0122 7984 vmci - ok

14:30:30.0125 7984 vmkbd - ok

14:30:30.0128 7984 vmm - ok

14:30:30.0131 7984 VMnetAdapter - ok

14:30:30.0135 7984 VMnetBridge - ok

14:30:30.0139 7984 VMnetDHCP - ok

14:30:30.0143 7984 VMnetuserif - ok

14:30:30.0146 7984 vmusb - ok

14:30:30.0149 7984 VMUSBArbService - ok

14:30:30.0154 7984 VMware NAT Service - ok

14:30:30.0158 7984 vmx86 - ok

14:30:30.0161 7984 volmgr - ok

14:30:30.0163 7984 volmgrx - ok

14:30:30.0166 7984 volsnap - ok

14:30:30.0169 7984 VPCNetS2 - ok

14:30:30.0172 7984 vsmraid - ok

14:30:30.0175 7984 VSS - ok

14:30:30.0178 7984 vstor2-ws60 - ok

14:30:30.0181 7984 vwifibus - ok

14:30:30.0184 7984 vwififlt - ok

14:30:30.0187 7984 vwifimp - ok

14:30:30.0199 7984 W32Time - ok

14:30:30.0203 7984 wacmoumonitor - ok

14:30:30.0206 7984 wacommousefilter - ok

14:30:30.0209 7984 WacomPen - ok

14:30:30.0212 7984 wacomvhid - ok

14:30:30.0215 7984 WANARP - ok

14:30:30.0218 7984 Wanarpv6 - ok

14:30:30.0222 7984 WatAdminSvc - ok

14:30:30.0225 7984 wbengine - ok

14:30:30.0228 7984 WbioSrvc - ok

14:30:30.0231 7984 wcncsvc - ok

14:30:30.0234 7984 WcsPlugInService - ok

14:30:30.0237 7984 Wd - ok

14:30:30.0240 7984 WDC_SAM - ok

14:30:30.0243 7984 Wdf01000 - ok

14:30:30.0246 7984 WdiServiceHost - ok

14:30:30.0249 7984 WdiSystemHost - ok

14:30:30.0252 7984 WebClient - ok

14:30:30.0255 7984 Wecsvc - ok

14:30:30.0258 7984 wercplsupport - ok

14:30:30.0261 7984 WerSvc - ok

14:30:30.0264 7984 WfpLwf - ok

14:30:30.0267 7984 WGX - ok

14:30:30.0270 7984 WIMMount - ok

14:30:30.0276 7984 WinHttpAutoProxySvc - ok

14:30:30.0279 7984 Winmgmt - ok

14:30:30.0282 7984 WinRM - ok

14:30:30.0288 7984 WinUsb - ok

14:30:30.0292 7984 Wlansvc - ok

14:30:30.0295 7984 wlcrasvc - ok

14:30:30.0298 7984 wlidsvc - ok

14:30:30.0302 7984 WmiAcpi - ok

14:30:30.0306 7984 wmiApSrv - ok

14:30:30.0309 7984 WMPNetworkSvc - ok

14:30:30.0313 7984 WPCSvc - ok

14:30:30.0316 7984 WPDBusEnum - ok

14:30:30.0319 7984 ws2ifsl - ok

14:30:30.0323 7984 WSearch - ok

14:30:30.0327 7984 wuauserv - ok

14:30:30.0330 7984 WudfPf - ok

14:30:30.0334 7984 WUDFRd - ok

14:30:30.0337 7984 wudfsvc - ok

14:30:30.0340 7984 WwanSvc - ok

14:30:30.0359 7984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:30:30.0781 7984 \Device\Harddisk0\DR0 - ok

14:30:30.0783 7984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

14:30:31.0461 7984 \Device\Harddisk1\DR1 - ok

14:30:31.0466 7984 MBR (0x1B8) (f06a21302510bdf961217702b21b1bbc) \Device\Harddisk2\DR0

14:30:31.0513 7984 \Device\Harddisk2\DR0 - ok

14:30:31.0515 7984 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR2

14:30:31.0649 7984 \Device\Harddisk3\DR2 - ok

14:30:31.0652 7984 Boot (0x1200) (44588e89264bd22cd4a46d3c6d3982e8) \Device\Harddisk2\DR0\Partition0

14:30:31.0652 7984 \Device\Harddisk2\DR0\Partition0 - ok

14:30:31.0656 7984 Boot (0x1200) (fff57aa4b02c6ca325b81aaa04be2657) \Device\Harddisk3\DR2\Partition0

14:30:31.0657 7984 \Device\Harddisk3\DR2\Partition0 - ok

14:30:31.0658 7984 ============================================================

14:30:31.0658 7984 Scan finished

14:30:31.0658 7984 ============================================================

14:30:31.0668 4324 Detected object count: 0

14:30:31.0668 4324 Actual detected object count: 0

MrCharlie · May 16, 2012

OK, that scan was clean....please do this.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

cestmoi1337 · May 16, 2012

I ran ComboFIx. It ran really quick. WHen I try to post the report I get an error: post_too_long. I zipped the file but can't find the link to attach. Please advise.

Thanks,

Gus

MrCharlie · May 16, 2012

You have to click the 'more reply options" in the right lower corner. MrC

cestmoi1337 · May 16, 2012

Thanks. Attached is the ComboFIx.txt file zipped.

ComboFix.zip

MrCharlie · May 16, 2012

From the log you already ran ComboFix 5 or 6 times???

I need to see all the logs now. MrC

cestmoi1337 · May 16, 2012

That is the only log I have. A couple of months ago I ran it out of curiosity just to see if my computer had any spyware from a coworkers advice. I searched my computer and there are not any other logs.

MrCharlie · May 16, 2012

I take it that the computer is still acting up.

Please do this.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

cestmoi1337 · May 16, 2012

My bad, I found these other log files.

ComboFix2.zip

MrCharlie · May 16, 2012

Run OTL scan as I outlined before and post back the reports. MrC

cestmoi1337 · May 16, 2012

Ran OTL. I di not get the Extra.txt log. This is the OTL.txt:

OTL logfile created on: 5/16/2012 4:22:30 PM - Run 2

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\grevolorio\Desktop

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 10.40 Gb Available Physical Memory | 65.24% Memory free

16.43 Gb Paging File | 11.16 Gb Available in Paging File | 67.89% Paging File free

Paging file location(s): f:\pagefile.sys 512 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 100.00 Gb Total Space | 9.07 Gb Free Space | 9.07% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 2.00 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Drive F: | 731.32 Gb Total Space | 213.52 Gb Free Space | 29.20% Space Free | Partition Type: NTFS

Drive G: | 930.86 Gb Total Space | 393.00 Gb Free Space | 42.22% Space Free | Partition Type: NTFS

Drive I: | 931.51 Gb Total Space | 897.55 Gb Free Space | 96.35% Space Free | Partition Type: NTFS

Drive S: | 546.80 Gb Total Space | 126.41 Gb Free Space | 23.12% Space Free | Partition Type: NTFS

Drive U: | 546.80 Gb Total Space | 126.41 Gb Free Space | 23.12% Space Free | Partition Type: NTFS

Computer Name: TRMDU2 | User Name: GRevolorio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 16:21:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\grevolorio\Desktop\OTL.exe

PRC - [2012/04/17 07:00:00 | 017,458,000 | ---- | M] () -- C:\Program Files (x86)\Google\Update\Install\{306D79A1-33D4-409D-A157-78EACF52FDA9}\GoogleEarth-Win-Bundle-6.2.2.6613.exe

PRC - [2012/04/17 07:00:00 | 014,044,504 | ---- | M] () -- C:\Program Files (x86)\Google\Update\Install\{C27BBDBA-2A67-41B1-B5B7-CD1537159E5C}\GoogleEarth-Win-Plugin-6.2.2.6613.exe

PRC - [2012/03/19 07:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

PRC - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

PRC - [2012/02/27 00:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/01/03 09:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2011/09/22 09:56:34 | 008,528,384 | ---- | M] (mylifeorganized.net) -- C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe

PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

PRC - [2011/05/02 10:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe

PRC - [2011/01/21 13:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe

PRC - [2011/01/17 15:01:57 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe

PRC - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/08/25 13:24:20 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

PRC - [2009/04/01 21:50:28 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

PRC - [2009/04/01 21:50:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2009/04/01 21:50:24 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2009/04/01 21:50:22 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/31 09:27:00 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\MyLifeOrganized.net\MLO\MLOWiFiSync.dll

MOD - [2011/08/23 11:05:15 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/10 20:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll

MOD - [2010/11/10 20:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll

MOD - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe

MOD - [2010/11/10 20:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll

MOD - [2010/11/10 20:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll

MOD - [2010/11/10 20:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll

MOD - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll

MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll

MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll

MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll

MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll

MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 16:45:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2011/08/17 12:37:50 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2005/09/23 04:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)

SRV - [2012/04/30 14:11:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/02/02 10:28:18 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

SRV - [2012/02/02 10:28:11 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)

SRV - [2011/09/19 15:56:20 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)

SRV - [2011/08/17 12:35:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Disabled | Stopped] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)

SRV - [2011/01/21 13:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)

SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/11/08 13:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2010/08/25 13:24:20 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/01 21:50:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2009/04/01 21:50:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2009/04/01 21:50:26 | 000,387,400 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)

SRV - [2009/04/01 21:50:24 | 003,092,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2009/04/01 21:50:24 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2008/12/10 16:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/02/02 10:28:12 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2011/12/01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)

DRV:64bit: - [2011/12/01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)

DRV:64bit: - [2011/11/04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/11 11:04:38 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)

DRV:64bit: - [2010/11/21 10:45:36 | 000,063,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)

DRV:64bit: - [2010/11/11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010/11/11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010/11/11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010/11/11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010/11/11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010/11/11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010/11/11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010/11/11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/09/23 23:24:04 | 000,080,000 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\glavcam.sys -- (glavcam)

DRV:64bit: - [2010/09/17 16:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2010/09/17 16:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2010/08/20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)

DRV:64bit: - [2010/07/01 21:46:56 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)

DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)

DRV:64bit: - [2010/06/22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2010/04/27 18:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/04/27 18:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/03/26 16:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/10/15 22:39:50 | 000,051,712 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt)

DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/01 21:50:28 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)

DRV:64bit: - [2009/04/01 21:50:28 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2009/04/01 21:50:28 | 000,053,968 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WGX64.SYS -- (WGX)

DRV:64bit: - [2009/04/01 21:50:28 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2008/01/28 21:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2008/01/28 20:53:52 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2008/01/28 20:53:52 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2008/01/28 20:53:52 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2007/02/18 01:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)

DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2007/01/29 07:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2010/12/17 11:54:46 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110125.040\EX64.SYS -- (NAVEX15)

DRV - [2010/12/17 11:54:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/12/17 11:54:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/12/17 11:54:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110125.040\ENG64.SYS -- (NAVENG)

DRV - [2010/09/24 12:24:06 | 000,080,000 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\glavcam.sys -- (glavcam)

DRV - [2010/09/17 16:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/04/01 21:50:28 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)

DRV - [2009/04/01 21:50:28 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)

DRV - [2009/04/01 21:50:28 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20120430&user_guid=81ACE6FCD1174E4A929589B2EBDC1283&machine_id=4eeca63955fab3f575293011f1e42dc3&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{15261C5A-E2D7-42B4-AE84-D92AE430C800}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=W-bE44BAgug2WmgXtwah32pownw?q={searchTerms}

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-796845957-725345543-2108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.73.0

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 8118

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, calshr01"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/23 09:30:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/11/18 16:32:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/15 16:36:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/23 09:30:59 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/01/17 15:02:29 | 000,000,000 | ---D | M]

[2012/04/30 14:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Extensions

[2012/04/30 16:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions

[2012/02/15 16:36:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2011/05/23 10:01:09 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2011/07/26 14:38:01 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\LogMeInClient@logmein.com

[2012/01/30 09:55:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\grevolorio\AppData\Roaming\mozilla\Firefox\Profiles\5nju9yau.default\extensions\support@lastpass.com

[2012/04/30 14:26:03 | 000,002,519 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\searchplugins\Search_Results.xml

[2012/04/30 12:57:36 | 000,001,390 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\searchplugins\yahoo-zugo.xml

[2012/04/30 14:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/01/25 14:49:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2012/03/22 12:07:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/02/23 09:30:53 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

[2011/11/18 16:32:53 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK

[2011/08/08 15:36:46 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\GREVOLORIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5NJU9YAU.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

[2012/02/15 16:36:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/09/06 10:55:45 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/15 16:36:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/30 14:26:03 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012/02/15 16:36:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll

CHR - plugin: NPLastPass (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\nplastpass.dll

CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.11.30.1_0\plugin/blackfishietab.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: Do Not Track Plus = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.1.0.327_0\

CHR - Extension: Do Not Track Plus = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.1.0.327_2\

CHR - Extension: Proxy Switchy! = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Bubbles = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\edabkoehdjpemgmneocphgaipmfniboi\1_0\

CHR - Extension: FB Photo Zoom = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\

CHR - Extension: AdBlock = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\

CHR - Extension: FlashBlock = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\

CHR - Extension: LastPass = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\

CHR - Extension: IE Tab = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\

CHR - Extension: Facebook: Cleaner = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ionkkjolnjdkpkenblfdghifhdlgmdgl\1.0_0\

CHR - Extension: Facebook Ads Hider = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\leeebdddeggoocipdjiokmjcpidnmoah\1.2.5_0\

CHR - Extension: Skype Extension = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\

CHR - Extension: Poppit = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: Ghostery = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\2.4.0_0\

CHR - Extension: deviantART muro = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\

CHR - Extension: NotScripts = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\

CHR - Extension: Evernote Web Clipper = C:\Users\grevolorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.3.2_0\

O1 HOSTS File: ([2012/05/16 10:10:02 | 000,442,774 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 zabkat.com

O1 - Hosts: 127.0.0.1 channel-reward-central.com

O1 - Hosts: 127.0.0.1 mgid.com

O1 - Hosts: 127.0.0.1 gift-awardcenter.com

O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp

O1 - Hosts: 127.0.0.1 activation@nero.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 15238 more lines...

O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {D41289F2-69C6-417B-897E-C653D677CBAF} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()

O4 - HKU\S-1-5-21-1085031214-796845957-725345543-2108..\Run: [Google] C:\Users\grevolorio\AppData\Roaming\googleoez.exe ()

O4 - HKU\S-1-5-21-1085031214-796845957-725345543-2108..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-1085031214-796845957-725345543-2108..\Run: [WinSnap] C:\Program Files\WinSnap\WinSnap.exe (NTWind Software)

O4 - Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

O4 - Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

O4 - Startup: C:\Users\delete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

O4 - Startup: C:\Users\delete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk = C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.)

O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()

O4 - Startup: C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyLifeOrganized.lnk = C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe (mylifeorganized.net)

O4 - Startup: C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

O4 - Startup: C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found

O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found

O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)

O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)

O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O15 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..Trusted Domains: calshr01 ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..Trusted Domains: emmarx.com ([reports] http in Trusted sites)

O15 - HKU\S-1-5-21-1085031214-796845957-725345543-2108\..Trusted Domains: localhost ([]http in Local intranet)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.2.20 10.1.2.19

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inrange.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: DhcpNameServer = 10.1.2.20 10.1.2.19

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AFB5A5-9D29-441F-A64B-D2DC0F50AA0C}: DhcpNameServer = 172.16.206.215 172.16.206.215

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/06/07 15:58:27 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ]

O32 - AutoRun File - [2009/04/28 10:57:38 | 000,000,137 | -H-- | M] () - G:\autorun.new -- [ NTFS ]

O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 16:21:38 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\grevolorio\Desktop\OTL.exe

[2012/05/16 14:59:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/05/16 14:57:49 | 004,495,010 | R--- | C] (Swearware) -- C:\Users\grevolorio\Desktop\ComboFix.exe

[2012/05/16 14:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/05/16 14:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/05/16 10:56:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\grevolorio\Desktop\dds.scr

[2012/05/16 10:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0

[2012/05/16 10:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHODemon 2

[2012/05/16 09:40:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\grevolorio\Desktop\HijackThis.exe

[2012/05/15 16:17:47 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Google

[2012/05/15 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Media Player Classic

[2012/05/14 16:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

[2012/05/08 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com

[2012/05/08 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/05/08 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2012/05/07 12:35:59 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Local\Nero_AG

[2012/05/02 14:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover

[2012/05/02 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loaris

[2012/05/02 13:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer

[2012/05/02 13:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Startup Optimizer

[2012/05/01 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\Documents\My Videos

[2012/05/01 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Digiarty

[2012/05/01 09:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author

[2012/05/01 08:36:41 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\Documents\NeroVideo

[2012/05/01 08:36:35 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Local\Nero

[2012/05/01 08:36:32 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Nero

[2012/04/30 17:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero

[2012/04/30 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

[2012/04/30 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2012/04/30 17:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero

[2012/04/30 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/04/30 14:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/04/30 14:26:00 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll

[2012/04/30 14:25:59 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\FreeBurner

[2012/04/30 12:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2012/04/30 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack

[2012/04/30 11:40:38 | 000,000,000 | ---D | C] -- C:\DVDTemp

[2012/04/25 11:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/04/25 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder

[2012/04/17 08:56:54 | 000,000,000 | ---D | C] -- C:\Users\grevolorio\AppData\Roaming\Foxit Software

[2012/01/30 09:55:32 | 014,534,176 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

[2010/11/19 00:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\grevolorio\AppData\Roaming\7za.exe

[249 C:\Users\grevolorio\*.tmp files -> C:\Users\grevolorio\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 16:21:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\grevolorio\Desktop\OTL.exe

[2012/05/16 16:15:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108UA.job

[2012/05/16 15:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/16 15:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/16 15:29:41 | 000,041,318 | ---- | M] () -- C:\Users\grevolorio\Desktop\ComboFix.zip

[2012/05/16 14:57:52 | 004,495,010 | R--- | M] (Swearware) -- C:\Users\grevolorio\Desktop\ComboFix.exe

[2012/05/16 14:30:06 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/16 14:30:06 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/16 14:27:23 | 000,000,939 | ---- | M] () -- C:\Users\grevolorio\Desktop\ERUNT.lnk

[2012/05/16 10:56:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\grevolorio\Desktop\dds.scr

[2012/05/16 10:51:52 | 000,001,023 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk

[2012/05/16 10:44:52 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/05/16 10:44:30 | 000,005,778 | ---- | M] () -- C:\Users\grevolorio\Documents\cc_20120516_104422.reg

[2012/05/16 10:10:02 | 000,442,774 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/16 10:09:52 | 000,789,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/16 10:09:52 | 000,669,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/16 10:09:52 | 000,124,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/16 10:06:45 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/16 10:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/16 09:40:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\grevolorio\Desktop\HijackThis.exe

[2012/05/16 08:51:41 | 003,235,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/16 08:40:18 | 001,903,704 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/05/16 01:15:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108Core.job

[2012/05/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2012/05/15 14:24:55 | 000,057,609 | ---- | M] () -- C:\Users\grevolorio\Desktop\Linda Warnowicz Repurchase Agreement pdf.pdf

[2012/05/14 16:57:22 | 000,002,096 | -H-- | M] () -- C:\Users\grevolorio\Documents\Default.rdp

[2012/05/14 10:43:30 | 000,002,515 | ---- | M] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/05/14 10:43:30 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/05/09 09:25:35 | 000,049,311 | ---- | M] () -- C:\Users\grevolorio\Desktop\INRange.ml

[2012/05/08 16:35:57 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/05/07 17:00:39 | 001,026,560 | ---- | M] () -- C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp

[2012/05/03 16:39:21 | 000,001,931 | ---- | M] () -- C:\Users\grevolorio\Desktop\Pandora (Saver2).lnk

[2012/05/03 16:39:21 | 000,001,018 | ---- | M] () -- C:\Users\grevolorio\Desktop\Pandora (Listen Only).lnk

[2012/05/03 16:39:21 | 000,001,013 | ---- | M] () -- C:\Users\grevolorio\Desktop\Saver2.lnk

[2012/05/02 14:12:37 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk

[2012/05/02 13:42:45 | 000,001,022 | ---- | M] () -- C:\Users\grevolorio\Desktop\Startup Optimizer.lnk

[2012/05/01 09:50:46 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk

[2012/05/01 09:50:46 | 000,000,826 | ---- | M] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk

[2012/04/30 17:22:53 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk

[2012/04/30 17:22:05 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk

[2012/04/30 17:21:04 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk

[2012/04/30 17:20:17 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

[2012/04/30 17:03:31 | 000,442,702 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120516-101002.backup

[2012/04/30 16:31:39 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2012/04/30 14:27:17 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/26 09:17:18 | 000,001,326 | ---- | M] () -- C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2012/04/25 11:54:46 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/04/25 11:42:44 | 022,259,528 | ---- | M] () -- C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe

[2012/04/19 13:51:01 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk

[2012/04/17 08:57:44 | 000,001,184 | ---- | M] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk

[2012/04/17 08:57:44 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk

[2012/04/17 08:39:18 | 000,613,152 | ---- | M] () -- C:\Users\grevolorio\Desktop\Potato_April_2012.pdf

[249 C:\Users\grevolorio\*.tmp files -> C:\Users\grevolorio\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 15:29:41 | 000,041,318 | ---- | C] () -- C:\Users\grevolorio\Desktop\ComboFix.zip

[2012/05/16 14:27:23 | 000,000,939 | ---- | C] () -- C:\Users\grevolorio\Desktop\ERUNT.lnk

[2012/05/16 10:51:52 | 000,001,023 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk

[2012/05/16 10:44:24 | 000,005,778 | ---- | C] () -- C:\Users\grevolorio\Documents\cc_20120516_104422.reg

[2012/05/15 16:17:46 | 000,102,400 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\googleoez.exe

[2012/05/15 14:24:49 | 000,057,609 | ---- | C] () -- C:\Users\grevolorio\Desktop\Linda Warnowicz Repurchase Agreement pdf.pdf

[2012/05/08 16:35:57 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/05/07 17:00:39 | 001,026,560 | ---- | C] () -- C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp

[2012/05/02 14:11:42 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk

[2012/05/02 13:42:45 | 000,001,022 | ---- | C] () -- C:\Users\grevolorio\Desktop\Startup Optimizer.lnk

[2012/05/01 09:50:46 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk

[2012/05/01 09:50:46 | 000,000,826 | ---- | C] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk

[2012/04/30 17:22:53 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk

[2012/04/30 17:22:05 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk

[2012/04/30 17:21:04 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk

[2012/04/30 17:20:17 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

[2012/04/30 12:56:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/04/25 11:54:46 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/04/25 11:42:34 | 022,259,528 | ---- | C] () -- C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe

[2012/04/17 08:57:44 | 000,001,184 | ---- | C] () -- C:\Users\grevolorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk

[2012/04/17 08:57:44 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk

[2012/04/17 08:39:18 | 000,613,152 | ---- | C] () -- C:\Users\grevolorio\Desktop\Potato_April_2012.pdf

[2012/04/02 16:17:38 | 000,040,985 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\a.7z

[2012/02/13 11:49:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/02/13 11:49:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2011/11/15 17:01:39 | 000,000,341 | ---- | C] () -- C:\Windows\KM1Pref.ini

[2011/09/07 08:43:43 | 000,000,192 | -H-- | C] () -- C:\Windows\€nlsPreferences.dat

[2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\rhog2b5.dll

[2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll

[2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll

[2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll

[2011/08/10 10:06:25 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll

[2011/08/10 10:06:25 | 000,000,340 | ---- | C] () -- C:\Windows\SysWow64\ybelu6y.dll

[2011/08/10 10:06:25 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll

[2011/08/10 10:06:25 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll

[2011/08/10 10:06:25 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ubl9clt.dll

[2011/07/13 15:03:12 | 000,222,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/04/25 14:15:22 | 000,054,457 | ---- | C] () -- C:\Windows\SysWow64\jmpumlzrkdsbo.exe

[2011/04/13 11:34:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/04/13 11:34:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/04/13 11:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/04/13 11:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/04/13 11:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/04/11 12:12:24 | 000,008,905 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\0A0E.6B3

[2011/04/11 12:12:21 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini

[2011/04/07 16:42:51 | 000,000,600 | ---- | C] () -- C:\Users\grevolorio\AppData\Roaming\winscp.rnd

[2011/04/07 14:14:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll

[2011/04/05 09:28:17 | 000,004,608 | ---- | C] () -- C:\Users\grevolorio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/02 14:25:53 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\uninstall.dll

[2011/01/25 14:54:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/01/24 16:51:54 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/01/24 16:51:54 | 000,000,008 | RHS- | C] () -- C:\ProgramData\E2DFE9BF5B.sys

[2011/01/18 16:56:05 | 000,000,306 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/01/18 13:03:28 | 000,786,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/18 12:18:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\custmon2k.dll

[2011/01/18 12:18:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\uninstpw.exe

[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

[2011/01/11 12:09:32 | 000,002,762 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/01/11 08:51:02 | 000,203,376 | ---- | C] () -- C:\Windows\SysWow64\jmcricon.dll

[2010/06/15 13:36:37 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll

========== LOP Check ==========

[2011/04/20 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\WTouch

[2012/02/20 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\.Tribler

[2012/03/14 09:11:03 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\5pm-downloader

[2011/05/18 08:23:33 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Axosoft

[2012/05/16 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\BitTyrant

[2011/02/01 13:00:43 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\BreezeTree

[2012/02/15 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\calibre

[2012/02/13 11:31:14 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Canneverbe Limited

[2011/01/21 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1

[2012/05/01 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Digiarty

[2012/01/03 14:48:54 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\DiskAid

[2012/05/16 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Dropbox

[2011/06/14 16:37:28 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\eBookConverter

[2012/05/03 14:07:14 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Foxit Software

[2012/04/30 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\FreeBurner

[2011/02/07 15:34:01 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\GetRightToGo

[2012/03/14 09:41:20 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Graphic.lyAir.524A3AB5801B9AE08DEEB1BA295EDE84BDC333F2.1

[2012/02/06 12:16:30 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\iConcur

[2011/08/12 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\inkscape

[2012/03/07 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\IObit

[2011/09/14 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\JAM Software

[2011/09/14 09:57:51 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Launchy

[2011/08/19 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Leadertech

[2012/03/13 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Motorola

[2011/05/31 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\MySQL

[2011/09/09 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Nik Software

[2011/01/18 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Notepad++

[2012/01/25 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\ooVoo Details

[2012/02/01 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\OpenOffice.org

[2011/09/14 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Pantone

[2011/06/17 14:18:20 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\PDM

[2012/01/03 11:32:46 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\redsn0w

[2012/04/30 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\ScanSoft

[2011/08/19 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Seagate

[2011/01/24 11:01:51 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Smith Micro

[2012/05/15 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\SProxy

[2011/02/11 16:23:13 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\SYSTEMAX Software Development

[2011/07/25 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\TeamViewer

[2012/05/16 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\TeraCopy

[2012/04/25 11:40:13 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder

[2012/02/23 10:45:28 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Wacom

[2012/02/23 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2011/04/07 14:48:12 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\WindSolutions

[2011/01/24 15:31:48 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\WTouch

[2011/08/16 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\grevolorio\AppData\Roaming\Zeon

[2012/05/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2012/04/30 16:31:39 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2011/09/27 15:34:35 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/07/14 16:52:59 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\Synch Projects and Forms.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C8B8CEBD

@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >

MrCharlie · May 16, 2012

Did you run any other programs to fix this infection??

Please do this:

Run OTL

Under the Custom Scans/Fixes

Copy and paste this in: netsvcs

Click the None button on top

Now click on the blue Run Scan button

Post the log it creates.

I'll be away from the forum for a while....... be back asap, MrC

cestmoi1337 · May 16, 2012

Thanks again MrC. This is the log I got after running OTL:

OTL logfile created on: 5/16/2012 5:13:26 PM - Run 3

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\grevolorio\Desktop

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 10.15 Gb Available Physical Memory | 63.72% Memory free

16.43 Gb Paging File | 10.95 Gb Available in Paging File | 66.63% Paging File free

Paging file location(s): f:\pagefile.sys 512 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 100.00 Gb Total Space | 9.04 Gb Free Space | 9.04% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 2.00 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Drive F: | 731.32 Gb Total Space | 213.52 Gb Free Space | 29.20% Space Free | Partition Type: NTFS

Drive G: | 930.86 Gb Total Space | 393.00 Gb Free Space | 42.22% Space Free | Partition Type: NTFS

Drive I: | 931.51 Gb Total Space | 897.55 Gb Free Space | 96.35% Space Free | Partition Type: NTFS

Drive S: | 546.80 Gb Total Space | 126.42 Gb Free Space | 23.12% Space Free | Partition Type: NTFS

Drive U: | 546.80 Gb Total Space | 126.42 Gb Free Space | 23.12% Space Free | Partition Type: NTFS

Computer Name: TRMDU2 | User Name: GRevolorio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

< End of report >

MrCharlie · May 17, 2012

Please do this:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
O2 - BHO: (no name) - {D41289F2-69C6-417B-897E-C653D677CBAF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:Commands
[EMPTYJAVA]
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-----------------------------------

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

cestmoi1337 · May 17, 2012

<div>All processes killed</div>

<div>Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D41289F2-69C6-417B-897E-C653D677CBAF}\ deleted successfully.</div>

<div>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D41289F2-69C6-417B-897E-C653D677CBAF}\ not found.</div>

<div>Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D41289F2-69C6-417B-897E-C653D677CBAF}\ deleted successfully.</div>

<div>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.</div>

<div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.</div>

<div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>

<div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.</div>

<div>========== COMMANDS ==========</div>

<div>[EMPTYJAVA]</div>

<div>User: administrator</div>

<div>User: All Users</div>

<div>User: Default</div>

<div>User: Default User</div>

<div>User: delete</div>

<div>User: grevolorio</div>

<div>->Java cache emptied: 1782154 bytes</div>

<div>User: Public</div>

<div>User: sharepointadmin</div>

<div>Total Java Files Cleaned = 2.00 mb</div>

<div>[EMPTYTEMP]</div>

<div>User: administrator</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div>User: All Users</div>

<div>User: Default</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 33170 bytes</div>

<div>->Flash cache emptied: 56466 bytes</div>

<div>User: Default User</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 0 bytes</div>

<div>->Flash cache emptied: 0 bytes</div>

<div>User: delete</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div>User: grevolorio</div>

<div>->Temp folder emptied: 456226 bytes</div>

<div>->Temporary Internet Files folder emptied: 7327537 bytes</div>

<div>->Java cache emptied: 0 bytes</div>

<div>->FireFox cache emptied: 43678880 bytes</div>

<div>->Google Chrome cache emptied: 18864359 bytes</div>

<div>->Flash cache emptied: 1396462 bytes</div>

<div>User: Public</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>User: sharepointadmin</div>

<div>->Temp folder emptied: 69061 bytes</div>

<div>->Temporary Internet Files folder emptied: 2024020 bytes</div>

<div>->Flash cache emptied: 57030 bytes</div>

<div>%systemdrive% .tmp files removed: 0 bytes</div>

<div>%systemroot% .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div>

<div>Windows Temp folder emptied: 0 bytes</div>

<div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83503 bytes</div>

<div>RecycleBin emptied: 3251928 bytes</div>

<div>Total Files Cleaned = 74.00 mb</div>

<div>OTL by OldTimer - Version 3.2.43.0 log created on 05172012_083836</div>

<div>Files\Folders moved on Reboot...</div>

<div>C:\Users\grevolorio\AppData\Local\Temp\ExchangePerflog_8484fa3109fe5396cfcccd43.dat moved successfully.</div>

<div>C:\Users\grevolorio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div>

<div>File\Folder C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{282E516B-8A2A-4349-B25F-1278EC64C0A5}.tmp not found!</div>

<div>C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{45E331FA-01F3-4ECA-9710-38BDCD408318}.tmp moved successfully.</div>

<div>C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9A0ADA71-887C-46D7-85C9-B9D120F23435}.tmp moved successfully.</div>

<div>C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CCA1E3D4-6641-4C64-A401-69619E39FAD4}.tmp moved successfully.</div>

<div>Registry entries deleted on Reboot...</div>

<div>The ESETonline scanner took about 3 hours to run. It found and cleaned 4 objects and this is the log.txt:</div>

<div>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

</div>

MrCharlie · May 17, 2012

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

cestmoi1337 · May 17, 2012

MrC,

I tried to run RogueKiller but it crashed twice. This is the debug.log

debug.log

MrCharlie · May 17, 2012

Uncheck the MBR button on the right hand column.

Try it again....MrC

cestmoi1337 · May 17, 2012

DOne. This is the report:

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: GRevolorio [Admin rights]

Mode: Scan -- Date: 05/17/2012 12:06:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Google (C:\Users\grevolorio\AppData\Roaming\googleoez.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1085031214-796845957-725345543-2108[...]\Run : Google (C:\Users\grevolorio\AppData\Roaming\googleoez.exe) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 zabkat.com

127.0.0.1 channel-reward-central.com

127.0.0.1 mgid.com

127.0.0.1 gift-awardcenter.com

[...]

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · May 17, 2012

Upload this file to VirusTotal for a free scan, copy back the url for the results:

C:\Users\grevolorio\AppData\Roaming\googleoez.exe

http://www.virustotal.com/

MrC

cestmoi1337 · May 17, 2012

https://www.virustotal.com/file/1ecb11ec03cea0785aabc518ce454d2455a4d09e2a1f139e7a449acbf16984d2/analysis/1337276265/

Please help, computer infected.

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information