Jump to content

Please help, computer infected.


Recommended Posts

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files.

Now download a fresh copy and see if it runs, MrC

Link to post
Share on other sites

  • Replies 98
  • Created
  • Last Reply

Top Posters In This Topic

Clean out temp files.......

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

Let me know, MrC

Link to post
Share on other sites

That folder belongs to ComboFix, don't delete it.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

MrC

Link to post
Share on other sites

Scan for rootkits with GMER Rootkit Scanner

Download GMER Rootkit Scanner from HERE to your desktop.

Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

th_Gmer_initScan.gif

Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

NOTE:

If you cannot run GMER as indicated above, please save a scan from the initial startup scan.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click the gmer.exe file.

The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply

MrC

Link to post
Share on other sites

I thought you had given up on me. Thank you so much!!!

This is the DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0

Run by GRevolorio at 17:01:10 on 2012-05-22

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.16316.10624 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\HitmanPro\hmpsched.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\SysWOW64\nlssrv32.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe

C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Launchy\Launchy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\xplorer2\xplorer2_64.exe

C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\msiexec.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYLIFE~1.LNK - C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~2.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

uPolicies-system: HideLogonScripts = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-system: HideLegacyLogonScripts = 1 (0x1)

dPolicies-system: HideLogonScripts = 1 (0x1)

dPolicies-system: HideLogoffScripts = 1 (0x1)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: calshr01

Trusted Zone: emmarx.com\reports

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 10.1.2.20 10.1.2.19

TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : DhcpNameServer = 10.1.2.20 10.1.2.19

TCP: Interfaces\{29AFB5A5-9D29-441F-A64B-D2DC0F50AA0C} : DhcpNameServer = 172.16.206.215 172.16.206.215

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe

AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

.

============= SERVICES / DRIVERS ===============

.

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-5-22 107848]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-1-21 64512]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-4-1 2440120]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-23 6583160]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-23 528760]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-26 132656]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

R3 RAMDiskVE;RAMDiskVE;C:\Windows\system32\Drivers\RAMDiskVE.sys --> C:\Windows\system32\Drivers\RAMDiskVE.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176]

S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-9-19 17920]

S2 PEVSystemStart;PEVSystemStart;C:\32788R22FWJFW\pev.3XE [2011-6-26 256000]

S2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-5-4 996256]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-25 235624]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]

S3 applebmt;Apple Wireless Mouse;C:\Windows\system32\DRIVERS\applebmt.sys --> C:\Windows\system32\DRIVERS\applebmt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-17 1038088]

S3 glavcam;BW Microscope;C:\Windows\System32\drivers\glavcam.sys [2011-3-2 80000]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-8-23 30192]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-27 98208]

S4 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]

S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]

S4 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-26 366840]

S4 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-26 1150936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

.txt=SigilTXT

.

=============== Created Last 30 ================

.

2012-05-22 18:42:37 110080 ----a-r- C:\Users\grevolorio\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\IconF7A21AF7.exe

2012-05-22 18:42:37 110080 ----a-r- C:\Users\grevolorio\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\IconD7F16134.exe

2012-05-22 18:42:37 110080 ----a-r- C:\Users\grevolorio\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\Icon1226A4C5.exe

2012-05-22 18:42:36 -------- d-----w- C:\sh4ldr

2012-05-22 18:42:36 -------- d-----w- C:\Program Files\Enigma Software Group

2012-05-22 18:41:35 -------- d-----w- C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP

2012-05-22 15:50:09 -------- d-----w- C:\ProgramData\RegRun

2012-05-22 14:03:59 -------- d-----w- C:\Program Files\HitmanPro

2012-05-22 14:03:38 -------- d-----w- C:\ProgramData\HitmanPro

2012-05-17 12:46:12 -------- d-----w- C:\Program Files (x86)\ESET

2012-05-17 12:38:36 -------- d-----w- C:\_OTL

2012-05-10 18:32:56 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 18:32:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 18:32:51 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 18:32:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 18:32:51 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 18:32:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 18:32:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-08 20:36:19 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com

2012-05-07 16:35:59 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero_AG

2012-05-07 12:33:21 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{366E680E-86A9-4541-9805-3C4E03346FB7}\mpengine.dll

2012-05-02 18:11:38 -------- d-----w- C:\Program Files (x86)\Loaris

2012-05-02 17:42:44 -------- d-----w- C:\Program Files (x86)\Startup Optimizer

2012-05-01 13:50:56 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\Digiarty

2012-05-01 12:36:35 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero

2012-04-30 21:18:45 -------- d-----w- C:\ProgramData\Nero

2012-04-30 21:11:25 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys

2012-04-30 21:11:03 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys

2012-04-30 21:11:03 -------- d-----w- C:\Program Files (x86)\Nero

2012-04-30 21:10:22 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2012-04-30 21:10:22 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2012-04-30 21:10:22 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll

2012-04-30 21:09:04 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2012-04-30 21:07:49 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-04-30 21:06:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2012-04-30 21:05:14 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll

2012-04-30 21:03:51 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll

2012-04-30 19:17:29 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-04-30 18:26:03 -------- d-----w- C:\ProgramData\boost_interprocess

2012-04-30 18:26:00 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll

2012-04-30 18:26:00 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL

2012-04-30 18:26:00 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL

2012-04-30 18:26:00 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX

2012-04-30 18:25:59 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL

2012-04-30 18:25:59 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL

2012-04-30 18:25:59 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\FreeBurner

2012-04-30 16:56:36 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-04-30 16:56:33 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-04-30 15:40:38 -------- d-----w- C:\DVDTemp

2012-04-25 15:40:13 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder

.

==================== Find3M ====================

.

2012-05-22 14:31:29 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-05-22 14:31:29 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2012-05-22 14:31:29 34688 ----a-w- C:\Windows\System32\LMIport.dll

2012-04-30 18:11:41 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-30 18:11:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys

2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 13:55:36 14534176 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

.

============= FINISH: 17:01:54.46 ===============

and the attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/11/2011 6:56:15 AM

System Uptime: 5/22/2012 3:23:25 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0T105W

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | U2E1 | 1734/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 2.6 GiB free.

D: is FIXED (FAT32) - 2 GiB total, 2.003 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 731 GiB total, 210.566 GiB free.

H: is CDROM ()

I: is FIXED (NTFS) - 932 GiB total, 897.54 GiB free.

K: is CDROM (CDFS)

L: is Removable

U: is NetworkDisk (NTFS) - 547 GiB total, 119.561 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP321: 5/17/2012 - Scheduled Checkpoint

RP322: 5/17/2012 2:44:43 PM - Revo Uninstaller's restore point - BHODemon 2.0.0.23

RP323: 5/22/2012 2:41:42 PM - Installed SpyHunter

RP324: 5/22/2012 3:30:21 PM - Revo Uninstaller's restore point - Loaris Trojan Remover 1.2

RP325: 5/22/2012 4:53:51 PM - Revo Uninstaller's restore point - Adobe Acrobat X Pro - English, Français, Deutsch

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AccelerometerP11

Acrobat.com

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Contribute CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 American English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Digital Editions

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe LiveCycle Designer 7.1

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.2)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AI RoboForm

Amazon Kindle

Android SDK Tools

Apple Application Support

Apple Software Update

Axiom 2012

Axosoft OnTime 2010 Windows

Bamboo Dock

BW Microscope

calibre

CDBurnerXP

ClipX

Color Picker

Connect

Content

Corel Painter 11

Corel Painter 11 - ICA

Corel Painter 11 - IPM

CutePDF Professional 3.3

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DiskAid 5.01

Dropbox

eMedia Piano and Keyboard Method

eReader

ERUNT 1.1j

ESET Online Scanner v3

Evernote v. 4.5.6

ExtraPutty 0.22

Fiddler2

FlowBreeze Standard 2.5.0.68

Foxit Reader 5.1

Google Chrome

Google Desktop

Google Earth

Google Earth Plug-in

Google Update Helper

High-Definition Video Playback

huey 1.0.5

iConcur Axiom for Word

IconHandler 32 bit

IETester v0.4.10 (remove only)

iExplorer 2.2.1.3

Inkscape 0.48.1

iPhoneBrowser

Java 2 Runtime Environment, SE v1.4.1_07

Java Auto Updater

Java Web Start

Java 6 Update 22

Java 6 Update 31

Java 7

Java SE Development Kit 7

JMicron Flash Media Controller Driver

K-Lite Codec Pack 8.6.0 (Full)

kuler

Langauge

LastPass (uninstall only)

Launchy 2.5

LiveUpdate 3.3 (Symantec Corporation)

LogMeIn

Magic ISO Maker v5.5 (build 0265)

Malwarebytes Anti-Malware version 1.61.0.1400

Manga Studio EX 4.0

Mesh Runtime

Micro-Measure

Microsoft .NET Compact Framework 1.0 SP3 Developer

Microsoft .NET Compact Framework 2.0

Microsoft Device Emulator version 1.0 - ENU

Microsoft Document Explorer 2005

Microsoft Garage Mouse without Borders

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote 2007

Microsoft Office OneNote 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Project 2007 Service Pack 3 (SP3)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office SharePoint Designer MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft OneNote 2010

Microsoft Robocopy GUI

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Books Online (English) (September 2007)

Microsoft SQL Server 2005 Mobile [ENU] Developer Tools

Microsoft SQL Server 2005 Tools

Microsoft SQL Server Setup Support Files (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio 2005 Premier Partner Edition - ENU

Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)

Microsoft Visual Studio 2005 Professional Edition - ENU

Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)

MotoHelper 2.1.32 Driver 5.2.0

MotoHelper MergeModules

Mozilla Firefox 10.0.1 (x86 en-US)

MSDN Library for Visual Studio 2005

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyLifeOrganized v. 3.6.1

MySQL Tools for 5.0

Nero 11

Nero 11 Disc Menus Basic

Nero 11 Effects Basic

Nero 11 Image Samples

Nero 11 Kwik Themes Basic

Nero 11 PiP Effects Basic

Nero Audio Pack 1

Nero BackItUp 11

Nero BackItUp 11 Help (CHM)

Nero Burning ROM 11

Nero Burning ROM 11 Help (CHM)

Nero ControlCenter 11

Nero ControlCenter 11 Help (CHM)

Nero Core Components 11

Nero CoverDesigner 11

Nero CoverDesigner 11 Help (CHM)

Nero Express 11

Nero Express 11 Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Recode 11

Nero Recode 11 Help (CHM)

Nero RescueAgent 11

Nero RescueAgent 11 Help (CHM)

Nero SoundTrax 11

Nero SoundTrax 11 Help (CHM)

Nero Update

Nero Video 11

Nero Video 11 Help (CHM)

Nero WaveEditor 11

Nero WaveEditor 11 Help (CHM)

nero.prerequisites.msi

NewsBin Pro

Notepad++

NVIDIA Stereoscopic 3D Driver

Octoshape add-in for Adobe Flash Player

openCanvas4.5e Plus

OpenOffice.org 3.3

OutlookTools 2

Pandora

ParetoLogic Data Recovery

PDF Settings CS4

PDFill PDF Editor with FREE PDF Writer and Tools

PDFill PDF Writer

Photoshop Camera Raw

Pixel Bender Toolkit

Plex

Polipo 1.0.4.1

Python 2.6 pycrypto-2.3

Qdabra InfoPath to SharePoint List Tool

QuickTime

RAMDisk

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Recover My Files

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller 1.92

Safari

Saver2

Seagate Dashboard

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)

Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)

Send to OneNote 2007

Sharpener Pro 3.0

Skype Toolbars

Skype™ 5.1

Smart Defrag 2

Spybot - Search & Destroy

Spyware Doctor 8.0

Startup Optimizer 1.6

Suite Shared Configuration CS4

SysInfoMyWork

TeamViewer 7

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TopStyle (Version 3)

Tor 0.2.1.30

TreeSize Professional 5.3.4

TuneWiki

U2 PCAM

Unlocker 1.9.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Project 2007 Help (KB963668)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)

Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)

Vector Magic

Velvia Vision

Vertus Fluid Mask 3 2.100.2-RC2

Vidalia 0.2.12

Video Enhancer 1.9.6

VirtualCloneDrive

VLC media player 2.0.1

VMware Workstation

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

welcome

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mesh

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

Windows Resource Kit Tools

WinSCP 4.3.5

WinSnap

WinX DVD Author 5.8

.

==== Event Viewer Messages From Past Week ========

.

5/22/2012 3:43:26 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

5/22/2012 3:43:13 PM, Error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).

5/22/2012 3:43:03 PM, Error: Service Control Manager [7034] - The Seagate Dashboard Service service terminated unexpectedly. It has done this 1 time(s).

5/22/2012 3:42:44 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

5/22/2012 3:31:16 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

5/22/2012 3:26:42 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

5/22/2012 3:25:00 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started.

5/22/2012 3:25:00 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.

5/22/2012 3:24:52 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

5/22/2012 3:24:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/22/2012 3:24:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the PEVSystemStart service to connect.

5/22/2012 3:24:42 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/22/2012 3:24:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/22/2012 3:24:21 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

5/22/2012 3:24:14 PM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver.

5/22/2012 10:31:25 AM, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s).

5/22/2012 10:23:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

5/22/2012 10:23:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

5/22/2012 1:46:55 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

5/22/2012 1:33:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

5/22/2012 1:32:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/22/2012 1:32:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/22/2012 1:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/22/2012 1:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/22/2012 1:31:59 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/22/2012 1:31:59 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/22/2012 1:31:59 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/22/2012 1:31:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

5/22/2012 1:31:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl ElbyCDIO SASDIFSV SASKUTIL spldr SRTSP SRTSPX VBoxDrv VBoxUSBMon vmm Wanarpv6

5/22/2012 1:31:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:50:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:20:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/21/2012 11:20:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/21/2012 11:19:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX tdx VBoxDrv VBoxUSBMon vmm vwififlt Wanarpv6 WfpLwf ws2ifsl

5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/21/2012 11:18:43 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.

5/21/2012 11:00:07 AM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

5/21/2012 10:26:16 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/21/2012 10:25:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/21/2012 1:28:28 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

5/21/2012 1:28:28 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

5/21/2012 1:28:23 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

5/18/2012 4:50:19 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.

5/17/2012 4:12:51 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

5/17/2012 12:03:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

5/17/2012 1:36:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user INRANGE\GRevolorio SID (S-1-5-21-1085031214-796845957-725345543-2108) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/17/2012 1:36:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user INRANGE\GRevolorio SID (S-1-5-21-1085031214-796845957-725345543-2108) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/16/2012 8:57:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481).

5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596880).

5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition.

5/16/2012 8:42:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2007 (KB2597161).

5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2007 (KB2596917).

5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656405).

5/16/2012 8:41:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290).

5/16/2012 8:41:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).

5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition.

5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596672).

5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597969).

5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597162).

5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).

5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596792).

5/15/2012 12:05:17 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.

5/15/2012 1:48:46 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

.

==== End Of File ===========================

Link to post
Share on other sites

Please do this:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Link to post
Share on other sites

Done. This is the log:

Scan result of Farbar Recovery Scan Tool Version: 23-05-2012

Ran by SYSTEM at 23-05-2012 14:15:55

Running from H:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet004

========================== Registry (Whitelisted) =============

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-09-17] (LogMeIn, Inc.)

HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-01-03] (Adobe Systems Inc.)

HKLM-x32\...\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKU\administrator\...\Run: [Google Update] "C:\Users\grevolorio\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-17] (Google Inc.)

HKU\administrator\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15028104 2011-01-03] (Skype Technologies S.A.)

HKU\administrator\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)

HKU\administrator\...\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [5735369 2011-04-11] ()

HKU\administrator\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [16184 2011-01-17] (Siber Systems)

HKU\administrator\...\Run: [F.lux] "C:\Users\grevolorio\Local Settings\Apps\F.lux\flux.exe" /noshow [x]

HKU\administrator\...\Run: [OpAgent] "C:\Program Files (x86)\ScanSoft\OmniPage15\OpAgent.exe" /agent [x]

HKU\administrator\...\Policies\system: [HideLegacyLogonScripts] 1

HKU\administrator\...\Policies\system: [HideLogonScripts] 1

HKU\administrator\...\Policies\system: [HideLogoffScripts] 1

HKU\delete\...\Run: [Google Update] "C:\Users\grevolorio\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-17] (Google Inc.)

HKU\delete\...\Policies\system: [HideLegacyLogonScripts] 1

HKU\delete\...\Policies\system: [HideLogonScripts] 1

HKU\delete\...\Policies\system: [HideLogoffScripts] 1

HKU\grevolorio\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [16184 2011-01-17] (Siber Systems)

HKU\grevolorio\...\Run: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup [665608 2011-03-01] (NTWind Software)

HKU\grevolorio\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)

HKU\grevolorio\...\Policies\system: [HideLogonScripts] 1

HKU\sharepointadmin\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.1.2.20 10.1.2.19

AppInit_DLLs:

Tcpip\..\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: [NameServer]208.67.222.222,208.67.220.220

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)

3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)

2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-04-01] (Symantec Corporation)

2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-04-01] (Symantec Corporation)

4 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)

2 CVPND; "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.)

3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2011-08-17] (Acresso Software Inc.)

3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-08-23] (Google)

2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [107848 2012-05-22] (SurfRight B.V.)

3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2008-12-10] (Symantec Corporation)

2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-22] (LogMeIn, Inc.)

2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-22] (LogMeIn, Inc.)

2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-11-08] (LogMeIn, Inc.)

4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()

2 MouseWithoutBordersSvc; "C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe" [17920 2011-09-19] (Microsoft)

2 nlsX86cc; C:\Windows\SysWow64\nlssrv32.exe [64512 2011-01-21] (Nalpeiron Ltd.)

4 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)

4 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)

2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3092296 2009-04-01] (Symantec Corporation)

3 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [387400 2009-04-01] (Symantec Corporation)

2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [2440120 2009-04-01] (Symantec Corporation)

2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [6583160 2011-09-08] (Wacom Technology, Corp.)

2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2666880 2012-03-19] (TeamViewer GmbH)

2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [528760 2011-09-08] (Wacom Technology, Corp.)

2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 C:\32788R22FWJFW\KNetSvcs.vbs [x]

2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [x]

3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]

2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)

3 applebmt; C:\Windows\System32\Drivers\applebmt.sys [51712 2009-10-15] (Apple Inc.)

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA64.sys [14992 2010-02-08] (Cisco Systems, Inc.)

3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()

3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-12-17] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-12-17] (Symantec Corporation)

3 glavcam; C:\Windows\System32\Drivers\glavcam.sys [80000 2010-09-23] (Windows ® Codename Longhorn DDK provider)

3 glavcam; C:\Windows\SysWow64\Drivers\glavcam.sys [80000 2010-09-24] (Windows ® Codename Longhorn DDK provider)

2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-09-17] (LogMeIn, Inc.)

3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-09-17] (LogMeIn, Inc.)

2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-09-17] (LogMeIn, Inc.)

3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)

3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110125.040\ENG64.SYS [117880 2010-12-17] (Symantec Corporation)

3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110125.040\EX64.SYS [1791096 2010-12-17] (Symantec Corporation)

0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-12-01] (Nero AG)

0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-12-01] (Nero AG)

0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)

0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)

0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)

3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation)

3 qicflt; C:\Windows\System32\Drivers\qicflt.sys [29288 2010-07-01] (Quanta Computer)

3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [63696 2010-11-21] ()

3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()

1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-04-01] (Symantec Corporation)

3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480304 2009-04-01] (Symantec Corporation)

1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-04-01] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2011-01-11] (Symantec Corporation)

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()

3 VPCNetS2; C:\Windows\System32\DRIVERS\VMNetSrv.sys [79760 2007-01-29] (Microsoft Corporation)

2 vstor2-ws60; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)

3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2011-09-08] (Wacom Technology)

3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2007-02-16] (Wacom Technology)

3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2011-09-08] (Wacom Technology)

2 WGX; C:\Windows\System32\Drivers\WGX64.SYS [53968 2009-04-01] (Symantec Corporation)

4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-23 07:00 - 2012-05-23 07:00 - 0000162 ___AH C:\Users\grevolorio\Documents\~$S Template.dotx

2012-05-23 06:13 - 2012-05-23 06:14 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster

2012-05-23 06:13 - 2012-05-23 06:13 - 0001079 ____A C:\Users\grevolorio\Desktop\SpywareBlaster.lnk

2012-05-23 06:11 - 2012-05-23 06:12 - 0000000 ____D C:\Users\grevolorio\Desktop\Download

2012-05-23 06:11 - 2012-05-23 06:11 - 0001181 ____A C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk

2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Lunarsoft

2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Program Files (x86)\Lunarsoft

2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____D C:\Users\grevolorio\Desktop\backups

2012-05-23 05:44 - 2012-05-23 05:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\grevolorio\Desktop\HijackThis.exe

2012-05-22 12:18 - 2012-05-22 12:18 - 0030281 ____A C:\Users\grevolorio\Desktop\logs.zip

2012-05-22 12:16 - 2012-05-22 12:16 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.com

2012-05-22 11:06 - 2012-05-22 11:06 - 0000579 ____A C:\rkill.log

2012-05-22 10:51 - 2012-05-22 10:51 - 0138120 ____A (ESET) C:\Users\grevolorio\Desktop\ESETSirefefRemover.exe

2012-05-22 10:42 - 2012-05-23 05:10 - 0000000 ____D C:\sh4ldr

2012-05-22 10:42 - 2012-05-22 10:42 - 0000000 ____D C:\Program Files\Enigma Software Group

2012-05-22 10:41 - 2012-05-23 05:10 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP

2012-05-22 09:29 - 2012-05-22 09:28 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\Users\grevolorio\Desktop\SpyHunter-Installer.exe

2012-05-22 07:50 - 2012-05-22 07:50 - 0000000 ____D C:\Users\All Users\RegRun

2012-05-22 06:23 - 2012-05-22 06:24 - 0043394 ____A C:\TDSSKiller.2.7.36.0_22.05.2012_10.23.51_log.txt

2012-05-22 06:23 - 2012-05-22 06:23 - 0000348 ____A C:\TDSSKiller.2.7.35.0_22.05.2012_10.23.05_log.txt

2012-05-22 06:03 - 2012-05-22 12:48 - 0000000 ____D C:\Program Files\HitmanPro

2012-05-22 06:03 - 2012-05-22 06:04 - 0000000 ____D C:\Users\All Users\HitmanPro

2012-05-22 06:02 - 2012-05-22 06:02 - 8298672 ____A (SurfRight B.V.) C:\Users\grevolorio\Desktop\HitmanPro36_x64.exe

2012-05-22 05:55 - 2012-05-22 05:58 - 0000263 ____A C:\Users\grevolorio\Desktop\AntiZeroAccess_Log.txt

2012-05-22 05:52 - 2012-05-22 05:52 - 0187464 ____A (Webroot) C:\Users\grevolorio\Desktop\antizeroaccess.exe

2012-05-22 04:52 - 2012-05-22 04:52 - 0302592 ____A C:\Users\grevolorio\Desktop\odupruxo.exe

2012-05-21 12:40 - 2012-05-22 06:23 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\grevolorio\Desktop\TDSSKiller.exe

2012-05-21 06:12 - 2012-05-21 06:12 - 0446464 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\TFC.exe

2012-05-18 07:21 - 2012-05-18 07:21 - 0000512 ____A C:\Users\grevolorio\Desktop\MBR.dat

2012-05-18 07:17 - 2012-05-18 07:17 - 4731392 ____A (AVAST Software) C:\Users\grevolorio\Desktop\aswMBR.exe

2012-05-18 06:48 - 2012-05-18 06:48 - 0059154 ____A C:\Users\grevolorio\Desktop\cmbfix.png

2012-05-18 06:43 - 2012-05-21 05:24 - 4500115 ____R (Swearware) C:\Users\grevolorio\Desktop\ComboFix.exe

2012-05-18 04:56 - 2012-05-18 04:57 - 0041912 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.56.54_log.txt

2012-05-18 04:37 - 2012-05-18 04:46 - 0081286 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.37.34_log.txt

2012-05-17 11:17 - 2012-05-22 09:43 - 2721556 ____A C:\Windows\ntbtlog.txt

2012-05-17 10:31 - 2012-05-17 10:31 - 0001715 ____A C:\Users\grevolorio\Desktop\RKreport[3].txt

2012-05-17 07:20 - 2012-05-22 06:26 - 0000000 ____D C:\Users\grevolorio\Desktop\RK_Quarantine

2012-05-17 07:18 - 2012-05-22 06:24 - 1454080 ____A C:\Users\grevolorio\Desktop\RogueKiller.exe

2012-05-17 04:41 - 2012-05-23 09:59 - 0001120 ____A C:\Windows\setupact.log

2012-05-17 04:41 - 2012-05-23 05:03 - 0038998 ____A C:\Windows\PFRO.log

2012-05-17 04:41 - 2012-05-17 04:41 - 0000000 ____A C:\Windows\setuperr.log

2012-05-17 04:38 - 2012-05-17 04:38 - 0000000 ____D C:\_OTL

2012-05-16 12:32 - 2012-05-16 13:13 - 0003458 ____A C:\Users\grevolorio\Desktop\OTL.Txt

2012-05-16 12:21 - 2012-05-16 12:21 - 0595456 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\OTL.exe

2012-05-16 11:29 - 2012-05-18 05:35 - 0042974 ____A C:\Users\grevolorio\Desktop\ComboFix.zip

2012-05-16 10:29 - 2012-05-16 10:57 - 0043052 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_14.29.33_log.txt

2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\sharepointadmin\Desktop\ERUNT.lnk

2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\grevolorio\Desktop\ERUNT.lnk

2012-05-16 10:27 - 2012-05-16 10:27 - 0000000 ____D C:\Program Files (x86)\ERUNT

2012-05-16 06:56 - 2012-05-16 06:56 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.scr

2012-05-16 06:44 - 2012-05-16 06:44 - 0005778 ____A C:\Users\grevolorio\Documents\cc_20120516_104422.reg

2012-05-16 06:10 - 2012-04-30 13:03 - 0442702 ____A C:\Windows\System32\Drivers\etc\hosts.20120516-101002.backup

2012-05-15 12:17 - 2012-05-15 12:17 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Google

2012-05-15 07:57 - 2012-05-16 06:39 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Media Player Classic

2012-05-10 10:33 - 2012-04-01 21:34 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-10 10:33 - 2012-04-01 20:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-10 10:33 - 2012-04-01 20:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-10 10:33 - 2012-04-01 19:01 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-10 10:33 - 2012-03-02 22:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2012-05-10 10:33 - 2012-03-02 22:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-05-10 10:33 - 2012-03-02 22:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2012-05-10 10:33 - 2012-03-02 22:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2012-05-10 10:33 - 2012-03-02 22:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2012-05-10 10:33 - 2012-03-02 21:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2012-05-10 10:33 - 2012-03-02 21:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-05-10 10:33 - 2012-03-02 21:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2012-05-10 10:33 - 2012-03-02 21:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2012-05-10 10:33 - 2012-03-02 21:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2012-05-10 10:32 - 2012-03-30 03:09 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-05-10 10:32 - 2012-03-16 23:55 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-05-08 12:36 - 2012-05-08 12:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com

2012-05-08 12:35 - 2012-05-22 11:08 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-05-07 13:00 - 2012-05-07 13:00 - 1026560 ____A C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp

2012-05-07 08:35 - 2012-05-07 08:35 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero_AG

2012-05-02 10:11 - 2012-05-22 11:33 - 0000000 ____D C:\Program Files (x86)\Loaris

2012-05-02 09:42 - 2012-05-02 09:45 - 0000000 ____D C:\Program Files (x86)\Startup Optimizer

2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\sharepointadmin\Desktop\Startup Optimizer.lnk

2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\grevolorio\Desktop\Startup Optimizer.lnk

2012-05-01 05:50 - 2012-05-01 05:50 - 0000826 ____A C:\Users\Public\Desktop\WinX DVD Author.lnk

2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\Documents\My Videos

2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Digiarty

2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\Documents\NeroVideo

2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Nero

2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero

2012-04-30 13:22 - 2012-04-30 13:22 - 0002797 ____A C:\Users\Public\Desktop\Nero Video 11.lnk

2012-04-30 13:22 - 2012-04-30 13:22 - 0002143 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk

2012-04-30 13:21 - 2012-04-30 13:21 - 0002783 ____A C:\Users\Public\Desktop\Nero BackItUp 11.lnk

2012-04-30 13:20 - 2012-04-30 13:20 - 0002843 ____A C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

2012-04-30 13:18 - 2012-04-30 13:24 - 0000000 ____D C:\Users\All Users\Nero

2012-04-30 13:11 - 2012-04-30 13:24 - 0000000 ____D C:\Program Files (x86)\Nero

2012-04-30 13:11 - 2011-12-01 07:42 - 0072240 ____A (Nero AG) C:\Windows\System32\Drivers\NBVol.sys

2012-04-30 13:11 - 2011-12-01 07:42 - 0015920 ____A (Nero AG) C:\Windows\System32\Drivers\NBVolUp.sys

2012-04-30 13:10 - 2010-05-26 07:41 - 1868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2012-04-30 13:10 - 2010-05-26 07:41 - 0470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2012-04-30 13:10 - 2010-05-26 07:41 - 0248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2012-04-30 13:09 - 2009-09-04 13:29 - 1974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-04-30 13:07 - 2009-09-04 13:29 - 1892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2012-04-30 13:06 - 2008-10-15 02:22 - 4379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2012-04-30 13:05 - 2007-07-19 14:14 - 3727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2012-04-30 13:03 - 2007-05-16 12:45 - 3497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2012-04-30 13:02 - 2006-03-31 08:40 - 2388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2012-04-30 11:17 - 2012-04-30 11:46 - 0000000 ____D C:\Program Files (x86)\Trend Micro

2012-04-30 11:17 - 2012-04-30 11:17 - 0002127 ____A C:\Users\sharepointadmin\Desktop\HijackThis.lnk

2012-04-30 10:26 - 2012-04-30 10:26 - 0000000 ____D C:\Users\All Users\boost_interprocess

2012-04-30 10:26 - 2011-09-28 05:20 - 0119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL

2012-04-30 10:26 - 2011-09-28 05:20 - 0115920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX

2012-04-30 10:26 - 2011-09-28 05:20 - 0040960 ____A (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll

2012-04-30 10:26 - 2011-09-28 05:20 - 0015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL

2012-04-30 10:25 - 2012-04-30 10:26 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\FreeBurner

2012-04-30 10:25 - 2011-09-28 05:20 - 0141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL

2012-04-30 10:25 - 2011-09-28 05:20 - 0032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL

2012-04-30 08:56 - 2012-04-30 08:58 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack

2012-04-30 08:56 - 2011-03-02 03:43 - 0175616 ____A C:\Windows\SysWOW64\unrar.dll

2012-04-30 07:44 - 2012-04-30 07:44 - 17357434 ____A ( ) C:\Users\grevolorio\Downloads\K-Lite_Codec_Pack_860_Full.exe

2012-04-30 07:40 - 2012-04-30 07:40 - 0000000 ____D C:\DVDTemp

2012-04-30 07:38 - 2012-04-30 07:38 - 7213444 ____A (www.minidvdsoft.com ) C:\Users\grevolorio\Downloads\freedvdcreator.exe

2012-04-25 12:30 - 2012-04-25 12:30 - 1997353 ____A C:\Users\grevolorio\Downloads\Saver2Setup.exe

2012-04-25 07:54 - 2012-04-25 07:54 - 0001100 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-04-25 07:42 - 2012-04-25 07:42 - 22259528 ____A C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe

2012-04-25 07:40 - 2012-04-25 07:40 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder

============ 3 Months Modified Files and Folders =============

2012-05-23 14:16 - 2012-05-23 14:15 - 0000000 ____D C:\FRST

2012-05-23 10:07 - 2011-01-11 03:58 - 1865368 ____A C:\Windows\WindowsUpdate.log

2012-05-23 10:07 - 2009-07-13 20:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-05-23 10:07 - 2009-07-13 20:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-05-23 10:05 - 2011-08-04 05:50 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-05-23 10:05 - 2011-01-17 08:58 - 0000000 ___RD C:\Users\grevolorio\Dropbox

2012-05-23 10:05 - 2011-01-17 08:56 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Dropbox

2012-05-23 10:05 - 2009-07-13 21:13 - 0789722 ____A C:\Windows\System32\PerfStringBackup.INI

2012-05-23 10:01 - 2011-01-26 13:58 - 0322933 ____A C:\Windows\System32\inst.log

2012-05-23 10:00 - 2011-01-18 09:02 - 0000000 ____D C:\Users\All Users\VMware

2012-05-23 10:00 - 2011-01-11 04:58 - 0000000 ____D C:\Users\All Users\NVIDIA

2012-05-23 10:00 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-05-23 09:59 - 2012-05-17 04:41 - 0001120 ____A C:\Windows\setupact.log

2012-05-23 09:48 - 2012-04-13 06:29 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-05-23 09:44 - 2011-08-04 05:50 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-05-23 09:15 - 2011-01-17 09:59 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108UA.job

2012-05-23 07:06 - 2011-01-19 11:36 - 0000000 ___RD C:\Users\grevolorio\Documents\1-Projects

2012-05-23 07:00 - 2012-05-23 07:00 - 0000162 ___AH C:\Users\grevolorio\Documents\~$S Template.dotx

2012-05-23 06:14 - 2012-05-23 06:13 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster

2012-05-23 06:13 - 2012-05-23 06:13 - 0001079 ____A C:\Users\grevolorio\Desktop\SpywareBlaster.lnk

2012-05-23 06:12 - 2012-05-23 06:11 - 0000000 ____D C:\Users\grevolorio\Desktop\Download

2012-05-23 06:11 - 2012-05-23 06:11 - 0001181 ____A C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk

2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Lunarsoft

2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Program Files (x86)\Lunarsoft

2012-05-23 05:57 - 2009-07-13 20:45 - 3235848 ____A C:\Windows\System32\FNTCACHE.DAT

2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____D C:\Users\grevolorio\Desktop\backups

2012-05-23 05:44 - 2012-05-23 05:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\grevolorio\Desktop\HijackThis.exe

2012-05-23 05:10 - 2012-05-22 10:42 - 0000000 ____D C:\sh4ldr

2012-05-23 05:10 - 2012-05-22 10:41 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP

2012-05-23 05:03 - 2012-05-17 04:41 - 0038998 ____A C:\Windows\PFRO.log

2012-05-23 04:53 - 2011-01-17 08:53 - 0000000 ____D C:\Users\All Users\LogMeIn

2012-05-22 21:15 - 2011-01-17 09:59 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108Core.job

2012-05-22 14:00 - 2011-10-20 07:04 - 0000476 ____A C:\Windows\Tasks\ParetoLogic Registration.job

2012-05-22 12:48 - 2012-05-22 06:03 - 0000000 ____D C:\Program Files\HitmanPro

2012-05-22 12:18 - 2012-05-22 12:18 - 0030281 ____A C:\Users\grevolorio\Desktop\logs.zip

2012-05-22 12:16 - 2012-05-22 12:16 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.com

2012-05-22 12:16 - 2011-02-14 13:20 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\TeraCopy

2012-05-22 11:33 - 2012-05-02 10:11 - 0000000 ____D C:\Program Files (x86)\Loaris

2012-05-22 11:09 - 2011-04-28 04:49 - 0000000 ____D C:\Program Files\SUPERAntiSpyware

2012-05-22 11:08 - 2012-05-08 12:35 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-05-22 11:06 - 2012-05-22 11:06 - 0000579 ____A C:\rkill.log

2012-05-22 10:51 - 2012-05-22 10:51 - 0138120 ____A (ESET) C:\Users\grevolorio\Desktop\ESETSirefefRemover.exe

2012-05-22 10:42 - 2012-05-22 10:42 - 0000000 ____D C:\Program Files\Enigma Software Group

2012-05-22 09:43 - 2012-05-17 11:17 - 2721556 ____A C:\Windows\ntbtlog.txt

2012-05-22 09:28 - 2012-05-22 09:29 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\Users\grevolorio\Desktop\SpyHunter-Installer.exe

2012-05-22 07:50 - 2012-05-22 07:50 - 0000000 ____D C:\Users\All Users\RegRun

2012-05-22 06:32 - 2011-01-17 08:53 - 0000000 ____D C:\Program Files (x86)\LogMeIn

2012-05-22 06:31 - 2011-01-17 08:53 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll

2012-05-22 06:31 - 2011-01-17 08:53 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll

2012-05-22 06:31 - 2011-01-17 08:53 - 0034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll

2012-05-22 06:26 - 2012-05-17 07:20 - 0000000 ____D C:\Users\grevolorio\Desktop\RK_Quarantine

2012-05-22 06:24 - 2012-05-22 06:23 - 0043394 ____A C:\TDSSKiller.2.7.36.0_22.05.2012_10.23.51_log.txt

2012-05-22 06:24 - 2012-05-17 07:18 - 1454080 ____A C:\Users\grevolorio\Desktop\RogueKiller.exe

2012-05-22 06:23 - 2012-05-22 06:23 - 0000348 ____A C:\TDSSKiller.2.7.35.0_22.05.2012_10.23.05_log.txt

2012-05-22 06:23 - 2012-05-21 12:40 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\grevolorio\Desktop\TDSSKiller.exe

2012-05-22 06:04 - 2012-05-22 06:03 - 0000000 ____D C:\Users\All Users\HitmanPro

2012-05-22 06:02 - 2012-05-22 06:02 - 8298672 ____A (SurfRight B.V.) C:\Users\grevolorio\Desktop\HitmanPro36_x64.exe

2012-05-22 05:58 - 2012-05-22 05:55 - 0000263 ____A C:\Users\grevolorio\Desktop\AntiZeroAccess_Log.txt

2012-05-22 05:52 - 2012-05-22 05:52 - 0187464 ____A (Webroot) C:\Users\grevolorio\Desktop\antizeroaccess.exe

2012-05-22 04:58 - 2011-01-18 08:14 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Paint.NET

2012-05-22 04:52 - 2012-05-22 04:52 - 0302592 ____A C:\Users\grevolorio\Desktop\odupruxo.exe

2012-05-21 12:21 - 2011-01-20 06:15 - 0000000 ____D C:\Users\grevolorio\.VirtualBox

2012-05-21 12:18 - 2011-09-09 07:48 - 0000000 ____D C:\Users\grevolorio\AppData\Local\VMware

2012-05-21 12:18 - 2011-01-20 08:44 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\VMware

2012-05-21 12:10 - 2011-10-10 06:49 - 0000000 ____D C:\Windows\System32\FxsTmp

2012-05-21 07:40 - 2011-01-24 14:02 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\TeamViewer

2012-05-21 06:23 - 2009-07-13 21:08 - 0032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-21 06:12 - 2012-05-21 06:12 - 0446464 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\TFC.exe

2012-05-21 06:03 - 2012-03-15 12:57 - 0000000 ____D C:\Users\grevolorio\Desktop\Backup

2012-05-21 06:03 - 2011-04-25 11:25 - 0049321 ____A C:\Users\grevolorio\Desktop\INRange.ml

2012-05-21 05:24 - 2012-05-18 06:43 - 4500115 ____R (Swearware) C:\Users\grevolorio\Desktop\ComboFix.exe

2012-05-21 04:49 - 2011-04-13 07:28 - 0000000 ____D C:\Qoobox

2012-05-18 07:21 - 2012-05-18 07:21 - 0000512 ____A C:\Users\grevolorio\Desktop\MBR.dat

2012-05-18 07:17 - 2012-05-18 07:17 - 4731392 ____A (AVAST Software) C:\Users\grevolorio\Desktop\aswMBR.exe

2012-05-18 06:48 - 2012-05-18 06:48 - 0059154 ____A C:\Users\grevolorio\Desktop\cmbfix.png

2012-05-18 05:35 - 2012-05-16 11:29 - 0042974 ____A C:\Users\grevolorio\Desktop\ComboFix.zip

2012-05-18 04:57 - 2012-05-18 04:56 - 0041912 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.56.54_log.txt

2012-05-18 04:46 - 2012-05-18 04:37 - 0081286 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.37.34_log.txt

2012-05-17 12:16 - 2011-11-18 12:32 - 0000000 ____D C:\Program Files (x86)\Fiddler2

2012-05-17 12:04 - 2011-01-27 07:17 - 0000000 ____D C:\Users\grevolorio\Documents\CMO Stuff

2012-05-17 11:19 - 2011-10-28 11:03 - 0442303 ____N C:\Windows\System32\Drivers\etc\hosts

2012-05-17 10:31 - 2012-05-17 10:31 - 0001715 ____A C:\Users\grevolorio\Desktop\RKreport[3].txt

2012-05-17 04:46 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files

2012-05-17 04:41 - 2012-05-17 04:41 - 0000000 ____A C:\Windows\setuperr.log

2012-05-17 04:38 - 2012-05-17 04:38 - 0000000 ____D C:\_OTL

2012-05-16 13:13 - 2012-05-16 12:32 - 0003458 ____A C:\Users\grevolorio\Desktop\OTL.Txt

2012-05-16 12:21 - 2012-05-16 12:21 - 0595456 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\OTL.exe

2012-05-16 10:57 - 2012-05-16 10:29 - 0043052 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_14.29.33_log.txt

2012-05-16 10:28 - 2011-04-13 07:29 - 0000000 ____D C:\Windows\ERDNT

2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\sharepointadmin\Desktop\ERUNT.lnk

2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\grevolorio\Desktop\ERUNT.lnk

2012-05-16 10:27 - 2012-05-16 10:27 - 0000000 ____D C:\Program Files (x86)\ERUNT

2012-05-16 09:55 - 2011-11-15 05:48 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\BitTyrant

2012-05-16 06:56 - 2012-05-16 06:56 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.scr

2012-05-16 06:44 - 2012-05-16 06:44 - 0005778 ____A C:\Users\grevolorio\Documents\cc_20120516_104422.reg

2012-05-16 06:44 - 2012-04-13 10:28 - 0000856 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-05-16 06:44 - 2012-04-13 10:28 - 0000000 ____D C:\Program Files\CCleaner

2012-05-16 06:39 - 2012-05-15 07:57 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Media Player Classic

2012-05-16 06:39 - 2011-04-25 12:42 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-05-16 05:42 - 2011-01-17 06:32 - 0000000 ____D C:\Users\grevolorio\AppData\Local\VirtualStore

2012-05-16 04:42 - 2011-01-11 05:21 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-05-16 04:40 - 2011-04-26 06:04 - 1903704 ____A C:\Windows\System32\Drivers\Cat.DB

2012-05-16 04:37 - 2011-10-10 06:49 - 0000000 ____D C:\Program Files\Windows Journal

2012-05-15 13:00 - 2011-03-16 06:13 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\SProxy

2012-05-15 12:17 - 2012-05-15 12:17 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Google

2012-05-14 12:57 - 2008-07-28 10:02 - 0002096 ___AH C:\Users\grevolorio\Documents\Default.rdp

2012-05-14 06:43 - 2011-04-25 04:33 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk

2012-05-14 06:43 - 2011-04-25 04:33 - 0000000 ____D C:\Program Files (x86)\Safari

2012-05-10 10:36 - 2011-01-17 09:18 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Microsoft Help

2012-05-09 05:48 - 2011-03-21 13:02 - 0000000 ____D C:\Program Files (x86)\Saver2

2012-05-09 04:36 - 2011-01-18 12:38 - 0000000 ____D C:\Users\grevolorio\Documents\SQL Server Management Studio

2012-05-08 12:36 - 2012-05-08 12:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com

2012-05-07 13:00 - 2012-05-07 13:00 - 1026560 ____A C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp

2012-05-07 08:35 - 2012-05-07 08:35 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero_AG

2012-05-07 04:37 - 2011-01-11 07:47 - 0000000 ____D C:\Users\All Users\Microsoft Help

2012-05-03 12:39 - 2011-07-13 11:19 - 0001018 ____A C:\Users\grevolorio\Desktop\Pandora (Listen Only).lnk

2012-05-03 12:39 - 2011-03-21 13:03 - 0001013 ____A C:\Users\grevolorio\Desktop\Saver2.lnk

2012-05-03 10:07 - 2012-04-17 04:56 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Foxit Software

2012-05-02 09:45 - 2012-05-02 09:42 - 0000000 ____D C:\Program Files (x86)\Startup Optimizer

2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\sharepointadmin\Desktop\Startup Optimizer.lnk

2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\grevolorio\Desktop\Startup Optimizer.lnk

2012-05-01 05:50 - 2012-05-01 05:50 - 0000826 ____A C:\Users\Public\Desktop\WinX DVD Author.lnk

2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\Documents\My Videos

2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Digiarty

2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\Documents\NeroVideo

2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Nero

2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero

2012-04-30 13:24 - 2012-04-30 13:18 - 0000000 ____D C:\Users\All Users\Nero

2012-04-30 13:24 - 2012-04-30 13:11 - 0000000 ____D C:\Program Files (x86)\Nero

2012-04-30 13:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors

2012-04-30 13:22 - 2012-04-30 13:22 - 0002797 ____A C:\Users\Public\Desktop\Nero Video 11.lnk

2012-04-30 13:22 - 2012-04-30 13:22 - 0002143 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk

2012-04-30 13:21 - 2012-04-30 13:21 - 0002783 ____A C:\Users\Public\Desktop\Nero BackItUp 11.lnk

2012-04-30 13:20 - 2012-04-30 13:20 - 0002843 ____A C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

2012-04-30 13:03 - 2012-05-16 06:10 - 0442702 ____A C:\Windows\System32\Drivers\etc\hosts.20120516-101002.backup

2012-04-30 12:31 - 2011-10-20 07:01 - 0000450 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job

2012-04-30 11:46 - 2012-04-30 11:17 - 0000000 ____D C:\Program Files (x86)\Trend Micro

2012-04-30 11:17 - 2012-04-30 11:17 - 0002127 ____A C:\Users\sharepointadmin\Desktop\HijackThis.lnk

2012-04-30 10:59 - 2011-09-14 10:45 - 0000000 ____D C:\Program Files (x86)\IObit

2012-04-30 10:55 - 2011-08-16 06:14 - 0000000 ____D C:\Program Files (x86)\ScanSoft

2012-04-30 10:54 - 2011-08-16 06:14 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\ScanSoft

2012-04-30 10:53 - 2011-08-16 06:14 - 0000000 ____D C:\Users\All Users\ScanSoft

2012-04-30 10:40 - 2011-01-17 06:32 - 0000000 ____D C:\Users\grevolorio\AppData\LocalLow

2012-04-30 10:38 - 2011-01-17 06:32 - 0000000 ____D C:\users\grevolorio

2012-04-30 10:27 - 2012-03-15 05:10 - 0001143 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-04-30 10:27 - 2011-04-05 12:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-30 10:26 - 2012-04-30 10:26 - 0000000 ____D C:\Users\All Users\boost_interprocess

2012-04-30 10:26 - 2012-04-30 10:25 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\FreeBurner

2012-04-30 10:11 - 2012-04-13 06:28 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-04-30 10:11 - 2011-05-20 12:09 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-04-30 08:58 - 2012-04-30 08:56 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack

2012-04-30 07:44 - 2012-04-30 07:44 - 17357434 ____A ( ) C:\Users\grevolorio\Downloads\K-Lite_Codec_Pack_860_Full.exe

2012-04-30 07:40 - 2012-04-30 07:40 - 0000000 ____D C:\DVDTemp

2012-04-30 07:38 - 2012-04-30 07:38 - 7213444 ____A (www.minidvdsoft.com ) C:\Users\grevolorio\Downloads\freedvdcreator.exe

2012-04-27 09:45 - 2011-03-09 08:33 - 0000000 ____D C:\Users\grevolorio\AppData\Local\CutePDF Writer

2012-04-25 12:30 - 2012-04-25 12:30 - 1997353 ____A C:\Users\grevolorio\Downloads\Saver2Setup.exe

2012-04-25 08:05 - 2011-03-18 05:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\vlc

2012-04-25 07:54 - 2012-04-25 07:54 - 0001100 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-04-25 07:42 - 2012-04-25 07:42 - 22259528 ____A C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe

2012-04-25 07:40 - 2012-04-25 07:40 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder

2012-04-23 05:07 - 2011-01-17 07:31 - 0139952 ____A C:\Users\grevolorio\AppData\Local\GDIPFONTCACHEV1.DAT

2012-04-19 10:22 - 2012-04-19 09:47 - 0000000 ____D C:\Users\grevolorio\Downloads\John_Lindsay_-_Emails_from_an_A__hole_Real_People_Being_Stupid

2012-04-19 10:07 - 2012-04-19 10:06 - 1264198 ____A C:\Users\grevolorio\Downloads\wheresjason-1280x800.jpg

2012-04-19 09:58 - 2011-06-09 10:02 - 0000000 ____D C:\Users\grevolorio\Calibre Library

2012-04-19 09:50 - 2011-06-09 10:01 - 0000000 ____D C:\Program Files (x86)\Calibre2

2012-04-19 09:49 - 2012-04-19 09:49 - 46847336 ____A C:\Users\grevolorio\Downloads\calibre-0.8.47.msi

2012-04-19 09:46 - 2012-04-19 09:47 - 1447867 ____A C:\Users\grevolorio\Downloads\John_Lindsay_-_Emails_from_an_A__hole_Real_People_Being_Stupid.rar

2012-04-17 04:57 - 2012-04-17 04:57 - 0001160 ____A C:\Users\Public\Desktop\Foxit Reader 5.1.lnk

2012-04-17 04:50 - 2012-04-17 04:50 - 8864476 ____A C:\Users\grevolorio\Documents\Potato_April_2012.doc

2012-04-17 04:39 - 2012-04-17 04:39 - 0613152 ____A C:\Users\grevolorio\Documents\Potato_April_2012.pdf

2012-04-13 10:30 - 2012-04-13 10:30 - 0025798 ____A C:\Users\grevolorio\Documents\cc_20120413_143028.reg

2012-04-13 10:28 - 2011-01-11 06:49 - 0000000 ____D C:\Windows\Panther

2012-04-13 09:45 - 2011-01-18 09:03 - 0786306 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-04-10 07:34 - 2012-04-09 11:41 - 0000000 ____D C:\Users\grevolorio\Documents\My Kindle Content

2012-04-09 11:41 - 2012-04-09 11:41 - 0002028 ____A C:\Users\grevolorio\Desktop\Kindle.lnk

2012-04-09 11:41 - 2012-04-09 11:41 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Amazon

2012-04-09 11:41 - 2012-04-09 11:41 - 0000000 ____D C:\Program Files (x86)\Amazon

2012-04-09 11:21 - 2011-10-28 11:03 - 0000602 ___RA C:\Windows\System32\Drivers\etc\hosts.20120430-151620.backup

2012-04-09 06:02 - 2012-04-09 06:02 - 0085647 ____A C:\Users\grevolorio\Documents\C7djl.jpg

2012-04-06 06:07 - 2012-04-06 06:07 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Plex

2012-04-06 06:06 - 2012-04-06 06:06 - 0000000 ____D C:\Program Files (x86)\Plex

2012-04-06 06:05 - 2012-04-06 06:05 - 43715544 ____A (Plex, Inc.) C:\Users\grevolorio\Documents\Plex-Media-Center-0.9.5.2.1.exe

2012-04-04 11:56 - 2011-04-05 12:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-04-04 08:03 - 2012-04-04 08:03 - 0262656 ____A C:\Users\grevolorio\Documents\IHPPS LTCH 2012 Final Rule OHA Summary.doc

2012-04-02 12:17 - 2012-04-02 12:17 - 0040985 ____A C:\Users\grevolorio\AppData\Roaming\a.7z

2012-04-02 06:45 - 2012-04-02 06:45 - 0001817 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-04-02 06:45 - 2012-04-02 06:45 - 0000000 ____D C:\Program Files\iTunes

2012-04-02 06:45 - 2012-04-02 06:45 - 0000000 ____D C:\Program Files\iPod

2012-04-02 06:45 - 2012-03-12 04:48 - 0000000 ____D C:\Program Files (x86)\iTunes

2012-04-01 21:34 - 2012-05-10 10:33 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-04-01 20:46 - 2012-05-10 10:33 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-04-01 20:46 - 2012-05-10 10:33 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-01 19:01 - 2012-05-10 10:33 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-03-30 03:09 - 2012-05-10 10:32 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-03-29 10:15 - 2012-03-29 10:15 - 0607260 ____A (Swearware) C:\Users\grevolorio\Downloads\dds.scr

2012-03-22 08:06 - 2011-01-18 08:23 - 0000000 ____D C:\Program Files (x86)\Java

2012-03-22 07:03 - 2012-03-22 07:03 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Macroplant

2012-03-22 07:02 - 2012-03-22 07:02 - 0000000 ____D C:\Program Files (x86)\iExplorer

2012-03-16 23:55 - 2012-05-10 10:32 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-03-16 06:47 - 2012-03-16 06:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services

2012-03-16 06:46 - 2012-03-16 06:46 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-03-16 06:46 - 2011-01-11 07:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Office

2012-03-16 06:45 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared

2012-03-16 06:44 - 2011-01-11 07:49 - 0000000 ____D C:\Program Files\Microsoft Office

2012-03-16 05:18 - 2012-03-16 05:17 - 0000000 ___SD C:\Users\grevolorio\SharePoint Sites

2012-03-16 05:07 - 2012-03-07 12:50 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Facebook

2012-03-15 13:09 - 2011-01-18 07:55 - 0000000 ____D C:\Users\grevolorio\Documents\MyLifeOrganized

2012-03-15 12:58 - 2012-03-15 13:09 - 0039958 ____A C:\Users\grevolorio\Desktop\INRange.ml.ver23.bak

2012-03-15 12:56 - 2012-03-15 12:56 - 0001181 ____A C:\Users\Public\Desktop\MLO.lnk

2012-03-15 12:56 - 2011-01-28 10:36 - 0000000 ____D C:\Program Files (x86)\MyLifeOrganized.net

2012-03-14 05:41 - 2011-07-20 07:24 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Graphic.lyAir.524A3AB5801B9AE08DEEB1BA295EDE84BDC333F2.1

2012-03-14 05:23 - 2011-07-20 07:15 - 0000000 ____D C:\Program Files (x86)\Graphic.ly AIR

2012-03-14 05:21 - 2011-06-08 08:01 - 0000000 ____D C:\Program Files (x86)\eBookConverter

2012-03-14 05:11 - 2011-09-28 07:30 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\5pm-downloader

2012-03-14 05:06 - 2012-02-13 07:48 - 0000000 ____D C:\Users\All Users\Lavasoft

2012-03-13 06:23 - 2012-03-13 06:23 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Motorola

2012-03-12 05:30 - 2011-01-24 13:50 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Apple Computer

2012-03-12 05:12 - 2012-03-12 05:09 - 0000000 ____D C:\Saved Music

2012-03-12 05:11 - 2011-01-18 08:11 - 0000000 ____D C:\Program Files (x86)\Notepad++

2012-03-12 05:07 - 2012-02-13 07:49 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat

2012-03-12 05:07 - 2012-02-13 07:49 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat

2012-03-12 05:06 - 2012-03-12 05:06 - 0000000 __SHD C:\Windows\System32\%APPDATA%

2012-03-07 07:45 - 2012-03-07 07:45 - 5480448 ____A C:\Windows\System32\config\DEFAULT.iobit

2012-03-07 07:45 - 2012-03-07 07:45 - 39219200 ____A C:\Windows\System32\config\SYSTEM.iobit

2012-03-07 07:45 - 2012-03-07 07:45 - 121745408 ____A C:\Windows\System32\config\SOFTWARE.iobit

2012-03-07 07:45 - 2012-03-07 07:45 - 0036864 ____A C:\Windows\System32\config\SECURITY.iobit

2012-03-07 07:45 - 2012-03-07 07:45 - 0036864 ____A C:\Windows\System32\config\SAM.iobit

2012-03-07 07:30 - 2012-03-07 07:30 - 0000000 ____D C:\Users\All Users\IObit

2012-03-07 07:29 - 2011-09-14 10:45 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\IObit

2012-03-05 06:23 - 2012-02-29 10:00 - 0202296 ____A C:\Users\grevolorio\Documents\DFS Template.dotx

2012-03-02 22:29 - 2012-05-10 10:33 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2012-03-02 22:29 - 2012-05-10 10:33 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-03-02 22:29 - 2012-05-10 10:33 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2012-03-02 22:29 - 2012-05-10 10:33 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2012-03-02 22:29 - 2012-05-10 10:33 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2012-03-02 21:40 - 2012-05-10 10:33 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2012-03-02 21:40 - 2012-05-10 10:33 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-03-02 21:40 - 2012-05-10 10:33 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2012-03-02 21:40 - 2012-05-10 10:33 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2012-03-02 21:40 - 2012-05-10 10:33 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2012-03-02 10:10 - 2011-01-19 15:47 - 0000000 ____D C:\Users\grevolorio\Documents\Images and Logos

2012-03-01 06:06 - 2009-01-09 11:49 - 0048051 ____A C:\Users\grevolorio\Documents\SRS Template.dotx

2012-02-29 22:54 - 2012-04-13 06:33 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-02-29 22:45 - 2012-04-13 06:33 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-02-29 22:40 - 2012-04-13 06:33 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-02-29 22:35 - 2012-04-13 06:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-02-29 21:49 - 2012-04-13 06:33 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-02-29 21:45 - 2012-04-13 06:33 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-02-29 21:40 - 2012-04-13 06:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-02-29 11:23 - 2011-02-01 07:27 - 0039248 ____A C:\bar.emf

2012-02-29 05:52 - 2009-01-09 09:12 - 0268800 ____A C:\Users\grevolorio\Documents\SRS.doc

2012-02-27 23:34 - 2012-04-13 06:44 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-02-27 23:02 - 2012-04-13 06:44 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-02-27 22:56 - 2012-04-13 06:44 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-02-27 22:50 - 2012-04-13 06:44 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-02-27 22:49 - 2012-04-13 06:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-02-27 22:48 - 2012-04-13 06:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-02-27 22:48 - 2012-04-13 06:44 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-02-27 22:47 - 2012-04-13 06:44 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-02-27 22:45 - 2012-04-13 06:44 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-02-27 22:43 - 2012-04-13 06:45 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-02-27 22:43 - 2012-04-13 06:44 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-02-27 22:42 - 2012-04-13 06:45 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-02-27 22:39 - 2012-04-13 06:44 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-02-27 17:52 - 2012-04-13 06:44 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-02-27 17:27 - 2012-04-13 06:44 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-02-27 17:18 - 2012-04-13 06:44 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-02-27 17:12 - 2012-04-13 06:44 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-02-27 17:11 - 2012-04-13 06:44 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-02-27 17:11 - 2012-04-13 06:44 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-02-27 17:09 - 2012-04-13 06:44 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-02-27 17:08 - 2012-04-13 06:44 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-02-27 17:06 - 2012-04-13 06:44 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-02-27 17:04 - 2012-04-13 06:44 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-02-27 17:03 - 2012-04-13 06:45 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-02-27 17:03 - 2012-04-13 06:45 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-02-27 16:59 - 2012-04-13 06:44 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-02-27 12:30 - 2011-01-19 11:40 - 0000000 ____D C:\Users\grevolorio\Documents\Change Requests

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%

Total physical RAM: 16316.38 MB

Available physical RAM: 14916.28 MB

Total Pagefile: 16314.53 MB

Available Pagefile: 14913.02 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:100 GB) (Free:1.28 GB) NTFS

2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (SoftRaid) (Fixed) (Total:731.32 GB) (Free:210.57 GB) NTFS

5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

6 Drive h: () (Removable) (Total:7.62 GB) (Free:3.62 GB) FAT32

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB *

Disk 1 Online 465 GB 1024 KB *

Disk 2 Online 7832 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Dynamic Data 992 KB 31 KB

Partition 2 Dynamic Data 100 MB 1024 KB

Partition 3 Dynamic Data 100 GB 101 MB

Partition 4 Dynamic Data 365 GB 100 GB

======================================================================================================

Disk: 0

Partition 1

Type : 42

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 42

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System Rese NTFS Mirror 100 MB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 42

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Mirror 100 GB Healthy

======================================================================================================

Disk: 0

Partition 4

Type : 42

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 F SoftRaid NTFS Stripe 731 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Dynamic Data 992 KB 31 KB

Partition 2 Dynamic Data 100 MB 1024 KB

Partition 3 Dynamic Data 100 GB 101 MB

Partition 4 Dynamic Data 365 GB 100 GB

======================================================================================================

Disk: 1

Partition 1

Type : 42

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 1

Partition 2

Type : 42

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System Rese NTFS Mirror 100 MB Healthy

======================================================================================================

Disk: 1

Partition 3

Type : 42

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Mirror 100 GB Healthy

======================================================================================================

Disk: 1

Partition 4

Type : 42

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 F SoftRaid NTFS Stripe 731 GB Healthy

======================================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7820 MB 29 KB

======================================================================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H FAT32 Removable 7820 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-18 20:08

======================= End Of Log ==========================

Link to post
Share on other sites

I'm running out of options here, I see you ran some programs on your own:

antizeroaccess.exe

HitmanPro

Did any of them find anything?

---------------------------

Just do this also:

Start an elevated command prompt (Start Menu -> All Programs -> Accessories -> Right Click Command Prompt -> Run as Administrator)

type netsh winsock reset and then press Enter

reboot your machine

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.