Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer and Browser Lagging [Solved]


  • This topic is locked This topic is locked

#1
msadat11

msadat11

    Member

  • Member
  • PipPip
  • 47 posts
Hi,

My computer and browser is lagging at times. I'm pretty sure there's some sort of virus on it.

I ran a full scan with symantec endpoint protection and it deleted some "tracking cookies" and "trojan.gen.2". I remember it deleted this same stuff last time i ran the scan too so it seems to be coming back.

I posted in the Windows XP OS section and was directed here. Here is that thread so you can be up to date on what I did there...

http://www.geekstogo...82#entry2169982









OTL logfile created on: 6/21/2012 9:14:51 PM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Documents and Settings\Mohammad Sadat\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 394.81 Mb Available Physical Memory | 38.93% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.98% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.10 Gb Free Space | 13.56% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 512.19 Gb Free Space | 85.91% Space Free | Partition Type: NTFS

Computer Name: MOHAMMADSADAT-C | User Name: Mohammad Sadat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 21:14:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mohammad Sadat\Desktop\OTL.exe
PRC - [2012/06/18 20:30:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 22:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 20:30:19 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 23:20:56 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/10/09 13:46:12 | 000,488,448 | ---- | M] () -- C:\WINDOWS\system32\apdfprintmon.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/18 20:30:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 23:20:57 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 22:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/05/31 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 13:18:14 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120620.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 13:18:14 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120620.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/22 19:59:21 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/22 19:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2008/12/08 22:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/12/08 22:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/11/18 19:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 12:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/13 13:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 13:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 13:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {515A179B-845F-472A-BAC0-8D197F8B0C3A}
IE - HKCU\..\SearchScopes\{515A179B-845F-472A-BAC0-8D197F8B0C3A}: "URL" = http://www.google.co...startPage}&rlz=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.1
FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mohammad Sadat\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mohammad Sadat\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\OfferBox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 21:44:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mohammad Sadat\Application Data\Move Networks [2009/11/14 21:43:37 | 000,000,000 | ---D | M]

[2009/07/02 20:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Extensions
[2009/07/02 20:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Extensions\[email protected]
[2012/06/18 21:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions
[2010/06/26 23:03:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/30 22:21:55 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2012/03/30 19:08:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/29 22:45:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/05/21 01:33:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/15 20:00:57 | 000,000,000 | ---D | M] (KillJasmin) -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\[email protected]
[2011/08/30 00:49:42 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\extensions\[email protected]
[2012/05/10 17:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/18 21:11:23 | 000,003,793 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MOHAMMAD SADAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GKXH7719.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
[2012/06/18 20:30:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/18 20:30:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 20:30:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mohammad Sadat\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Flash Video Downloader = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loalijgcbfmegnmjbckbiddnkgkfpjjl\2.0.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/31 18:27:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Se&nd to OneNote - Reg Error: Value error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53927475-DF65-4818-AEE2-C5597AFBC369}: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53927475-DF65-4818-AEE2-C5597AFBC369}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/28 16:37:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 21:14:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mohammad Sadat\Desktop\OTL.exe
[2012/06/18 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2012/06/18 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/06/17 11:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\CRE
[2012/06/17 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/06/17 11:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\uTorrentControl2
[2012/06/17 11:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\Conduit
[2012/06/17 11:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl2
[2012/06/09 21:23:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/07 23:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammad Sadat\Desktop\Leonard Davis essay 2012
[2012/06/03 19:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/03 19:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/03 19:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/06/03 16:33:18 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/06/03 16:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/06/03 16:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/05/27 16:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammad Sadat\Desktop\SALAM physiology
[5 C:\Documents and Settings\Mohammad Sadat\Desktop\*.tmp files -> C:\Documents and Settings\Mohammad Sadat\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/21 21:14:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mohammad Sadat\Desktop\OTL.exe
[2012/06/21 14:14:21 | 372,719,488 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\QBZ-95B.avi
[2012/06/21 11:50:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/21 01:12:25 | 000,082,569 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\mail.google.com.jpeg
[2012/06/20 13:41:05 | 000,188,098 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\tcqqD.jpg
[2012/06/20 13:37:49 | 013,438,847 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\KatrinHess-Romeos-JS.mp4
[2012/06/18 21:55:33 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-682003330-725345543-1004UA.job
[2012/06/18 21:55:33 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-682003330-725345543-1004Core.job
[2012/06/18 21:55:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 21:55:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 21:55:31 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/18 21:55:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/18 21:49:37 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/06/18 21:49:36 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2012/06/18 20:28:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 11:31:10 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/17 11:31:10 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/06/14 22:57:18 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 02:13:34 | 045,973,944 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\MailysAmrous_ChroniquesSexuellesDUneFamilleDAujourdHuiHD.mp4
[2012/06/13 22:33:03 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 19:27:48 | 000,438,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 19:27:48 | 000,069,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 19:21:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 01:39:22 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\Google Chrome.lnk
[2012/06/12 01:39:22 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/03 19:09:19 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/06/03 16:33:18 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/06/02 23:09:41 | 000,038,232 | ---- | M] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\google contacts.csv
[5 C:\Documents and Settings\Mohammad Sadat\Desktop\*.tmp files -> C:\Documents and Settings\Mohammad Sadat\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 12:12:22 | 372,719,488 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\QBZ-95B.avi
[2012/06/21 01:12:25 | 000,082,569 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\mail.google.com.jpeg
[2012/06/20 13:41:05 | 000,188,098 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\tcqqD.jpg
[2012/06/20 13:35:08 | 013,438,847 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\KatrinHess-Romeos-JS.mp4
[2012/06/18 21:49:36 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/06/18 21:49:36 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2012/06/17 00:14:10 | 045,973,944 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\MailysAmrous_ChroniquesSexuellesDUneFamilleDAujourdHuiHD.mp4
[2012/06/03 19:09:19 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/06/02 23:09:52 | 000,038,232 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Desktop\google contacts.csv
[2012/05/26 21:07:50 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/16 23:38:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/22 19:51:04 | 000,002,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/07/03 17:01:01 | 000,000,184 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2011/07/02 23:09:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2011/07/02 23:06:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2010/12/19 23:55:21 | 000,488,448 | ---- | C] () -- C:\WINDOWS\System32\apdfprintmon.dll
[2010/11/12 03:21:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010/11/12 03:21:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010/11/12 03:21:20 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/11/12 03:16:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/11/12 03:16:21 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/09/04 21:26:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2010/09/04 21:26:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2010/06/25 15:32:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/19 10:15:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\fusioncache.dat
[2009/12/26 21:32:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Application Data\$_hpcst$.hpc
[2009/05/29 08:51:01 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Mohammad Sadat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/12/19 23:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2009/06/25 11:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/06/15 20:56:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/07/02 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/13 00:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PSPVC
[2011/06/15 00:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/11/12 03:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/13 19:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/11/12 03:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2011/07/30 20:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2010/07/01 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/06 13:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\acccore
[2009/06/10 16:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Aim
[2011/04/30 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\AnvSoft
[2009/06/26 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Azureus
[2009/06/26 19:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\BITRAR
[2011/06/15 00:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Blackberry Desktop
[2012/06/18 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Canon
[2011/05/05 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\EndNote
[2011/07/02 22:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\HotSync
[2009/05/28 17:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Leadertech
[2009/06/27 10:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Leawo
[2009/08/31 12:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Opera
[2012/05/09 17:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Oracle
[2011/06/15 00:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Research In Motion
[2010/03/13 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\ScanSoft
[2012/02/17 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Unity
[2012/06/18 00:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\uTorrent
[2012/01/11 02:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammad Sadat\Application Data\Xi

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello msadat11 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hey, computer seems to be running fine now but i dont know if there are any hidden trojans or spyware that might still be on the computer like before. Here are the scans you requested:




12:22:22.0781 0740 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
12:22:23.0281 0740 ============================================================
12:22:23.0281 0740 Current date / time: 2012/06/28 12:22:23.0281
12:22:23.0281 0740 SystemInfo:
12:22:23.0281 0740
12:22:23.0281 0740 OS Version: 5.1.2600 ServicePack: 3.0
12:22:23.0281 0740 Product type: Workstation
12:22:23.0281 0740 ComputerName: MOHAMMADSADAT-C
12:22:23.0281 0740 UserName: Mohammad Sadat
12:22:23.0281 0740 Windows directory: C:\WINDOWS
12:22:23.0281 0740 System windows directory: C:\WINDOWS
12:22:23.0281 0740 Processor architecture: Intel x86
12:22:23.0281 0740 Number of processors: 2
12:22:23.0281 0740 Page size: 0x1000
12:22:23.0281 0740 Boot type: Normal boot
12:22:23.0281 0740 ============================================================
12:22:26.0921 0740 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:22:26.0921 0740 Drive \Device\Harddisk1\DR2 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:27.0390 0740 ============================================================
12:22:27.0390 0740 \Device\Harddisk0\DR0:
12:22:27.0390 0740 MBR partitions:
12:22:27.0390 0740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
12:22:27.0390 0740 \Device\Harddisk1\DR2:
12:22:27.0390 0740 MBR partitions:
12:22:27.0390 0740 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
12:22:27.0390 0740 ============================================================
12:22:27.0406 0740 C: <-> \Device\Harddisk0\DR0\Partition0
12:22:27.0484 0740 E: <-> \Device\Harddisk1\DR2\Partition0
12:22:27.0484 0740 ============================================================
12:22:27.0484 0740 Initialize success
12:22:27.0484 0740 ============================================================
12:22:53.0843 3680 ============================================================
12:22:53.0843 3680 Scan started
12:22:53.0843 3680 Mode: Manual;
12:22:53.0843 3680 ============================================================
12:22:55.0078 3680 Abiosdsk - ok
12:22:55.0093 3680 abp480n5 - ok
12:22:55.0140 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:22:55.0140 3680 ACPI - ok
12:22:55.0187 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:22:55.0187 3680 ACPIEC - ok
12:22:55.0265 3680 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:55.0328 3680 AdobeFlashPlayerUpdateSvc - ok
12:22:55.0343 3680 adpu160m - ok
12:22:55.0390 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:22:55.0406 3680 aec - ok
12:22:55.0437 3680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:22:55.0453 3680 AFD - ok
12:22:55.0453 3680 Aha154x - ok
12:22:55.0468 3680 aic78u2 - ok
12:22:55.0468 3680 aic78xx - ok
12:22:55.0500 3680 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:22:55.0515 3680 Alerter - ok
12:22:55.0546 3680 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:22:55.0546 3680 ALG - ok
12:22:55.0546 3680 AliIde - ok
12:22:55.0562 3680 amsint - ok
12:22:55.0656 3680 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:22:55.0656 3680 Apple Mobile Device - ok
12:22:55.0671 3680 asc - ok
12:22:55.0671 3680 asc3350p - ok
12:22:55.0671 3680 asc3550 - ok
12:22:55.0796 3680 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:22:55.0890 3680 aspnet_state - ok
12:22:55.0921 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:22:55.0937 3680 AsyncMac - ok
12:22:55.0953 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:22:55.0953 3680 atapi - ok
12:22:55.0968 3680 Atdisk - ok
12:22:55.0984 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:22:56.0000 3680 Atmarpc - ok
12:22:56.0031 3680 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:22:56.0031 3680 AudioSrv - ok
12:22:56.0062 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:22:56.0062 3680 audstub - ok
12:22:56.0109 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:22:56.0109 3680 Beep - ok
12:22:56.0171 3680 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:22:56.0187 3680 BITS - ok
12:22:56.0281 3680 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:22:56.0281 3680 Bonjour Service - ok
12:22:56.0328 3680 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:22:56.0328 3680 Browser - ok
12:22:56.0359 3680 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:22:56.0375 3680 BthEnum - ok
12:22:56.0421 3680 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:22:56.0421 3680 BthPan - ok
12:22:56.0484 3680 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
12:22:56.0500 3680 BTHPORT - ok
12:22:56.0546 3680 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
12:22:56.0546 3680 BthServ - ok
12:22:56.0546 3680 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:22:56.0562 3680 BTHUSB - ok
12:22:56.0593 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:22:56.0609 3680 cbidf2k - ok
12:22:56.0671 3680 ccEvtMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:22:56.0671 3680 ccEvtMgr - ok
12:22:56.0671 3680 ccSetMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:22:56.0671 3680 ccSetMgr - ok
12:22:56.0687 3680 cd20xrnt - ok
12:22:56.0718 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:22:56.0718 3680 Cdaudio - ok
12:22:56.0750 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:22:56.0765 3680 Cdfs - ok
12:22:56.0796 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:22:56.0796 3680 Cdrom - ok
12:22:56.0843 3680 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
12:22:56.0843 3680 cercsr6 - ok
12:22:56.0875 3680 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:22:56.0890 3680 CiSvc - ok
12:22:56.0906 3680 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:22:56.0921 3680 ClipSrv - ok
12:22:57.0109 3680 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:57.0250 3680 clr_optimization_v2.0.50727_32 - ok
12:22:57.0406 3680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:22:57.0468 3680 clr_optimization_v4.0.30319_32 - ok
12:22:57.0468 3680 CmdIde - ok
12:22:57.0500 3680 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
12:22:57.0500 3680 COH_Mon - ok
12:22:57.0500 3680 COMSysApp - ok
12:22:57.0515 3680 Cpqarray - ok
12:22:57.0546 3680 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:22:57.0562 3680 CryptSvc - ok
12:22:57.0562 3680 dac2w2k - ok
12:22:57.0562 3680 dac960nt - ok
12:22:57.0625 3680 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:22:57.0640 3680 DcomLaunch - ok
12:22:57.0671 3680 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:22:57.0687 3680 Dhcp - ok
12:22:57.0718 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:22:57.0718 3680 Disk - ok
12:22:57.0718 3680 dmadmin - ok
12:22:57.0812 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:22:57.0828 3680 dmboot - ok
12:22:57.0875 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:22:57.0890 3680 dmio - ok
12:22:57.0921 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:22:57.0921 3680 dmload - ok
12:22:57.0953 3680 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:22:57.0984 3680 dmserver - ok
12:22:58.0015 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:22:58.0015 3680 DMusic - ok
12:22:58.0046 3680 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:22:58.0062 3680 Dnscache - ok
12:22:58.0093 3680 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:22:58.0125 3680 Dot3svc - ok
12:22:58.0125 3680 dpti2o - ok
12:22:58.0140 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:22:58.0140 3680 drmkaud - ok
12:22:58.0187 3680 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:22:58.0187 3680 E100B - ok
12:22:58.0234 3680 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:22:58.0250 3680 EapHost - ok
12:22:58.0390 3680 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:22:58.0406 3680 eeCtrl - ok
12:22:58.0437 3680 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:22:58.0437 3680 EraserUtilRebootDrv - ok
12:22:58.0468 3680 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:22:58.0468 3680 ERSvc - ok
12:22:58.0515 3680 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:22:58.0531 3680 Eventlog - ok
12:22:58.0578 3680 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:22:58.0578 3680 EventSystem - ok
12:22:58.0625 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:22:58.0625 3680 Fastfat - ok
12:22:58.0656 3680 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:22:58.0671 3680 FastUserSwitchingCompatibility - ok
12:22:58.0687 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:22:58.0687 3680 Fdc - ok
12:22:58.0718 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:22:58.0718 3680 Fips - ok
12:22:58.0734 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:22:58.0734 3680 Flpydisk - ok
12:22:58.0765 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:22:58.0765 3680 FltMgr - ok
12:22:58.0921 3680 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:22:58.0921 3680 FontCache3.0.0.0 - ok
12:22:58.0953 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:22:58.0953 3680 Fs_Rec - ok
12:22:58.0984 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:22:58.0984 3680 Ftdisk - ok
12:22:59.0015 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:22:59.0015 3680 GEARAspiWDM - ok
12:22:59.0031 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:22:59.0031 3680 Gpc - ok
12:22:59.0125 3680 gupdate1c9f42aac694f1a (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
12:22:59.0140 3680 gupdate1c9f42aac694f1a - ok
12:22:59.0156 3680 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
12:22:59.0156 3680 gupdatem - ok
12:22:59.0187 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:22:59.0203 3680 HDAudBus - ok
12:22:59.0250 3680 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:22:59.0250 3680 helpsvc - ok
12:22:59.0296 3680 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:22:59.0296 3680 HidServ - ok
12:22:59.0328 3680 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:22:59.0328 3680 hidusb - ok
12:22:59.0375 3680 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:22:59.0390 3680 hkmsvc - ok
12:22:59.0406 3680 hpn - ok
12:22:59.0453 3680 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:22:59.0468 3680 HSFHWBS2 - ok
12:22:59.0531 3680 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:22:59.0546 3680 HSF_DP - ok
12:22:59.0578 3680 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
12:22:59.0593 3680 htcnprot - ok
12:22:59.0640 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:22:59.0656 3680 HTTP - ok
12:22:59.0671 3680 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:22:59.0671 3680 HTTPFilter - ok
12:22:59.0687 3680 i2omp - ok
12:22:59.0718 3680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:22:59.0718 3680 i8042prt - ok
12:22:59.0843 3680 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:22:59.0859 3680 ialm - ok
12:22:59.0984 3680 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:23:00.0000 3680 IDriverT - ok
12:23:00.0203 3680 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:23:00.0265 3680 idsvc - ok
12:23:00.0343 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:23:00.0343 3680 Imapi - ok
12:23:00.0390 3680 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:23:00.0390 3680 ImapiService - ok
12:23:00.0406 3680 ini910u - ok
12:23:00.0421 3680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:23:00.0421 3680 IntelIde - ok
12:23:00.0453 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:23:00.0453 3680 intelppm - ok
12:23:00.0468 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:23:00.0484 3680 Ip6Fw - ok
12:23:00.0531 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:23:00.0546 3680 IpFilterDriver - ok
12:23:00.0562 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:23:00.0562 3680 IpInIp - ok
12:23:00.0593 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:23:00.0593 3680 IpNat - ok
12:23:00.0718 3680 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
12:23:00.0734 3680 iPod Service - ok
12:23:00.0781 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:23:00.0781 3680 IPSec - ok
12:23:00.0796 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:23:00.0812 3680 IRENUM - ok
12:23:00.0828 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:23:00.0843 3680 isapnp - ok
12:23:00.0906 3680 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:23:00.0968 3680 JavaQuickStarterService - ok
12:23:00.0984 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:23:00.0984 3680 Kbdclass - ok
12:23:01.0015 3680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:23:01.0015 3680 kbdhid - ok
12:23:01.0046 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:23:01.0046 3680 kmixer - ok
12:23:01.0078 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:23:01.0078 3680 KSecDD - ok
12:23:01.0125 3680 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:23:01.0125 3680 lanmanserver - ok
12:23:01.0156 3680 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:23:01.0156 3680 lanmanworkstation - ok
12:23:01.0468 3680 LiveUpdate (e553c4b4b7b4b86cd71a2dfee1b58131) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:23:01.0531 3680 LiveUpdate - ok
12:23:01.0640 3680 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:23:01.0640 3680 LmHosts - ok
12:23:01.0671 3680 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
12:23:01.0671 3680 MBAMProtector - ok
12:23:01.0796 3680 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:23:01.0812 3680 MBAMService - ok
12:23:01.0843 3680 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:23:01.0843 3680 mdmxsdk - ok
12:23:01.0875 3680 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:23:01.0890 3680 Messenger - ok
12:23:02.0015 3680 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:23:02.0046 3680 Microsoft Office Groove Audit Service - ok
12:23:02.0093 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:23:02.0093 3680 mnmdd - ok
12:23:02.0125 3680 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:23:02.0140 3680 mnmsrvc - ok
12:23:02.0171 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:23:02.0171 3680 Modem - ok
12:23:02.0187 3680 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:23:02.0203 3680 MODEMCSA - ok
12:23:02.0218 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:23:02.0218 3680 Mouclass - ok
12:23:02.0250 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:23:02.0250 3680 mouhid - ok
12:23:02.0265 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:23:02.0265 3680 MountMgr - ok
12:23:02.0312 3680 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:23:02.0359 3680 MozillaMaintenance - ok
12:23:02.0359 3680 mraid35x - ok
12:23:02.0375 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:23:02.0390 3680 MRxDAV - ok
12:23:02.0453 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:23:02.0453 3680 MRxSmb - ok
12:23:02.0500 3680 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:23:02.0500 3680 MSDTC - ok
12:23:02.0515 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:23:02.0515 3680 Msfs - ok
12:23:02.0531 3680 MSIServer - ok
12:23:02.0531 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:23:02.0546 3680 MSKSSRV - ok
12:23:02.0562 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:23:02.0562 3680 MSPCLOCK - ok
12:23:02.0578 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:23:02.0578 3680 MSPQM - ok
12:23:02.0609 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:23:02.0609 3680 mssmbios - ok
12:23:02.0656 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:23:02.0656 3680 Mup - ok
12:23:02.0718 3680 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:23:02.0750 3680 napagent - ok
12:23:02.0875 3680 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120627.006\NAVENG.SYS
12:23:02.0875 3680 NAVENG - ok
12:23:03.0000 3680 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120627.006\NAVEX15.SYS
12:23:03.0031 3680 NAVEX15 - ok
12:23:03.0156 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:23:03.0156 3680 NDIS - ok
12:23:03.0171 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:23:03.0187 3680 NdisTapi - ok
12:23:03.0203 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:23:03.0203 3680 Ndisuio - ok
12:23:03.0234 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:23:03.0234 3680 NdisWan - ok
12:23:03.0281 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:23:03.0281 3680 NDProxy - ok
12:23:03.0296 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:23:03.0296 3680 NetBIOS - ok
12:23:03.0343 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:23:03.0343 3680 NetBT - ok
12:23:03.0578 3680 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:23:03.0640 3680 NetDDE - ok
12:23:03.0640 3680 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:23:03.0640 3680 NetDDEdsdm - ok
12:23:03.0687 3680 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:23:03.0703 3680 Netlogon - ok
12:23:03.0859 3680 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:23:03.0890 3680 Netman - ok
12:23:04.0109 3680 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:23:04.0140 3680 NetTcpPortSharing - ok
12:23:04.0234 3680 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:23:04.0234 3680 Nla - ok
12:23:04.0312 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:23:04.0328 3680 Npfs - ok
12:23:04.0515 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:23:04.0531 3680 Ntfs - ok
12:23:04.0562 3680 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:23:04.0562 3680 NtLmSsp - ok
12:23:04.0625 3680 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:23:04.0656 3680 NtmsSvc - ok
12:23:04.0687 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:23:04.0687 3680 Null - ok
12:23:04.0718 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:23:04.0734 3680 NwlnkFlt - ok
12:23:04.0750 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:23:04.0750 3680 NwlnkFwd - ok
12:23:04.0890 3680 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:23:04.0953 3680 odserv - ok
12:23:04.0984 3680 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:23:05.0078 3680 ose - ok
12:23:05.0125 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:23:05.0125 3680 Parport - ok
12:23:05.0140 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:23:05.0140 3680 PartMgr - ok
12:23:05.0187 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:23:05.0187 3680 ParVdm - ok
12:23:05.0250 3680 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
12:23:05.0281 3680 PassThru Service - ok
12:23:05.0296 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:23:05.0312 3680 PCI - ok
12:23:05.0343 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
12:23:05.0343 3680 PCIIde - ok
12:23:05.0375 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:23:05.0390 3680 Pcmcia - ok
12:23:05.0390 3680 perc2 - ok
12:23:05.0390 3680 perc2hib - ok
12:23:05.0437 3680 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:23:05.0453 3680 PlugPlay - ok
12:23:05.0484 3680 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:23:05.0484 3680 PolicyAgent - ok
12:23:05.0500 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:23:05.0515 3680 PptpMiniport - ok
12:23:05.0515 3680 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:23:05.0515 3680 ProtectedStorage - ok
12:23:05.0531 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:23:05.0531 3680 PSched - ok
12:23:05.0562 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:23:05.0562 3680 Ptilink - ok
12:23:05.0578 3680 ql1080 - ok
12:23:05.0578 3680 Ql10wnt - ok
12:23:05.0593 3680 ql12160 - ok
12:23:05.0593 3680 ql1240 - ok
12:23:05.0609 3680 ql1280 - ok
12:23:05.0640 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:23:05.0640 3680 RasAcd - ok
12:23:05.0671 3680 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:23:05.0687 3680 RasAuto - ok
12:23:05.0703 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:23:05.0703 3680 Rasl2tp - ok
12:23:05.0765 3680 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:23:05.0765 3680 RasMan - ok
12:23:05.0781 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:23:05.0796 3680 RasPppoe - ok
12:23:05.0796 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:23:05.0796 3680 Raspti - ok
12:23:05.0828 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:23:05.0828 3680 Rdbss - ok
12:23:05.0828 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:23:05.0828 3680 RDPCDD - ok
12:23:05.0890 3680 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:23:05.0906 3680 RDPWD - ok
12:23:05.0953 3680 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:23:06.0000 3680 RDSessMgr - ok
12:23:06.0062 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:23:06.0062 3680 redbook - ok
12:23:06.0109 3680 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:23:06.0125 3680 RemoteAccess - ok
12:23:06.0156 3680 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:23:06.0156 3680 RFCOMM - ok
12:23:06.0203 3680 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
12:23:06.0218 3680 RimUsb - ok
12:23:06.0234 3680 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:23:06.0234 3680 RimVSerPort - ok
12:23:06.0265 3680 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:23:06.0265 3680 ROOTMODEM - ok
12:23:06.0296 3680 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:23:06.0312 3680 RpcLocator - ok
12:23:06.0359 3680 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:23:06.0375 3680 RpcSs - ok
12:23:06.0390 3680 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:23:06.0453 3680 RSVP - ok
12:23:06.0500 3680 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:23:06.0500 3680 SamSs - ok
12:23:06.0546 3680 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:23:06.0593 3680 SCardSvr - ok
12:23:06.0640 3680 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:23:06.0640 3680 Schedule - ok
12:23:06.0671 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:23:06.0687 3680 Secdrv - ok
12:23:06.0687 3680 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:23:06.0703 3680 seclogon - ok
12:23:06.0718 3680 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:23:06.0718 3680 SENS - ok
12:23:06.0765 3680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:23:06.0765 3680 Serial - ok
12:23:06.0796 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:23:06.0812 3680 Sfloppy - ok
12:23:06.0859 3680 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:23:06.0875 3680 SharedAccess - ok
12:23:06.0921 3680 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:23:06.0921 3680 ShellHWDetection - ok
12:23:06.0921 3680 Simbad - ok
12:23:07.0187 3680 SmcService (d0375ca98569065a51504187d22c1949) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
12:23:07.0218 3680 SmcService - ok
12:23:07.0281 3680 SNAC (612d1ecbf4f7351a29b9eb0fa6e5f56a) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
12:23:07.0312 3680 SNAC - ok
12:23:07.0406 3680 Sparrow - ok
12:23:07.0515 3680 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:23:07.0515 3680 SPBBCDrv - ok
12:23:07.0562 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:23:07.0562 3680 splitter - ok
12:23:07.0593 3680 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:23:07.0593 3680 Spooler - ok
12:23:07.0625 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:23:07.0625 3680 sr - ok
12:23:07.0671 3680 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:23:07.0687 3680 srservice - ok
12:23:07.0718 3680 SRTSP (e217480cc878061d7603a8cdca06c188) C:\WINDOWS\system32\Drivers\SRTSP.SYS
12:23:07.0718 3680 SRTSP - ok
12:23:07.0765 3680 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
12:23:07.0796 3680 SRTSPL - ok
12:23:07.0843 3680 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
12:23:07.0843 3680 SRTSPX - ok
12:23:07.0890 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:23:07.0906 3680 Srv - ok
12:23:07.0937 3680 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:23:07.0953 3680 SSDPSRV - ok
12:23:08.0062 3680 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
12:23:08.0078 3680 STHDA - ok
12:23:08.0156 3680 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:23:08.0156 3680 stisvc - ok
12:23:08.0203 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:23:08.0203 3680 swenum - ok
12:23:08.0218 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:23:08.0218 3680 swmidi - ok
12:23:08.0218 3680 SwPrv - ok
12:23:08.0531 3680 Symantec AntiVirus (ab135c5739d0ab8cbaaf1d4b23e3c259) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:23:08.0562 3680 Symantec AntiVirus - ok
12:23:08.0656 3680 symc810 - ok
12:23:08.0671 3680 symc8xx - ok
12:23:08.0718 3680 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:23:08.0734 3680 SymEvent - ok
12:23:08.0765 3680 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:23:08.0781 3680 SYMREDRV - ok
12:23:08.0843 3680 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:23:08.0843 3680 SYMTDI - ok
12:23:08.0843 3680 sym_hi - ok
12:23:08.0859 3680 sym_u3 - ok
12:23:08.0890 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:23:08.0890 3680 sysaudio - ok
12:23:08.0937 3680 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:23:08.0953 3680 SysmonLog - ok
12:23:09.0000 3680 SysPlant (835ac2478eda93c43a3066a246251eda) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
12:23:09.0000 3680 SysPlant - ok
12:23:09.0062 3680 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:23:09.0062 3680 TapiSrv - ok
12:23:09.0125 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:23:09.0125 3680 Tcpip - ok
12:23:09.0171 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:23:09.0171 3680 TDPIPE - ok
12:23:09.0218 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:23:09.0218 3680 TDTCP - ok
12:23:09.0265 3680 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
12:23:09.0265 3680 Teefer2 - ok
12:23:09.0281 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:23:09.0281 3680 TermDD - ok
12:23:09.0328 3680 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:23:09.0343 3680 TermService - ok
12:23:09.0375 3680 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:23:09.0375 3680 Themes - ok
12:23:09.0421 3680 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
12:23:09.0437 3680 TIEHDUSB - ok
12:23:09.0437 3680 TosIde - ok
12:23:09.0468 3680 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:23:09.0468 3680 TrkWks - ok
12:23:09.0500 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:23:09.0500 3680 Udfs - ok
12:23:09.0515 3680 ultra - ok
12:23:09.0578 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:23:09.0578 3680 Update - ok
12:23:09.0625 3680 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:23:09.0656 3680 upnphost - ok
12:23:09.0671 3680 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:23:09.0687 3680 UPS - ok
12:23:09.0718 3680 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:23:09.0718 3680 USBAAPL - ok
12:23:09.0750 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:23:09.0750 3680 usbccgp - ok
12:23:09.0781 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:23:09.0781 3680 usbehci - ok
12:23:09.0796 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:23:09.0796 3680 usbhub - ok
12:23:09.0843 3680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:23:09.0843 3680 usbprint - ok
12:23:09.0859 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:23:09.0859 3680 usbscan - ok
12:23:09.0890 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:23:09.0890 3680 USBSTOR - ok
12:23:09.0906 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:23:09.0906 3680 usbuhci - ok
12:23:09.0921 3680 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:23:09.0921 3680 usb_rndisx - ok
12:23:09.0953 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:23:09.0953 3680 VgaSave - ok
12:23:09.0953 3680 ViaIde - ok
12:23:09.0984 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:23:09.0984 3680 VolSnap - ok
12:23:10.0031 3680 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:23:10.0062 3680 VSS - ok
12:23:10.0093 3680 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:23:10.0093 3680 W32Time - ok
12:23:10.0125 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:23:10.0140 3680 Wanarp - ok
12:23:10.0203 3680 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:23:10.0234 3680 Wdf01000 - ok
12:23:10.0265 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:23:10.0265 3680 wdmaud - ok
12:23:10.0296 3680 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:23:10.0296 3680 WebClient - ok
12:23:10.0359 3680 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:23:10.0375 3680 winachsf - ok
12:23:10.0453 3680 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:23:10.0453 3680 winmgmt - ok
12:23:10.0500 3680 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:23:10.0515 3680 WmdmPmSN - ok
12:23:10.0562 3680 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:23:10.0578 3680 WmiApSrv - ok
12:23:10.0734 3680 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:23:10.0781 3680 WMPNetworkSvc - ok
12:23:10.0828 3680 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:23:10.0828 3680 WpdUsb - ok
12:23:11.0062 3680 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:23:11.0140 3680 WPFFontCache_v0400 - ok
12:23:11.0171 3680 WPS (4017e55ea0c71aff4f0f90fa97eb199f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
12:23:11.0171 3680 WPS - ok
12:23:11.0218 3680 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
12:23:11.0234 3680 WpsHelper - ok
12:23:11.0265 3680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:23:11.0265 3680 WS2IFSL - ok
12:23:11.0296 3680 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:23:11.0296 3680 wscsvc - ok
12:23:11.0312 3680 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:23:11.0328 3680 wuauserv - ok
12:23:11.0359 3680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:23:11.0359 3680 WudfPf - ok
12:23:11.0375 3680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:23:11.0390 3680 WudfRd - ok
12:23:11.0406 3680 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:23:11.0421 3680 WudfSvc - ok
12:23:11.0484 3680 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:23:11.0500 3680 WZCSVC - ok
12:23:11.0531 3680 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:23:11.0546 3680 xmlprov - ok
12:23:11.0562 3680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:23:12.0062 3680 \Device\Harddisk0\DR0 - ok
12:23:12.0531 3680 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
12:23:12.0531 3680 \Device\Harddisk1\DR2 - ok
12:23:12.0531 3680 Boot (0x1200) (00f26d143a92625607e8185d23e505b4) \Device\Harddisk0\DR0\Partition0
12:23:12.0531 3680 \Device\Harddisk0\DR0\Partition0 - ok
12:23:12.0546 3680 Boot (0x1200) (56d83ee79a1073c665c86757caaed60d) \Device\Harddisk1\DR2\Partition0
12:23:12.0546 3680 \Device\Harddisk1\DR2\Partition0 - ok
12:23:12.0546 3680 ============================================================
12:23:12.0546 3680 Scan finished
12:23:12.0546 3680 ============================================================
12:23:12.0562 3816 Detected object count: 0
12:23:12.0562 3816 Actual detected object count: 0
12:25:04.0093 0464 Deinitialize success
  • 0

#4
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ComboFix 12-06-28.01 - Mohammad Sadat 06/28/2012 12:35:48.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.481 [GMT -4:00]
Running from: c:\documents and settings\Mohammad Sadat\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mohammad Sadat\g2mdlhlpx.exe
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-27 22:55 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-27 22:55 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-27 22:52 . 2012-06-27 22:52 -------- d-----w- c:\program files\iPod
2012-06-27 22:51 . 2012-06-27 22:55 -------- d-----w- c:\program files\iTunes
2012-06-27 22:51 . 2012-06-27 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-27 22:50 . 2012-06-27 22:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-27 22:50 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-27 22:50 . 2012-04-25 16:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-27 22:49 . 2012-06-27 22:49 -------- d-----w- c:\program files\Bonjour
2012-06-26 17:56 . 2012-06-26 17:56 -------- d-----w- c:\program files\Citrix
2012-06-26 03:21 . 2012-06-26 03:21 -------- d-----w- c:\documents and settings\Mohammad Sadat\Application Data\Foxit Software
2012-06-19 01:49 . 2012-06-19 01:49 -------- d-----w- c:\program files\Foxit Software
2012-06-17 15:31 . 2012-06-17 15:31 -------- d-----w- c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\CRE
2012-06-17 15:31 . 2012-06-17 15:31 -------- d-----w- c:\program files\Conduit
2012-06-17 15:31 . 2012-06-17 15:31 -------- d-----w- c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\uTorrentControl2
2012-06-17 15:31 . 2012-06-17 15:31 -------- d-----w- c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\Conduit
2012-06-17 15:31 . 2012-06-17 15:31 -------- d-----w- c:\program files\uTorrentControl2
2012-06-13 20:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-03 23:08 . 2012-06-27 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-06-03 20:33 . 2012-06-03 20:33 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-06-03 20:33 . 2012-06-03 20:33 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 03:20 . 2012-05-27 01:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 03:20 . 2011-05-18 01:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19 . 2008-10-16 18:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-05-28 20:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-05-28 20:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-05-28 20:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-10-16 18:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-05-28 20:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-05-28 20:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-10-16 18:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 18:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 18:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-05-28 20:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-05-28 20:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-02-04 16:30 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-02-04 16:30 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-02-04 16:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-04 10:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-05-28 20:33 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 22:47 . 2012-01-22 23:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:47 . 2012-05-09 21:44 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-04 22:47 . 2010-06-26 04:20 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-01-16 22:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 00:30 . 2012-06-19 00:30 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mohammad Sadat^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Mohammad Sadat\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-08-14 19:45 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C88 Series]
2005-01-27 09:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-04-27 04:30 116648 ----atw- c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/16/2012 6:57 PM 654408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/18/2012 8:46 PM 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/16/2012 6:57 PM 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/26/2012 9:07 PM 257224]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 7:17 PM 23888]
S3 gupdate1c9f42aac694f1a;Google Update Service (gupdate1c9f42aac694f1a);c:\program files\Google\Update\GoogleUpdate.exe [6/23/2009 1:47 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/23/2009 1:47 PM 133104]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 7:01 PM 21248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/10/2012 5:54 PM 113120]
S3 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 1:06 PM 88576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 03:20]
.
2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 17:47]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 17:47]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-682003330-725345543-1004Core.job
- c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 04:30]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-682003330-725345543-1004UA.job
- c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel
IE: Se&nd to OneNote
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{53927475-DF65-4818-AEE2-C5597AFBC369}: NameServer = 208.67.222.222,208.67.220.220
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Mohammad Sadat\Application Data\Mozilla\Firefox\Profiles\gkxh7719.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Mohammad Sadat\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 12:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\06\03\0a\117\07c"
.
Completion time: 2012-06-28 12:52:20
ComboFix-quarantined-files.txt 2012-06-28 16:52
.
Pre-Run: 9,202,573,312 bytes free
Post-Run: 9,545,482,240 bytes free
.
- - End Of File - - 018655348CD9D6C023B95AED8D2867EA
  • 0

#5
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 13:58:39
-----------------------------
13:58:39.484 OS Version: Windows 5.1.2600 Service Pack 3
13:58:39.484 Number of processors: 2 586 0x409
13:58:39.484 ComputerName: MOHAMMADSADAT-C UserName: Mohammad Sadat
13:58:40.109 Initialize success
14:01:16.625 AVAST engine defs: 12062800
14:01:21.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:01:21.093 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
14:01:21.109 Disk 0 MBR read successfully
14:01:21.109 Disk 0 MBR scan
14:01:21.171 Disk 0 Windows XP default MBR code
14:01:21.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
14:01:21.203 Disk 0 scanning sectors +156232125
14:01:21.265 Disk 0 scanning C:\WINDOWS\system32\drivers
14:01:46.328 Service scanning
14:02:06.281 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
14:02:06.546 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
14:02:09.109 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
14:02:09.187 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
14:02:10.187 Modules scanning
14:02:16.453 Disk 0 trace - called modules:
14:02:16.468 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
14:02:16.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d5aab8]
14:02:16.468 3 CLASSPNP.SYS[f753efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86d5dd98]
14:02:17.250 AVAST engine scan C:\WINDOWS
14:02:49.718 AVAST engine scan C:\WINDOWS\system32
14:10:05.609 AVAST engine scan C:\WINDOWS\system32\drivers
14:10:34.562 AVAST engine scan C:\Documents and Settings\Mohammad Sadat
14:20:26.921 AVAST engine scan C:\Documents and Settings\All Users
14:22:25.937 Scan finished successfully
14:29:16.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mohammad Sadat\Desktop\MBR.dat"
14:29:16.953 The log file has been saved successfully to "C:\Documents and Settings\Mohammad Sadat\Desktop\aswMBR.txt"
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#7
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Status: Deleted (events: 9)
6/28/2012 5:31:25 PM Deleted adware not-a-virus:AdWare.MSIL.Sancmed.m C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\04840000\4F8E3F43.VBN Medium
6/28/2012 5:31:25 PM Deleted adware not-a-virus:AdWare.MSIL.Sancmed.m C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\04840000\4F8E3F43.VBN//CryptZ Medium
6/28/2012 5:31:28 PM Deleted Trojan program Trojan-Downloader.Win32.Injecter.fmi C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AF80000\4FFED63A.VBN High
6/28/2012 5:31:28 PM Deleted Trojan program Trojan-Downloader.Win32.Injecter.fmi C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AF80000\4FFED63A.VBN//CryptZ High
6/28/2012 5:31:30 PM Deleted Trojan program Backdoor.Win32.VB.nit C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AF80001\4FFED672.VBN High
6/28/2012 5:31:30 PM Deleted Trojan program Backdoor.Win32.VB.nit C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AF80001\4FFED672.VBN//CryptZ High
6/28/2012 5:31:30 PM Deleted Trojan program Backdoor.Win32.VB.nit C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AF80001\4FFED672.VBN//CryptZ//UPX High
6/28/2012 5:31:41 PM Deleted Trojan program Trojan-Downloader.Win32.Injecter.fmi C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0D2C0008\4F3EA6A5.VBN High
6/28/2012 5:31:41 PM Deleted Trojan program Trojan-Downloader.Win32.Injecter.fmi C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0D2C0008\4F3EA6A5.VBN//CryptZ High
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Time to see where we are. Your logs doesn't show any infection at moment. How is your system now?
  • 0

#9
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Working good so far, thanks for the help!
  • 0

#10
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hey so the computer is running fine so i decided to run a full scan thru symantec endpoint protection and the same thing! It deleted the "tracking cookies" again. It always deletes this same thing when i run the scan so i'm thinking that these tracking cookies keep coming back?? Any help on this please?

I've attached a pic of what Symantec deleted.

Attached Thumbnails

  • tracking cookies pic.JPG

Edited by msadat11, 29 June 2012 - 04:10 PM.

  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi msadat11,

Don't worry about cookies. They can't really harm your system. Just remove them from time to time to keep you browser clean. Once a week would be fine.

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
msadat11

msadat11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thanks, working fine now
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP