Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help to remove Trojan.Gen.2 & Trojan.Zeroaccess.B & [Clos

Started by I_hate_virus , Jul 18 2012 09:55 AM

  • This topic is locked This topic is locked

#1
I_hate_virus
Posted 18 July 2012 - 09:55 AM

I_hate_virus

    New Member

  • Member
  • Pip
  • 1 posts
The symptoms that I have on my laptop, refers exclusively to popups of my antivirus Symantec Endpoint protection, pointing for the existence of threats and for the removal/quarantine of the following threats:

{db527e62-d705-f056-4522-a321f58815db}\U\000000cb.@
{db527e62-d705-f056-4522-a321f58815db}\U\00000004.@

and many more like this.

I've beeing popedup continuosly by Symantec Enpoint Protection Notification regarding Security risk detected: Tojan.Gen.2
File: c:\users\<user>\appdata\local\temp\DWHAC21.tmp
Location: Quarantine
Action Taken: Quarantine Succeded: Access denied

I tryed Symantec Endpoint Protection in safe mode but no luck
I also used Norton Power Eraser (NPE) but again, no luck

OTL logfile created on: 7/18/2012 2:12:04 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = T:\
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3.43 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 83.66% Memory free
6.85 Gb Paging File | 6.40 Gb Available in Paging File | 93.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 14.72 Gb Free Space | 16.46% Space Free | Partition Type: NTFS
Drive D: | 207.16 Gb Total Space | 22.20 Gb Free Space | 10.72% Space Free | Partition Type: NTFS
Drive T: | 3.78 Gb Total Space | 3.18 Gb Free Space | 84.17% Space Free | Partition Type: NTFS

Computer Name: PTLIS-SANCHEJ2 | User Name: sanchej2 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 12:26:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- T:\OTL.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/15 17:49:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/09/15 17:49:14 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 09:45:47 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/14 11:37:10 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/09 13:59:46 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/10/27 16:56:34 | 000,113,456 | ---- | M] (Portrait Displays, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/10/25 16:51:26 | 000,196,904 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 19:56:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/18 14:50:00 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/09/15 17:49:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/09/15 17:49:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/09/15 17:49:14 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/09/15 17:49:14 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/15 17:49:14 | 000,349,512 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/07/22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/05/27 00:30:10 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/02/17 17:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/12/31 17:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Stopped] -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv)
SRV - [2009/09/18 11:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 11:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/08 14:51:00 | 000,173,400 | ---- | M] (Courion Corporation) [Auto | Stopped] -- C:\Program Files\Courion Corporation\DIRECT! CP\CourClientSvr.exe -- (CourClientSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV)
DRV - [2012/05/31 09:37:38 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 09:37:38 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/22 15:08:34 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/05/22 15:08:34 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/05/22 15:08:34 | 000,082,776 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/05/22 15:08:32 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/05/22 15:08:32 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012/05/16 10:01:45 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120717.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 10:01:45 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120717.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/30 04:27:06 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/11/15 01:14:44 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/10/27 02:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/27 02:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/10/27 02:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/10/27 02:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/10/27 02:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/08/01 16:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/02/16 18:52:51 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/18 14:49:50 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/15 07:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/09/15 17:49:18 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/09/15 17:49:16 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/09/15 17:49:16 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/09/15 17:49:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/09/15 17:49:14 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/09/15 17:49:14 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/09/15 17:49:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/09/15 17:49:12 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/09/15 17:49:12 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/07/27 04:41:44 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010/07/27 04:41:44 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010/07/27 04:41:44 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2010/07/27 04:41:42 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/07/27 04:41:42 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2010/07/22 03:19:24 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/06/23 11:24:58 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/22 04:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/06 07:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2010/03/29 23:54:54 | 000,025,648 | ---- | M] (Copyright© Digitech Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DIGITECH.sys -- (DIGITECH)
DRV - [2010/03/29 23:47:02 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/02/27 00:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/27 00:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/09/28 21:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 11:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/23 16:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/06/22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/05/15 23:24:32 | 000,069,408 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2008/11/05 20:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/08/21 13:38:10 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\omci.sys -- (omci)
DRV - [2008/07/29 23:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 23:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)
DRV - [2008/07/22 22:27:06 | 000,017,264 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2003/02/18 23:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiumfwl.sys -- (tiumfwl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...B&cr=1495413562
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...B&cr=1495413562
IE - HKLM\..\SearchScopes\{6C47F31E-977F-ACEA-A174-153FD43542AD}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://unet.unisys.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://unet.unisys.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6C47F31E-977F-ACEA-A174-153FD43542AD}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/07/18 12:18:33 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe\ (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DIRECT!] C:\Program Files\Courion Corporation\DIRECT! CP\direct.exe (Courion Corporation)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCLaunch] C:\Program Files\Unisys\UCLaunch\UCLaunch.exe (Unisys Corporation)
O4 - HKCU..\Run: [UWelcome] C:\Windows\UnisysIT\Welcome\Welcome.hta ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: gotrain.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: scholars.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: smartforce.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: unisys.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: unisys.com ([*.spt] https in Trusted sites)
O15 - HKLM\..Trusted Domains: unisys.com ([certificates] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gotrain.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: scholars.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: smartforce.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: unisys.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: unisys.com ([*.spt] https in Trusted sites)
O15 - HKCU\..Trusted Domains: unisys.com ([certificates] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.uis.unisys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31CE758C-F02F-4881-B1ED-86FFD7F64F7F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5049F44B-619E-4AF6-81BC-E665E9B073D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9249B323-65F8-4A62-BFC2-59BCD5378D52}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5DBF3CA-17CB-43A6-86A9-B439494B3A60}: NameServer = 212.113.164.57,212.113.164.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D77D7C5A-A604-4874-A0CF-825C9364AEA2}: DhcpNameServer = 88.214.182.2 88.214.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/15 15:22:38 | 000,000,091 | ---- | M] () - T:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Templates
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Start Menu
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\SendTo
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Recent
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\PrintHood
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\NetHood
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\My Documents
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Local Settings
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Cookies
[2012/07/17 16:23:45 | 000,000,000 | -HSD | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Application Data
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Videos
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Searches
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Saved Games
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Pictures
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Music
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Links
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Favorites
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Downloads
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Documents
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Desktop
[2012/07/17 16:23:42 | 000,000,000 | R--D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Contacts
[2012/07/17 16:23:42 | 000,000,000 | -H-D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/17 16:23:42 | 000,000,000 | -H-D | C] -- C:\Users\sanchej2.PTLIS-SANCHEJ2\AppData
[2012/07/17 11:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/16 11:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/07/02 11:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yammer
[2012/06/21 14:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/06/21 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 13:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 13:56:10 | 2760,241,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 13:54:02 | 000,012,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 13:54:02 | 000,012,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 13:47:43 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/07/18 13:45:34 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 13:32:00 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 13:13:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-879983540-1177238915-483318UA.job
[2012/07/18 13:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 12:36:50 | 000,720,514 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2012/07/18 12:36:50 | 000,653,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/18 12:36:50 | 000,152,350 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2012/07/18 12:36:50 | 000,121,656 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/14 11:26:23 | 000,000,000 | ---- | M] () -- C:\t1go.2
[2012/07/05 09:24:14 | 000,000,000 | ---- | M] () -- C:\t1fc.2
[2012/07/05 09:24:14 | 000,000,000 | ---- | M] () -- C:\t1fc.1
[2012/07/03 15:13:34 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-879983540-1177238915-483318Core1cd5926856371c.job
[2012/07/02 11:45:30 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Yammer.lnk
[2012/06/21 14:33:46 | 000,001,779 | ---- | M] () -- C:\Users\Administrator\Desktop\MagicISO.lnk
[2012/06/20 21:39:40 | 000,424,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 16:23:42 | 000,001,413 | ---- | C] () -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/17 16:23:42 | 000,000,792 | RHS- | C] () -- C:\Users\sanchej2.PTLIS-SANCHEJ2\ntuser.pol
[2012/07/17 16:23:42 | 000,000,290 | ---- | C] () -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/17 16:23:42 | 000,000,272 | ---- | C] () -- C:\Users\sanchej2.PTLIS-SANCHEJ2\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/14 11:26:23 | 000,000,000 | ---- | C] () -- C:\t1go.2
[2012/07/05 09:24:14 | 000,000,000 | ---- | C] () -- C:\t1fc.2
[2012/07/05 09:24:14 | 000,000,000 | ---- | C] () -- C:\t1fc.1
[2012/07/03 15:13:34 | 000,000,982 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-879983540-1177238915-483318Core1cd5926856371c.job
[2012/07/02 11:45:30 | 000,000,835 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yammer.lnk
[2012/07/02 11:45:30 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Yammer.lnk
[2012/06/21 14:33:46 | 000,001,779 | ---- | C] () -- C:\Users\Administrator\Desktop\MagicISO.lnk
[2011/12/28 00:13:45 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/28 00:13:43 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/28 00:13:43 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/28 00:13:43 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/11/30 13:34:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/11/30 13:29:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/30 10:50:32 | 000,001,690 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/11/30 04:25:18 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/11/29 15:24:55 | 000,720,514 | ---- | C] () -- C:\Windows\System32\prfh0816.dat
[2011/11/29 15:24:55 | 000,336,656 | ---- | C] () -- C:\Windows\System32\prfi0816.dat
[2011/11/29 15:24:55 | 000,152,350 | ---- | C] () -- C:\Windows\System32\prfc0816.dat
[2011/11/29 15:24:55 | 000,040,548 | ---- | C] () -- C:\Windows\System32\prfd0816.dat
[2011/11/29 15:09:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/02/16 18:57:06 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/02/16 18:56:36 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/02/15 16:24:50 | 000,036,275 | ---- | C] () -- C:\Windows\System32\drivers\tiumfw.bin
[2011/02/15 16:21:32 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/02/15 16:21:32 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/02/15 16:21:32 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/02/15 16:21:30 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/02/15 16:21:30 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/15 16:21:27 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/02/15 16:21:25 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/09/17 21:28:14 | 000,076,352 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2012/02/29 14:14:08 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

my OTL.TXT file is attached.Attached File  OTL.Txt   82.02KB   106 downloads
  • 0

Advertisements

#2
Render
Posted 19 July 2012 - 07:00 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#3
Render
Posted 04 August 2012 - 03:57 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP