|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 2nd, 2010, 02:13 PM
|
||||
|
||||
|
-=BULLETPROOF=- C.EXE - moved by schrauber
i am also facing the same problem since 4 - 5 days what commander panda was facing, ie, on the screen this diologue comes frequently, - C.EXE HAS STOPPED WORKING., i am having windows vista home premium, later i downloaded OTL.exe and run the same what schraber has written, and found the two text result, i am posting the same here below, pls check and tell me also the solution to resolve that problem.
OTL logfile created on: 02-01-2010 15:42:23 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.76 Gb Total Space | 54.56 Gb Free Space | 39.61% Space Free | Partition Type: NTFS Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RAVIGUPTA-PC Current User Name: RAVI GUPTA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009-12-31 17:33:51 | 00,176,640 | ---- | M] () -- C:\WINDOWS\msa.exe PRC - [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe PRC - [2009-12-01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2009-12-01 13:37:46 | 00,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2009-11-21 10:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-11-18 02:37:18 | 00,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2009-11-13 01:42:18 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-04-11 10:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-03-07 02:44:56 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008-12-09 06:30:46 | 00,715,912 | ---- | M] (IE7Pro.com) -- C:\Program Files\IEPro\MiniDM.exe PRC - [2008-11-05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008-01-18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-10-01 06:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe PRC - [2007-10-01 06:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe PRC - [2007-10-01 06:34:14 | 00,181,544 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hp\QuickPlay\QPService.exe PRC - [2007-09-20 04:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2007-09-20 01:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2007-09-19 19:39:04 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe PRC - [2007-09-19 19:39:02 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2007-09-19 19:38:52 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2007-09-13 19:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2007-09-06 00:09:54 | 01,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007-09-06 00:09:54 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-09-05 00:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe PRC - [2007-08-30 04:44:01 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-07-10 18:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe PRC - [2007-05-16 21:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2007-05-08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe PRC - [2007-03-11 15:21:50 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2007-01-29 23:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2007-01-09 14:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007-01-09 02:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2007-01-02 01:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2006-11-02 13:45:35 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe PRC - [2006-09-08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe PRC - [2006-05-03 02:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe ========== Modules (SafeList) ========== MOD - [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe MOD - [2009-04-11 10:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009-12-01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009-11-18 02:37:40 | 00,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2009-11-18 02:37:18 | 00,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2009-11-13 01:42:18 | 00,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2009-09-25 05:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache) SRV - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-03-07 02:44:56 | 01,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008-01-18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-10-01 06:34:54 | 00,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS) SRV - [2007-10-01 06:34:54 | 00,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS) SRV - [2007-09-20 04:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service) SRV - [2007-08-30 04:44:05 | 03,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2007-08-30 04:44:01 | 00,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007-07-24 03:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2007-07-10 18:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2007-03-05 21:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007-01-19 23:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007-01-09 14:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2006-11-02 16:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart) SRV - [2006-05-03 02:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.rediff.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksyn c@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-24 17:25:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\otis@dig italpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-12-28 17:37:25 | 00,000,000 | ---D | M] 
|
|
#2
January 2nd, 2010, 02:16 PM
|
||||
|
||||
|
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e (CyberLink Corp.) O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Yahoo Messenger] File not found O4 - HKCU..\Run: [Google Update] C:\Users\RAVI GUPTA\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [googletalk] C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [LosAlamos] C:\Windows\System32\sshnas.DLL () O4 - HKCU..\Run: [PUT2VIDQLG] C:\Users\RAVI GUPTA\AppData\Local\Temp\c.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WBEMSoftware] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-19 01:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005-09-11 19:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\Shell\AutoRun\command - "" = G:\cqxj.exe -- File not found O33 - MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\Shell\open\Command - "" = G:\cqxj.exe -- File not found O33 - MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe O33 - MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe O33 - MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found O33 - MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found O33 - MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\Shell\AutoRun\command - "" = H:\m0vnonh.bat -- File not found O33 - MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\Shell\open\Command - "" = H:\m0vnonh.bat -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\WINDOWS\System32\ias [2009-01-01 18:59:55 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010-01-02 15:38:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe [2009-12-31 17:34:28 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Local\Bump Technologies, Inc [2009-12-31 16:29:52 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\tr [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\sv [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ru [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\no [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\da [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ko [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ja [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\it [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\fr [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\es [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\de [2009-12-28 17:37:24 | 00,000,000 | ---D | C] -- C:\Windows\DPDrv [2009-12-28 17:31:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations ========== Files - Modified Within 14 Days ========== [2010-01-02 15:45:44 | 03,670,016 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT [2010-01-02 15:33:50 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job [2010-01-02 15:25:36 | 00,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010-01-02 15:18:00 | 00,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000UA.job [2010-01-02 15:11:54 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-01-02 15:11:54 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-01-02 15:03:01 | 00,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-01-01 18:18:00 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000Core.job [2010-01-01 16:58:00 | 00,014,028 | ---- | M] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent [2010-01-01 15:19:25 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-01-01 15:19:25 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-01-01 15:19:25 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-01-01 15:13:26 | 00,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010-01-01 15:11:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-01-01 15:11:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-01-01 15:10:27 | 00,004,466 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-01-01 15:10:19 | 00,524,288 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010-01-01 15:10:19 | 00,065,536 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-01-01 15:10:04 | 02,131,617 | -H-- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\IconCache.db [2009-12-31 17:33:51 | 00,176,640 | ---- | M] () -- C:\Windows\msa.exe [2009-12-31 17:33:38 | 00,240,128 | ---- | M] () -- C:\Windows\System32\sshnas.dll [2009-12-31 11:23:12 | 00,129,536 | ---- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-28 21:21:11 | 00,000,504 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Run Full System Scan - RAVI GUPTA.job [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2010-01-01 16:58:00 | 00,014,028 | ---- | C] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent [2009-12-31 17:33:58 | 00,000,298 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2009-12-31 17:33:54 | 00,176,640 | ---- | C] () -- C:\Windows\msa.exe [2009-12-31 17:33:52 | 00,000,250 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2009-12-31 17:33:37 | 00,240,128 | ---- | C] () -- C:\Windows\System32\sshnas.dll [2009-08-15 16:18:07 | 00,742,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-08-15 16:18:07 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-08-15 15:48:38 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\wklnhst.dat [2009-07-22 18:37:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-06-05 18:35:09 | 00,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2009-05-22 17:29:39 | 00,608,940 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\UserTile.png [2009-02-08 12:58:19 | 00,005,864 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\d3d9caps.dat [2009-01-08 20:48:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008-12-28 23:52:12 | 00,129,536 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\QSwitch.txt [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DSwitch.txt [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\AtStart.txt [2008-05-20 09:14:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008-05-20 09:14:54 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008-05-20 09:14:54 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008-05-20 09:14:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007-09-05 23:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 16:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001-11-15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2009-04-12 17:11:30 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\ActionVoip [2009-12-31 16:29:52 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc [2008-12-28 18:40:17 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\DigitalPersona [2008-12-28 23:01:11 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\InterVoip [2009-06-16 18:39:58 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Magic Academy [2008-12-29 00:03:38 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\MiniDm [2009-01-29 15:34:24 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Morpheus Software [2009-11-24 17:33:35 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Nokia [2009-11-24 17:31:05 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\PC Suite [2009-08-15 15:48:39 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Template [2010-01-02 11:32:02 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\uTorrent [2009-08-01 21:11:02 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\WildTangent [2010-01-01 15:10:27 | 00,032,624 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2010-01-02 15:33:50 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job [2010-01-02 15:03:01 | 00,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-01-02 15:25:36 | 00,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
|
|
#3
January 2nd, 2010, 02:17 PM
|
||||
|
||||
|
========== Purity Check ==========
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys [2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys [2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008-05-20 08:47:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2008-05-20 08:47:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_f2490cb0\AGP440.sys [2008-05-20 08:47:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006-11-02 13:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys [2006-11-02 13:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009-04-11 10:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys [2009-04-11 10:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys [2009-04-11 10:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys [2008-01-18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 13:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys [2008-12-28 19:20:51 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_7de13c21\atapi.sys [2008-12-28 19:20:51 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6000.16632_none_db337a442479c42c\atapi.sys [2008-12-28 19:20:51 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006-11-02 13:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll [2006-11-02 13:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007-01-13 09:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys [2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SwSetup\Drivers\TurboMEM\Winall\Driver\iastor.s ys [2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\drivers\iaStor.sys [2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaa hci.inf_cfa1dde4\iaStor.sys [2007-07-13 09:35:44 | 00,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys [2007-07-13 09:35:44 | 00,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SwSetup\Drivers\TurboMEM\Winall\Driver64\iastor .sys < MD5 for: IASTORV.SYS > [2008-01-18 23:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys [2008-01-18 23:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys [2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006-11-02 13:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll [2009-04-11 10:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll [2009-04-11 10:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll [2008-01-18 23:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys [2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys [2008-01-18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys [2008-01-18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008-01-18 23:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll [2006-11-02 13:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll [2009-04-11 10:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll [2009-04-11 10:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0507A16B < End of report >
|
|
#4
January 2nd, 2010, 02:20 PM
|
||||
|
||||
|
OTL Extras logfile created on: 02-01-2010 15:42:23 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.76 Gb Total Space | 54.56 Gb Free Space | 39.61% Space Free | Partition Type: NTFS Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RAVIGUPTA-PC Current User Name: RAVI GUPTA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Users\RAVI GUPTA\AppData\Local\Google\Chrome\Application\chro me.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0CACBF59-1D8A-4913-908C-98072F513F2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{34104991-9E6A-4097-84DA-288A47ED791A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3550ED49-E07C-4BAE-9615-51A95297E732}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{449295F3-E493-47BE-9F2A-189A6E4B0EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5183FBB5-31AA-49C0-9623-7CB0107CBF3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{63D650FA-5670-49DE-B553-A8EA3A56DAAB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{71D0419B-B836-47B9-876E-0419D5CBBDB1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A8F7E9D9-AB5F-415E-B122-0EE0C03C18E8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B49C2A4E-9418-4D79-95F3-F61A68A36C3A}" = lport=2869 | protocol=6 | dir=in | app=system | "{EED5133F-AADB-4455-B437-9ADEE4EC2601}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{053FAB8A-1CD3-466D-A4F2-3FCA035AA8DC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{0B4E837C-46B1-4B70-9125-0B07D3935323}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{18BAA8E5-050B-4DB4-8C00-CB48CEB9CD7C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{1CCD85A5-EFAB-4B21-ABB4-5E263E318B4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{324D37DC-1ED8-4709-A6A0-F431CDC431A8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{4FF025A7-DE8B-4E3E-AA62-E1C0633D643C}" = protocol=6 | dir=in | app=c:\program files\actionvoip.com\actionvoip\actionvoip.exe | "{56023B6E-E019-44FA-9960-F625D8A2CF12}" = protocol=17 | dir=in | app=c:\program files\actionvoip.com\actionvoip\actionvoip.exe | "{66C6FEDD-C474-46BD-BEDF-F4032C2CF632}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{6A258886-1559-4AB4-B67E-F6F278AF7A5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C54A0AF4-94EF-4C04-BB13-9A42035CC16F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D3DD5CB3-262C-408C-A4A7-BE4C41204DE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E3AEA1BC-A9AB-4E35-B93D-1994495FE6C2}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{F57A46A3-17B4-458E-A3B7-ABC25F53ADBB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{FA592A98-2A42-42D0-9D3C-54E00B3A910F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{FAA32CEE-4948-4D3B-98E0-1C48140EA5D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{73759B77-8FA8-483C-8C3E-7A9A6AF6918F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{8E3FD651-3C23-416D-B0A4-725493BF991B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{91F67CC5-32D8-4E9D-AEE7-6B5320E0E7F5}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=6 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe | "TCP Query User{B8312740-36F3-4F36-BD55-BA774DD9E2C3}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=6 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe | "TCP Query User{BB7BC338-4EC3-42BD-A1A3-3FE08F73C637}C:\program files\go1984\go1984.exe" = protocol=6 | dir=in | app=c:\program files\go1984\go1984.exe | "UDP Query User{21B67D05-8B42-4E72-A480-24736E3CD87E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{3766BEEC-C3FD-4C2A-99AE-F78C64B6CD4C}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=17 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe | "UDP Query User{6B3C52C6-460D-4DEC-AB7F-96EBA8D5E944}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=17 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe | "UDP Query User{8CB665FC-690F-4FA4-A364-CC565D7C51CE}C:\program files\go1984\go1984.exe" = protocol=17 | dir=in | app=c:\program files\go1984\go1984.exe | "UDP Query User{FBB489B2-E049-4E0B-9AA7-44B460FF44F8}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15 "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11 "{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{546A0B92-34FF-4796-A39A-4842FAF0B70E}" = ESU for Microsoft Vista "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install "{7F505F9B-0850-4011-9269-9D41A3B6A1EF}" = SymNet "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{861A5834-0AFF-41A6-B24B-91273E5E7E67}" = PC2Phone "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{97E67E7C-4A99-42FB-92D1-7F22194CCE9D}" = imiChat "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver "{A59861ED-F1E1-48D6-AA93-B7D3EC40453B}" = Symantec Real Time Storage Protection Component "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ActionVoip_is1" = ActionVoip "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Aplus Total DVD Ripper_is1" = Aplus Total DVD Ripper 1.39 "CCleaner" = CCleaner (remove only) "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "ConvertVid_is1" = Nuclear Coffee - ConvertVid "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3) "FastStone Image Viewer" = FastStone Image Viewer 3.6 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HDMI" = Intel(R) Graphics Media Accelerator Driver "HotspotShield" = Hotspot Shield 1.34 "IE7Pro" = IE7Pro "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "Kundli for Windows (Professional Edition)" = Kundli for Windows (Professional Edition) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Nimbuzz" = Nimbuzz 0.92.1 "Nokia PC Suite" = Nokia PC Suite "NSS" = NSS (remove only) "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4 "SopCast" = SopCast 3.0.3 "SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus Online (Symantec Corporation) "VLC media player" = VLC media player 1.0.1 "WildTangent hp Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR archiver "Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 4.2.0.56) "wwigo" = wwigo Install System "Yahoo! Messenger" = Yahoo! Messenger
|
|
#5
January 2nd, 2010, 02:21 PM
|
||||
|
||||
|
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "Google Chrome" = Google Chrome "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21-12-2009 12:51:34 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000 Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module rarext.dll, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00001af7, process id 0xd30, application start time 0x01ca7f7498a2d35c. Error - 21-12-2009 12:56:32 | Computer Name = RAVIGUPTA-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1e24 Start Time: 01ca825de2ca7950 Termination Time: 60000 Error - 26-12-2009 07:57:01 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module mshtml.dll, version 8.0.6001.18865, time stamp 0x4b078a9b, exception code 0xc00000fd, fault offset 0x000d6a3b, process id 0x1060, application start time 0x01ca861ff2d2f951. Error - 29-12-2009 07:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20 Description = Error - 29-12-2009 08:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20 Description = Error - 29-12-2009 09:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20 Description = Error - 29-12-2009 10:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20 Description = Error - 31-12-2009 09:34:01 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000 Description = Faulting application c.exe, version 0.0.0.0, time stamp 0x4b38c5a4, faulting module mshtml.dll_unloaded, version 0.0.0.0, time stamp 0x4b078a9b, exception code 0xc0000005, fault offset 0x671b07ed, process id 0x280, application start time 0x01ca8a1de754d325. Error - 31-12-2009 11:13:51 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000 Description = Faulting application c.exe, version 0.0.0.0, time stamp 0x4b38c5a4, faulting module mshtml.dll_unloaded, version 0.0.0.0, time stamp 0x4b078a9b, exception code 0xc0000005, fault offset 0x671b07ed, process id 0x1638, application start time 0x01ca8a2bd9cce4f5. Error - 31-12-2009 11:23:47 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000 Description = Faulting application c.exe, version 0.0.0.0, time stamp 0x4b38c5a4, faulting module mshtml.dll_unloaded, version 0.0.0.0, time stamp 0x4b078a9b, exception code 0xc0000005, fault offset 0x671b07ed, process id 0x13b0, application start time 0x01ca8a2d3d7c5845. [ DigitalPersona Pro Events ] Error - 28-11-2009 07:18:50 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 29-11-2009 09:10:01 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 08-12-2009 08:43:53 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 09-12-2009 12:40:17 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 12-12-2009 09:59:03 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 17-12-2009 09:02:24 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 17-12-2009 19:56:55 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 22-12-2009 08:43:28 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 25-12-2009 07:25:55 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. Error - 27-12-2009 09:16:18 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075 Description = Agent cannot start. Description: Found other running Agent. [ System Events ] Error - 02-06-2009 20:09:34 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7030 Description = Error - 08-06-2009 10:12:08 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016 Description = Error - 08-06-2009 10:12:40 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08-06-2009 10:12:40 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10-06-2009 08:01:49 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016 Description = Error - 10-06-2009 08:02:16 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11-06-2009 10:42:00 | Computer Name = RAVIGUPTA-PC | Source = DCOM | ID = 10010 Description = Error - 11-06-2009 10:43:46 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016 Description = Error - 11-06-2009 10:44:49 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7000 Description = Error - 13-06-2009 06:10:53 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016 Description = < End of report >
|
|
#6
January 2nd, 2010, 02:37 PM
|
||||
|
||||
|
Hello, -=BULLETPROOF=-
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
I have moved your posts to an extra thread. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." Run OTL
|
|
#7
January 2nd, 2010, 03:06 PM
|
||||
|
||||
|
first of all thanks for replying so fast.. and thanks for making it a new thread..
well as u told, i run fix and then run scan also and here r the both results...>>> All processes killed ========== OTL ========== No active process named msa.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0 E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D7 2-626A-48EC-A868-BA8D5E23E045}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE 3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE 3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\LosAlamos deleted successfully. C:\WINDOWS\System32\sshnas.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\PUT2VIDQLG deleted successfully. C:\Users\RAVI GUPTA\AppData\Local\Temp\c.exe moved successfully. D:\AUTOMODE moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c72994 3-29d3-11de-bb11-001e37b78485}\ not found. File G:\cqxj.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c72994 3-29d3-11de-bb11-001e37b78485}\ not found. File G:\cqxj.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4327f e-8ba8-11de-af2b-001e37b78485}\ not found. File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4327f e-8ba8-11de-af2b-001e37b78485}\ not found. File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03d 4-fb72-11dd-99b3-001e37b78485}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03d 4-fb72-11dd-99b3-001e37b78485}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03e 4-fb72-11dd-99b3-001e37b78485}\ not found. File H:\m0vnonh.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03e 4-fb72-11dd-99b3-001e37b78485}\ not found. File H:\m0vnonh.bat not found. C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job moved successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. C:\WINDOWS\msa.exe moved successfully. File C:\Windows\System32\sshnas.dll not found. File C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found. File C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found. ========== FILES ========== File\Folder C:\recycler not found. File\Folder F:\recycler not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: RAVI GUPTA ->Temp folder emptied: 8862753 bytes ->Temporary Internet Files folder emptied: 77174454 bytes ->Java cache emptied: 52882897 bytes ->Google Chrome cache emptied: 106251361 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 290377078 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 511.00 mb OTL by OldTimer - Version 3.1.20.1 log created on 01022010_174935 Files\Folders moved on Reboot... C:\Users\RAVI GUPTA\AppData\Local\Temp\ehmsas.txt moved successfully. File\Folder C:\Windows\temp\JETD3C2.tmp not found! Registry entries deleted on Reboot...
|
|
#8
January 2nd, 2010, 03:09 PM
|
||||
|
||||
|
OTL logfile created on: 02-01-2010 18:01:00 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.76 Gb Total Space | 56.40 Gb Free Space | 40.94% Space Free | Partition Type: NTFS Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RAVIGUPTA-PC Current User Name: RAVI GUPTA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\RAVI GUPTA\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\RAVI GUPTA\AppData\Local\Google\Chrome\Application\chro me.exe (Google Inc.) PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe () PRC - C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe () PRC - C:\Program Files\Hp\QuickPlay\QPService.exe (CyberLink Corp.) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.) PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe () PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) ========== Modules (SafeList) ========== MOD - C:\Users\RAVI GUPTA\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (QPCapSvc) QuickPlay Background Capture Service (QBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () SRV - (QPSched) QuickPlay Task Scheduler (QTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe () SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (XAudioService) -- C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe () SRV - (ehstart) -- C:\WINDOWS\ehome\ehstart.dll (Microsoft Corporation) SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
|
|
#9
January 2nd, 2010, 03:11 PM
|
||||
|
||||
|
========== Driver Services (SafeList) ==========
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsde fs\20091217.001\IDSvix86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\2009 1231.041\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\2009 1231.041\NAVENG.SYS (Symantec Corporation) DRV - (HssDrv) -- C:\WINDOWS\System32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (tap0901) -- C:\WINDOWS\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (usbser) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation) DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (COH_Mon) -- C:\WINDOWS\System32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (RimUsb) -- C:\WINDOWS\System32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (tapvpn) -- C:\WINDOWS\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (SRTSPL) -- C:\WINDOWS\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (yukonwlh) -- C:\WINDOWS\System32\drivers\yk60x86.sys (Marvell) DRV - (btwavdt) -- C:\WINDOWS\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\WINDOWS\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\WINDOWS\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ApfiltrService) -- C:\WINDOWS\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E100B) Intel(R) -- C:\WINDOWS\System32\drivers\e100b325.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (secdrv) -- C:\WINDOWS\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (mdmxsdk) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys (Conexant) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.rediff.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-22 18:05:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksyn c@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-24 17:25:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\otis@dig italpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-12-28 17:37:25 | 00,000,000 | ---D | M]
|
|
#10
January 2nd, 2010, 03:13 PM
|
||||
|
||||
|
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e (CyberLink Corp.) O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Yahoo Messenger] File not found O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Users\RAVI GUPTA\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [googletalk] C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WBEMSoftware] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NofolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
|
|
#11
January 2nd, 2010, 03:13 PM
|
||||
|
||||
|
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-19 01:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-01-02 17:49:35 | 00,000,000 | ---D | C] -- C:\_OTL [2010-01-02 15:38:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe [2009-12-31 17:34:28 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Local\Bump Technologies, Inc [2009-12-31 16:29:52 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\tr [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\sv [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ru [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\no [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\da [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ko [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ja [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\it [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\fr [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\es [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\de [2009-12-28 17:37:24 | 00,000,000 | ---D | C] -- C:\Windows\DPDrv [2009-12-28 17:31:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2009-12-19 15:36:25 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\Documents\Downloads [2009-12-17 23:19:10 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Mozilla [2009-12-16 05:56:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton [2009-12-09 20:31:10 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2009-12-09 20:31:07 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2009-12-09 16:13:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\TVUAx [2009-12-09 15:27:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009-12-09 15:27:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009-12-09 15:27:21 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009-12-09 15:27:20 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009-12-09 15:27:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2009-12-09 15:27:20 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009-12-09 15:27:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009-12-09 15:27:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009-12-09 15:27:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2009-12-09 15:27:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009-12-09 15:27:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009-12-09 15:27:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2009-12-09 15:27:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009-12-09 15:27:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2009-12-09 14:43:20 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll ========== Files - Modified Within 30 Days ========== [2010-01-02 18:04:27 | 03,932,160 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT [2010-01-02 18:00:52 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-01-02 18:00:51 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-01-02 18:00:51 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-01-02 17:56:50 | 00,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010-01-02 17:54:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-01-02 17:54:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-01-02 17:54:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-01-02 17:54:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-01-02 17:52:29 | 00,004,466 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-01-02 17:52:22 | 00,065,536 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-01-02 17:52:21 | 00,524,288 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010-01-02 17:18:00 | 00,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000UA.job [2010-01-01 18:18:00 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000Core.job [2010-01-01 16:58:00 | 00,014,028 | ---- | M] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent [2010-01-01 15:10:04 | 02,131,617 | -H-- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\IconCache.db [2009-12-31 11:23:12 | 00,129,536 | ---- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-28 21:21:11 | 00,000,504 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Run Full System Scan - RAVI GUPTA.job [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe [2009-12-19 15:34:56 | 00,002,067 | ---- | M] () -- C:\Users\RAVI GUPTA\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2010-01-01 16:58:00 | 00,014,028 | ---- | C] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent [2009-12-19 15:34:56 | 00,002,067 | ---- | C] () -- C:\Users\RAVI GUPTA\Desktop\Google Chrome.lnk [2009-08-15 16:18:07 | 00,742,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-08-15 16:18:07 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-08-15 15:48:38 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\wklnhst.dat [2009-07-22 18:37:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-06-05 18:35:09 | 00,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2009-05-22 17:29:39 | 00,608,940 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\UserTile.png [2009-02-08 12:58:19 | 00,005,864 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\d3d9caps.dat [2009-01-08 20:48:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008-12-28 23:52:12 | 00,129,536 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\QSwitch.txt [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DSwitch.txt [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\AtStart.txt [2008-05-20 09:14:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008-05-20 09:14:54 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008-05-20 09:14:54 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008-05-20 09:14:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007-09-05 23:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 16:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001-11-15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0507A16B < End of report >
|
|
#12
January 2nd, 2010, 03:16 PM
|
||||
|
||||
|
Hi,
Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Step 2 I'd like us to scan your machine with ESET OnlineScan
|
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
|
#13
January 2nd, 2010, 03:34 PM
|
||||
|
||||
|
Malwarebytes' Anti-Malware 1.43
Database version: 3477 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 02-01-2010 18:29:55 mbam-log-2010-01-02 (18-29-55).txt Scan type: Quick Scan Objects scanned: 96848 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
|
|
#15
January 3rd, 2010, 01:11 AM
|
||||
|
||||
|
hi TOM, thanks a lot for all ur help... it was really a appreciable job done by u.. in a very quick and decent manner... thanks once again...
well the est log is attached below after scanning.... and one more thing, since yesterday night i am not facing that problem, ie, c.exe dilouge is not coming on screen, i believe that it has been resolved... anyway the log is below;;-- C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Cracks.rar multiple threats deleted - quarantined C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Keygens.rar multiple threats deleted - quarantined C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Patches.rar probably a variant of Win32/Agent trojan deleted - quarantined C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Serials.rar probably a variant of Win32/Agent trojan deleted - quarantined C:\_OTL\MovedFiles\01022010_174935\C_Users\RAVI GUPTA\AppData\Local\Temp\c.exe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\01022010_174935\C_WINDOWS\msa.e xe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\01022010_174935\C_WINDOWS\Syste m32\sshnas.dll Win32/TrojanDownloader.FakeAlert.ARF trojan cleaned by deleting - quarantined
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| monka56 - moved by schrauber | monka56 | Malware Removal | 49 | March 6th, 2010 04:08 PM |
| psf: my computer is doing a very similar thing - moved by schrauber | psf | Malware Removal | 1 | January 19th, 2010 11:30 PM |
| Vrodrigu13 C.exe - moved by schrauber | Vrodrigu13 | Malware Removal | 32 | January 11th, 2010 07:17 PM |
| punkydiamond - moved by schrauber | punkydiamond | Malware Removal | 1 | January 8th, 2010 06:43 PM |
| janardhanan.j C.exe - moved by schrauber | janardhanan.j | Malware Removal | 6 | January 5th, 2010 10:02 PM |
All times are GMT +1. The time now is 12:18 AM.