|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
||||
|
||||
hi TOM, thanks a lot for all ur help... it was really a appreciable job done by u.. in a very quick and decent manner... thanks once again...
well the est log is attached below after scanning.... and one more thing, since yesterday night i am not facing that problem, ie, c.exe dilouge is not coming on screen, i believe that it has been resolved... anyway the log is below;;-- C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Cracks.rar multiple threats deleted - quarantined C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Keygens.rar multiple threats deleted - quarantined C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Patches.rar probably a variant of Win32/Agent trojan deleted - quarantined C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Serials.rar probably a variant of Win32/Agent trojan deleted - quarantined C:\_OTL\MovedFiles\01022010_174935\C_Users\RAVI GUPTA\AppData\Local\Temp\c.exe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\01022010_174935\C_WINDOWS\msa.e xe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\01022010_174935\C_WINDOWS\Syste m32\sshnas.dll Win32/TrojanDownloader.FakeAlert.ARF trojan cleaned by deleting - quarantined |
#17
|
||||
|
||||
Hi,
Please post back with a fresh OTL logfile . |
#18
|
||||
|
||||
here is the final log report :-
OTL logfile created on: 04-01-2010 05:04:25 - Run 3 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.76 Gb Total Space | 54.42 Gb Free Space | 39.50% Space Free | Partition Type: NTFS Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RAVIGUPTA-PC Current User Name: RAVI GUPTA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe PRC - [2009-12-10 18:08:25 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2009-12-10 03:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Users\RAVI GUPTA\AppData\Local\Google\Chrome\Application\chro me.exe PRC - [2009-12-01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2009-12-01 13:37:46 | 00,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2009-11-18 02:37:18 | 00,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2009-11-13 01:42:18 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-04-11 10:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-03-07 02:44:56 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008-11-05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008-04-10 10:01:42 | 00,442,368 | ---- | M] () -- C:\Program Files\PC2Phone\PC2Phone.exe PRC - [2008-01-18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-10-01 06:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe PRC - [2007-10-01 06:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe PRC - [2007-10-01 06:34:14 | 00,181,544 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hp\QuickPlay\QPService.exe PRC - [2007-09-20 04:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2007-09-20 01:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2007-09-19 19:39:04 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe PRC - [2007-09-19 19:39:02 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2007-09-19 19:38:52 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2007-09-13 19:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2007-09-06 00:09:54 | 01,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007-09-06 00:09:54 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-09-05 00:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe PRC - [2007-08-30 04:44:01 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-07-10 18:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe PRC - [2007-05-16 21:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2007-05-08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe PRC - [2007-03-11 15:21:50 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2007-01-29 23:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2007-01-09 14:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007-01-09 02:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2007-01-02 01:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2006-11-02 13:45:35 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe PRC - [2006-09-08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe PRC - [2006-05-03 02:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe ========== Modules (SafeList) ========== MOD - [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe MOD - [2009-04-11 10:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009-12-01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009-11-18 02:37:40 | 00,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2009-11-18 02:37:18 | 00,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2009-11-13 01:42:18 | 00,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2009-09-25 05:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache) SRV - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-03-07 02:44:56 | 01,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008-01-18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-10-01 06:34:54 | 00,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS) SRV - [2007-10-01 06:34:54 | 00,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS) SRV - [2007-09-20 04:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service) SRV - [2007-08-30 04:44:05 | 03,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2007-08-30 04:44:01 | 00,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007-07-24 03:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2007-07-10 18:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2007-03-05 21:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007-01-19 23:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007-01-09 14:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2006-11-02 16:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart) SRV - [2006-05-03 02:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) |
#19
|
||||
|
||||
========== Driver Services (SafeList) ==========
DRV - [2009-11-20 07:02:57 | 00,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsde fs\20091217.001\IDSvix86.sys -- (IDSvix86) DRV - [2009-09-17 12:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\2010 0102.020\NAVEX15.SYS -- (NAVEX15) DRV - [2009-09-17 12:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009-09-17 12:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009-09-17 12:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\2010 0102.020\NAVENG.SYS -- (NAVENG) DRV - [2009-09-16 00:04:58 | 00,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hssdrv.sys -- (HssDrv) DRV - [2009-09-16 00:04:58 | 00,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\taphss.sys -- (taphss) DRV - [2009-07-22 23:13:20 | 00,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009-04-11 08:42:54 | 00,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser) DRV - [2009-03-11 17:26:23 | 00,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009-02-19 11:31:42 | 00,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009-02-19 11:31:18 | 00,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009-02-19 11:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009-02-19 11:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009-02-19 11:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009-02-19 11:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2009-02-09 08:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-02-09 08:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-02-09 08:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-02-09 08:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008-09-05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008-04-16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RimUsb.sys -- (RimUsb) DRV - [2008-03-04 02:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008-01-24 01:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tapvpn.sys -- (tapvpn) DRV - [2007-11-30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007-11-30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007-11-30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007-10-01 19:35:52 | 00,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007-09-20 21:22:00 | 00,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2007-09-18 17:12:28 | 00,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007-09-18 17:12:28 | 00,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2007-09-18 17:12:28 | 00,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2007-09-13 19:23:50 | 01,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007-09-13 19:23:50 | 01,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007-08-29 02:47:36 | 00,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007-08-09 07:42:08 | 00,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-07-30 22:54:02 | 00,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-07-30 21:42:58 | 00,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007-07-11 21:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007-07-10 18:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-06-28 19:09:56 | 02,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007-06-20 15:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007-06-20 15:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007-06-20 15:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007-06-19 04:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007-04-18 16:03:26 | 00,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006-11-02 13:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 13:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 13:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 13:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 13:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 13:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 13:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 13:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 13:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 13:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 13:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 13:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 13:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 13:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 13:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 13:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 13:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 13:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 13:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 13:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 13:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 13:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 13:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 13:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 13:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 13:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 13:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 13:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 13:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 13:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 13:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 13:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 13:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 12:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 12:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 12:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 12:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 12:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 12:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 11:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006-11-02 11:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 11:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006-11-02 11:30:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\e100b325.sys -- (E100B) Intel(R) DRV - [2006-11-02 11:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 11:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006-11-02 10:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006-06-19 03:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.rediff.com/ IE - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000\S-1-5-21-3764582418-2839393323-3836082501-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksyn c@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-24 17:25:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\otis@dig italpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-12-28 17:37:25 | 00,000,000 | ---D | M] |
#20
|
||||
|
||||
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e (CyberLink Corp.) O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Yahoo Messenger] File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000..\Run: [Google Update] C:\Users\RAVI GUPTA\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000..\Run: [googletalk] C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000..\Run: [WBEMSoftware] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\.DEFAULT..\RunOnce: [] File not found O4 - HKU\S-1-5-18..\RunOnce: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [] File not found O4 - HKU\S-1-5-20..\RunOnce: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.64.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3764582418-2839393323-3836082501-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-19 01:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-01-02 18:40:13 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2010-01-02 18:22:36 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Malwarebytes [2010-01-02 18:22:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-01-02 18:22:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-01-02 18:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-01-02 18:22:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-01-02 17:49:35 | 00,000,000 | ---D | C] -- C:\_OTL [2010-01-02 15:38:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe [2009-12-31 17:34:28 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Local\Bump Technologies, Inc [2009-12-31 16:29:52 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\tr [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\sv [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ru [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\no [2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\da [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ko [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ja [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\it [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\fr [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\es [2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\de [2009-12-28 17:37:24 | 00,000,000 | ---D | C] -- C:\Windows\DPDrv [2009-12-28 17:31:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2009-12-19 15:36:25 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\Documents\Downloads [2009-12-17 23:19:10 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Mozilla [2009-12-16 05:56:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton [2009-12-09 20:31:10 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2009-12-09 20:31:07 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2009-12-09 16:13:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\TVUAx [2009-12-09 15:27:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009-12-09 15:27:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009-12-09 15:27:21 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009-12-09 15:27:20 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009-12-09 15:27:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2009-12-09 15:27:20 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009-12-09 15:27:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009-12-09 15:27:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009-12-09 15:27:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2009-12-09 15:27:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009-12-09 15:27:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009-12-09 15:27:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2009-12-09 15:27:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009-12-09 15:27:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2009-12-09 14:43:20 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll ========== Files - Modified Within 30 Days ========== [2010-01-04 05:08:27 | 03,932,160 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT [2010-01-04 04:57:10 | 00,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job [2010-01-04 04:18:00 | 00,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000UA.job [2010-01-04 03:55:02 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-01-04 03:55:02 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-01-03 18:18:01 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000Core.job [2010-01-03 16:38:46 | 00,089,088 | ---- | M] () -- C:\Users\RAVI GUPTA\Desktop\return ticket.doc [2010-01-03 16:34:22 | 00,090,112 | ---- | M] () -- C:\Users\RAVI GUPTA\Desktop\ticket.doc [2010-01-02 18:28:53 | 00,129,536 | ---- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-02 18:22:35 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-01-02 18:00:52 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-01-02 18:00:51 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-01-02 18:00:51 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-01-02 17:56:50 | 00,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010-01-02 17:54:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-01-02 17:54:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-01-02 17:52:29 | 00,004,466 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-01-02 17:52:22 | 00,065,536 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-01-02 17:52:21 | 00,524,288 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010-01-01 16:58:00 | 00,014,028 | ---- | M] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent [2010-01-01 15:10:04 | 02,131,617 | -H-- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\IconCache.db [2009-12-30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009-12-30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009-12-28 21:21:11 | 00,000,504 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Run Full System Scan - RAVI GUPTA.job [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe [2009-12-19 15:34:56 | 00,002,067 | ---- | M] () -- C:\Users\RAVI GUPTA\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2010-01-03 16:38:46 | 00,089,088 | ---- | C] () -- C:\Users\RAVI GUPTA\Desktop\return ticket.doc [2010-01-03 16:34:21 | 00,090,112 | ---- | C] () -- C:\Users\RAVI GUPTA\Desktop\ticket.doc [2010-01-02 22:10:38 | 00,000,402 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job [2010-01-02 18:22:35 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-01-01 16:58:00 | 00,014,028 | ---- | C] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent [2009-12-19 15:34:56 | 00,002,067 | ---- | C] () -- C:\Users\RAVI GUPTA\Desktop\Google Chrome.lnk [2009-08-15 16:18:07 | 00,742,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-08-15 16:18:07 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-08-15 15:48:38 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\wklnhst.dat [2009-07-22 18:37:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-06-05 18:35:09 | 00,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2009-05-22 17:29:39 | 00,608,940 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\UserTile.png [2009-02-08 12:58:19 | 00,005,864 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\d3d9caps.dat [2009-01-08 20:48:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008-12-28 23:52:12 | 00,129,536 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\QSwitch.txt [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DSwitch.txt [2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\AtStart.txt [2008-05-20 09:14:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008-05-20 09:14:54 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008-05-20 09:14:54 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008-05-20 09:14:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007-09-05 23:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 16:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001-11-15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0507A16B < End of report > |
#21
|
||||
|
||||
hi TOM, i had posted the final OTL log, and i just wanna know, wether the problem is permanently solved or not, anyway till now that c.exe dilouge is not appeared on the screen. as well if the problem is resolved, then what should i do with both the softwares on desktop i mean OTL.EXE AND MALWARE.EXE . should i delete them or leave it like this..>>
|
#22
|
||||
|
||||
Hi,
Looks good Please doubleclick OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Everything what should left on your system could be deleted. Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean Hiding Hidden Files Please set your system to hide all hidden files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders. Check: Hide file extensions for known file types Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Purging System Restore Points Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future. Practice Safe Internet One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Make Internet Explorer 7 more secure
If we have helped you, please consider supporting Cyber Tech Help with a subscription. |
#23
|
||||
|
||||
it was a nice session....... i also learned so many things...
thanks a lot... for all ur help/..... |
#24
|
||||
|
||||
You're welcome
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
monka56 - moved by schrauber | monka56 | Malware Removal | 49 | March 6th, 2010 04:08 PM |
psf: my computer is doing a very similar thing - moved by schrauber | psf | Malware Removal | 1 | January 19th, 2010 11:30 PM |
Vrodrigu13 C.exe - moved by schrauber | Vrodrigu13 | Malware Removal | 32 | January 11th, 2010 07:17 PM |
punkydiamond - moved by schrauber | punkydiamond | Malware Removal | 1 | January 8th, 2010 06:43 PM |
janardhanan.j C.exe - moved by schrauber | janardhanan.j | Malware Removal | 6 | January 5th, 2010 10:02 PM |
All times are GMT +1. The time now is 12:30 AM.