Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old January 2nd, 2010, 02:13 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
-=BULLETPROOF=- C.EXE - moved by schrauber

i am also facing the same problem since 4 - 5 days what commander panda was facing, ie, on the screen this diologue comes frequently, - C.EXE HAS STOPPED WORKING., i am having windows vista home premium, later i downloaded OTL.exe and run the same what schraber has written, and found the two text result, i am posting the same here below, pls check and tell me also the solution to resolve that problem.

OTL logfile created on: 02-01-2010 15:42:23 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.76 Gb Total Space | 54.56 Gb Free Space | 39.61% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAVIGUPTA-PC
Current User Name: RAVI GUPTA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009-12-31 17:33:51 | 00,176,640 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe
PRC - [2009-12-01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009-12-01 13:37:46 | 00,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009-11-21 10:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-11-18 02:37:18 | 00,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009-11-13 01:42:18 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-04-11 10:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-03-07 02:44:56 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008-12-09 06:30:46 | 00,715,912 | ---- | M] (IE7Pro.com) -- C:\Program Files\IEPro\MiniDM.exe
PRC - [2008-11-05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008-01-18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-10-01 06:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007-10-01 06:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007-10-01 06:34:14 | 00,181,544 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hp\QuickPlay\QPService.exe
PRC - [2007-09-20 04:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007-09-20 01:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007-09-19 19:39:04 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2007-09-19 19:39:02 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007-09-19 19:38:52 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007-09-13 19:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007-09-06 00:09:54 | 01,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007-09-06 00:09:54 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-09-05 00:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007-08-30 04:44:01 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-07-10 18:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007-05-16 21:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007-05-08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2007-03-11 15:21:50 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007-01-29 23:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007-01-09 14:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007-01-09 02:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007-01-02 01:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006-11-02 13:45:35 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
PRC - [2006-09-08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2006-05-03 02:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe


========== Modules (SafeList) ==========

MOD - [2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe
MOD - [2009-04-11 10:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-12-01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009-11-18 02:37:40 | 00,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009-11-18 02:37:18 | 00,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009-11-13 01:42:18 | 00,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009-09-25 05:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009-03-07 02:44:56 | 01,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008-01-18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-10-01 06:34:54 | 00,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007-10-01 06:34:54 | 00,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007-09-20 04:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007-08-30 04:44:05 | 03,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007-08-30 04:44:01 | 00,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-07-24 03:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007-07-10 18:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007-03-05 21:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007-01-19 23:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007-01-09 14:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006-11-02 16:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006-05-03 02:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.rediff.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksyn c@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-24 17:25:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@dig italpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-12-28 17:37:25 | 00,000,000 | ---D | M]
Reply With Quote
  #2  
Old January 2nd, 2010, 02:16 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKCU..\Run: [Google Update] C:\Users\RAVI GUPTA\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [LosAlamos] C:\Windows\System32\sshnas.DLL ()
O4 - HKCU..\Run: [PUT2VIDQLG] C:\Users\RAVI GUPTA\AppData\Local\Temp\c.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WBEMSoftware] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-19 01:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 19:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\Shell\AutoRun\command - "" = G:\cqxj.exe -- File not found
O33 - MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\Shell\open\Command - "" = G:\cqxj.exe -- File not found
O33 - MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O33 - MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O33 - MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O33 - MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O33 - MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\Shell\AutoRun\command - "" = H:\m0vnonh.bat -- File not found
O33 - MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\Shell\open\Command - "" = H:\m0vnonh.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2009-01-01 18:59:55 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010-01-02 15:38:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe
[2009-12-31 17:34:28 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Local\Bump Technologies, Inc
[2009-12-31 16:29:52 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\tr
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\sv
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ru
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\no
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\da
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ko
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ja
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\it
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\fr
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\es
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\de
[2009-12-28 17:37:24 | 00,000,000 | ---D | C] -- C:\Windows\DPDrv
[2009-12-28 17:31:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations

========== Files - Modified Within 14 Days ==========

[2010-01-02 15:45:44 | 03,670,016 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT
[2010-01-02 15:33:50 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job
[2010-01-02 15:25:36 | 00,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-01-02 15:18:00 | 00,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000UA.job
[2010-01-02 15:11:54 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-01-02 15:11:54 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-01-02 15:03:01 | 00,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-01-01 18:18:00 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000Core.job
[2010-01-01 16:58:00 | 00,014,028 | ---- | M] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent
[2010-01-01 15:19:25 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-01-01 15:19:25 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-01-01 15:19:25 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-01-01 15:13:26 | 00,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010-01-01 15:11:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-01-01 15:11:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-01-01 15:10:27 | 00,004,466 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-01-01 15:10:19 | 00,524,288 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010-01-01 15:10:19 | 00,065,536 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-01-01 15:10:04 | 02,131,617 | -H-- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\IconCache.db
[2009-12-31 17:33:51 | 00,176,640 | ---- | M] () -- C:\Windows\msa.exe
[2009-12-31 17:33:38 | 00,240,128 | ---- | M] () -- C:\Windows\System32\sshnas.dll
[2009-12-31 11:23:12 | 00,129,536 | ---- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-28 21:21:11 | 00,000,504 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Run Full System Scan - RAVI GUPTA.job
[2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2010-01-01 16:58:00 | 00,014,028 | ---- | C] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent
[2009-12-31 17:33:58 | 00,000,298 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009-12-31 17:33:54 | 00,176,640 | ---- | C] () -- C:\Windows\msa.exe
[2009-12-31 17:33:52 | 00,000,250 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009-12-31 17:33:37 | 00,240,128 | ---- | C] () -- C:\Windows\System32\sshnas.dll
[2009-08-15 16:18:07 | 00,742,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-08-15 16:18:07 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-08-15 15:48:38 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\wklnhst.dat
[2009-07-22 18:37:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-06-05 18:35:09 | 00,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2009-05-22 17:29:39 | 00,608,940 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\UserTile.png
[2009-02-08 12:58:19 | 00,005,864 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\d3d9caps.dat
[2009-01-08 20:48:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-12-28 23:52:12 | 00,129,536 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\QSwitch.txt
[2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DSwitch.txt
[2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\AtStart.txt
[2008-05-20 09:14:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008-05-20 09:14:54 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008-05-20 09:14:54 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008-05-20 09:14:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007-09-05 23:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006-11-02 16:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001-11-15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009-04-12 17:11:30 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\ActionVoip
[2009-12-31 16:29:52 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc
[2008-12-28 18:40:17 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\DigitalPersona
[2008-12-28 23:01:11 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\InterVoip
[2009-06-16 18:39:58 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Magic Academy
[2008-12-29 00:03:38 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\MiniDm
[2009-01-29 15:34:24 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Morpheus Software
[2009-11-24 17:33:35 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Nokia
[2009-11-24 17:31:05 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\PC Suite
[2009-08-15 15:48:39 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\Template
[2010-01-02 11:32:02 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\uTorrent
[2009-08-01 21:11:02 | 00,000,000 | ---D | M] -- C:\Users\RAVI GUPTA\AppData\Roaming\WildTangent
[2010-01-01 15:10:27 | 00,032,624 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010-01-02 15:33:50 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job
[2010-01-02 15:03:01 | 00,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-01-02 15:25:36 | 00,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Reply With Quote
  #3  
Old January 2nd, 2010, 02:17 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys
[2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys
[2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008-05-20 08:47:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2008-05-20 08:47:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_f2490cb0\AGP440.sys
[2008-05-20 08:47:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006-11-02 13:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006-11-02 13:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-11 10:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009-04-11 10:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys
[2009-04-11 10:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys
[2008-01-18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 13:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys
[2008-12-28 19:20:51 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\msh dc.inf_7de13c21\atapi.sys
[2008-12-28 19:20:51 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6000.16632_none_db337a442479c42c\atapi.sys
[2008-12-28 19:20:51 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 13:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006-11-02 13:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007-01-13 09:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys
[2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SwSetup\Drivers\TurboMEM\Winall\Driver\iastor.s ys
[2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\drivers\iaStor.sys
[2007-07-13 09:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaa hci.inf_cfa1dde4\iaStor.sys
[2007-07-13 09:35:44 | 00,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys
[2007-07-13 09:35:44 | 00,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SwSetup\Drivers\TurboMEM\Winall\Driver64\iastor .sys

< MD5 for: IASTORV.SYS >
[2008-01-18 23:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys
[2008-01-18 23:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006-11-02 13:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006-11-02 13:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll
[2009-04-11 10:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009-04-11 10:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll
[2008-01-18 23:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006-11-02 13:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys
[2008-01-18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys
[2008-01-18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008-01-18 23:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll
[2006-11-02 13:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll
[2009-04-11 10:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009-04-11 10:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0507A16B
< End of report >
Reply With Quote
  #4  
Old January 2nd, 2010, 02:20 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
OTL Extras logfile created on: 02-01-2010 15:42:23 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.76 Gb Total Space | 54.56 Gb Free Space | 39.61% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAVIGUPTA-PC
Current User Name: RAVI GUPTA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\RAVI GUPTA\AppData\Local\Google\Chrome\Application\chro me.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0CACBF59-1D8A-4913-908C-98072F513F2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34104991-9E6A-4097-84DA-288A47ED791A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3550ED49-E07C-4BAE-9615-51A95297E732}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{449295F3-E493-47BE-9F2A-189A6E4B0EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5183FBB5-31AA-49C0-9623-7CB0107CBF3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63D650FA-5670-49DE-B553-A8EA3A56DAAB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{71D0419B-B836-47B9-876E-0419D5CBBDB1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A8F7E9D9-AB5F-415E-B122-0EE0C03C18E8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B49C2A4E-9418-4D79-95F3-F61A68A36C3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EED5133F-AADB-4455-B437-9ADEE4EC2601}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{053FAB8A-1CD3-466D-A4F2-3FCA035AA8DC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0B4E837C-46B1-4B70-9125-0B07D3935323}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{18BAA8E5-050B-4DB4-8C00-CB48CEB9CD7C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{1CCD85A5-EFAB-4B21-ABB4-5E263E318B4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{324D37DC-1ED8-4709-A6A0-F431CDC431A8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{4FF025A7-DE8B-4E3E-AA62-E1C0633D643C}" = protocol=6 | dir=in | app=c:\program files\actionvoip.com\actionvoip\actionvoip.exe |
"{56023B6E-E019-44FA-9960-F625D8A2CF12}" = protocol=17 | dir=in | app=c:\program files\actionvoip.com\actionvoip\actionvoip.exe |
"{66C6FEDD-C474-46BD-BEDF-F4032C2CF632}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6A258886-1559-4AB4-B67E-F6F278AF7A5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C54A0AF4-94EF-4C04-BB13-9A42035CC16F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D3DD5CB3-262C-408C-A4A7-BE4C41204DE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3AEA1BC-A9AB-4E35-B93D-1994495FE6C2}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{F57A46A3-17B4-458E-A3B7-ABC25F53ADBB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA592A98-2A42-42D0-9D3C-54E00B3A910F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{FAA32CEE-4948-4D3B-98E0-1C48140EA5D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{73759B77-8FA8-483C-8C3E-7A9A6AF6918F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{8E3FD651-3C23-416D-B0A4-725493BF991B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{91F67CC5-32D8-4E9D-AEE7-6B5320E0E7F5}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=6 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe |
"TCP Query User{B8312740-36F3-4F36-BD55-BA774DD9E2C3}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=6 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe |
"TCP Query User{BB7BC338-4EC3-42BD-A1A3-3FE08F73C637}C:\program files\go1984\go1984.exe" = protocol=6 | dir=in | app=c:\program files\go1984\go1984.exe |
"UDP Query User{21B67D05-8B42-4E72-A480-24736E3CD87E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{3766BEEC-C3FD-4C2A-99AE-F78C64B6CD4C}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=17 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe |
"UDP Query User{6B3C52C6-460D-4DEC-AB7F-96EBA8D5E944}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=17 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe |
"UDP Query User{8CB665FC-690F-4FA4-A364-CC565D7C51CE}C:\program files\go1984\go1984.exe" = protocol=17 | dir=in | app=c:\program files\go1984\go1984.exe |
"UDP Query User{FBB489B2-E049-4E0B-9AA7-44B460FF44F8}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{546A0B92-34FF-4796-A39A-4842FAF0B70E}" = ESU for Microsoft Vista
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{7F505F9B-0850-4011-9269-9D41A3B6A1EF}" = SymNet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{861A5834-0AFF-41A6-B24B-91273E5E7E67}" = PC2Phone
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E67E7C-4A99-42FB-92D1-7F22194CCE9D}" = imiChat
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A59861ED-F1E1-48D6-AA93-B7D3EC40453B}" = Symantec Real Time Storage Protection Component
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActionVoip_is1" = ActionVoip
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aplus Total DVD Ripper_is1" = Aplus Total DVD Ripper 1.39
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ConvertVid_is1" = Nuclear Coffee - ConvertVid
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"FastStone Image Viewer" = FastStone Image Viewer 3.6
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 1.34
"IE7Pro" = IE7Pro
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Kundli for Windows (Professional Edition)" = Kundli for Windows (Professional Edition)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nimbuzz" = Nimbuzz 0.92.1
"Nokia PC Suite" = Nokia PC Suite
"NSS" = NSS (remove only)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SopCast" = SopCast 3.0.3
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus Online (Symantec Corporation)
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 4.2.0.56)
"wwigo" = wwigo Install System
"Yahoo! Messenger" = Yahoo! Messenger
Reply With Quote
  #5  
Old January 2nd, 2010, 02:21 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21-12-2009 12:51:34 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module rarext.dll, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x00001af7, process id 0xd30, application
start time 0x01ca7f7498a2d35c.

Error - 21-12-2009 12:56:32 | Computer Name = RAVIGUPTA-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1e24 Start Time: 01ca825de2ca7950 Termination Time: 60000

Error - 26-12-2009 07:57:01 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module mshtml.dll, version 8.0.6001.18865, time stamp 0x4b078a9b,
exception code 0xc00000fd, fault offset 0x000d6a3b, process id 0x1060, application
start time 0x01ca861ff2d2f951.

Error - 29-12-2009 07:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20
Description =

Error - 29-12-2009 08:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20
Description =

Error - 29-12-2009 09:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20
Description =

Error - 29-12-2009 10:19:53 | Computer Name = RAVIGUPTA-PC | Source = Google Update | ID = 20
Description =

Error - 31-12-2009 09:34:01 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000
Description = Faulting application c.exe, version 0.0.0.0, time stamp 0x4b38c5a4,
faulting module mshtml.dll_unloaded, version 0.0.0.0, time stamp 0x4b078a9b, exception
code 0xc0000005, fault offset 0x671b07ed, process id 0x280, application start time
0x01ca8a1de754d325.

Error - 31-12-2009 11:13:51 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000
Description = Faulting application c.exe, version 0.0.0.0, time stamp 0x4b38c5a4,
faulting module mshtml.dll_unloaded, version 0.0.0.0, time stamp 0x4b078a9b, exception
code 0xc0000005, fault offset 0x671b07ed, process id 0x1638, application start time
0x01ca8a2bd9cce4f5.

Error - 31-12-2009 11:23:47 | Computer Name = RAVIGUPTA-PC | Source = Application Error | ID = 1000
Description = Faulting application c.exe, version 0.0.0.0, time stamp 0x4b38c5a4,
faulting module mshtml.dll_unloaded, version 0.0.0.0, time stamp 0x4b078a9b, exception
code 0xc0000005, fault offset 0x671b07ed, process id 0x13b0, application start time
0x01ca8a2d3d7c5845.

[ DigitalPersona Pro Events ]
Error - 28-11-2009 07:18:50 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 29-11-2009 09:10:01 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 08-12-2009 08:43:53 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 09-12-2009 12:40:17 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 12-12-2009 09:59:03 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 17-12-2009 09:02:24 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 17-12-2009 19:56:55 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 22-12-2009 08:43:28 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 25-12-2009 07:25:55 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 27-12-2009 09:16:18 | Computer Name = RAVIGUPTA-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

[ System Events ]
Error - 02-06-2009 20:09:34 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 08-06-2009 10:12:08 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016
Description =

Error - 08-06-2009 10:12:40 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08-06-2009 10:12:40 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10-06-2009 08:01:49 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016
Description =

Error - 10-06-2009 08:02:16 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11-06-2009 10:42:00 | Computer Name = RAVIGUPTA-PC | Source = DCOM | ID = 10010
Description =

Error - 11-06-2009 10:43:46 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016
Description =

Error - 11-06-2009 10:44:49 | Computer Name = RAVIGUPTA-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13-06-2009 06:10:53 | Computer Name = RAVIGUPTA-PC | Source = HTTP | ID = 15016
Description =


< End of report >
Reply With Quote
  #6  
Old January 2nd, 2010, 02:37 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, -=BULLETPROOF=-
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


I have moved your posts to an extra thread.



Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    PRC - [2009-12-31 17:33:51 | 00,176,640 | ---- | M] () -- C:\WINDOWS\msa.exe
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKCU..\Run: [LosAlamos] C:\Windows\System32\sshnas.DLL ()
    O4 - HKCU..\Run: [PUT2VIDQLG] C:\Users\RAVI GUPTA\AppData\Local\Temp\c.exe ()
    O32 - AutoRun File - [2005-09-11 19:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O33 - MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\Shell\AutoRun\command - "" = G:\cqxj.exe -- File not found
    O33 - MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\Shell\open\Command - "" = G:\cqxj.exe -- File not found
    O33 - MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
    O33 - MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
    O33 - MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
    O33 - MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
    O33 - MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\Shell\AutoRun\command - "" = H:\m0vnonh.bat -- File not found
    O33 - MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\Shell\open\Command - "" = H:\m0vnonh.bat -- File not found
    [2010-01-02 15:33:50 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job
    [2010-01-02 15:25:36 | 00,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010-01-02 15:03:01 | 00,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2009-12-31 17:33:51 | 00,176,640 | ---- | M] () -- C:\Windows\msa.exe
    [2009-12-31 17:33:38 | 00,240,128 | ---- | M] () -- C:\Windows\System32\sshnas.dll
    [2009-12-31 17:33:58 | 00,000,298 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2009-12-31 17:33:52 | 00,000,250 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    
    :Files
    C:\recycler
    F:\recycler
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Reply With Quote
  #7  
Old January 2nd, 2010, 03:06 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
first of all thanks for replying so fast.. and thanks for making it a new thread..
well as u told, i run fix and then run scan also and here r the both results...>>>


All processes killed
========== OTL ==========
No active process named msa.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0 E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D7 2-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE 3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE 3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\LosAlamos deleted successfully.
C:\WINDOWS\System32\sshnas.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\PUT2VIDQLG deleted successfully.
C:\Users\RAVI GUPTA\AppData\Local\Temp\c.exe moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c72994 3-29d3-11de-bb11-001e37b78485}\ not found.
File G:\cqxj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{1c729943-29d3-11de-bb11-001e37b78485}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c72994 3-29d3-11de-bb11-001e37b78485}\ not found.
File G:\cqxj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4327f e-8ba8-11de-af2b-001e37b78485}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{3e4327fe-8ba8-11de-af2b-001e37b78485}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4327f e-8ba8-11de-af2b-001e37b78485}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03d 4-fb72-11dd-99b3-001e37b78485}\ not found.
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03d4-fb72-11dd-99b3-001e37b78485}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03d 4-fb72-11dd-99b3-001e37b78485}\ not found.
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03e 4-fb72-11dd-99b3-001e37b78485}\ not found.
File H:\m0vnonh.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{717a03e4-fb72-11dd-99b3-001e37b78485}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717a03e 4-fb72-11dd-99b3-001e37b78485}\ not found.
File H:\m0vnonh.bat not found.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7319BE4-3376-4A13-B9F9-6B57EE728E8F}.job moved successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\msa.exe moved successfully.
File C:\Windows\System32\sshnas.dll not found.
File C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
File C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
========== FILES ==========
File\Folder C:\recycler not found.
File\Folder F:\recycler not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: RAVI GUPTA
->Temp folder emptied: 8862753 bytes
->Temporary Internet Files folder emptied: 77174454 bytes
->Java cache emptied: 52882897 bytes
->Google Chrome cache emptied: 106251361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 290377078 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 511.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 01022010_174935

Files\Folders moved on Reboot...
C:\Users\RAVI GUPTA\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JETD3C2.tmp not found!

Registry entries deleted on Reboot...
Reply With Quote
  #8  
Old January 2nd, 2010, 03:09 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
OTL logfile created on: 02-01-2010 18:01:00 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\RAVI GUPTA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.76 Gb Total Space | 56.40 Gb Free Space | 40.94% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 2.35 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAVIGUPTA-PC
Current User Name: RAVI GUPTA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\RAVI GUPTA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\RAVI GUPTA\AppData\Local\Google\Chrome\Application\chro me.exe (Google Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe ()
PRC - C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe ()
PRC - C:\Program Files\Hp\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)


========== Modules (SafeList) ==========

MOD - C:\Users\RAVI GUPTA\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (QPCapSvc) QuickPlay Background Capture Service (QBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
SRV - (QPSched) QuickPlay Task Scheduler (QTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()
SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (XAudioService) -- C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (ehstart) -- C:\WINDOWS\ehome\ehstart.dll (Microsoft Corporation)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
Reply With Quote
  #9  
Old January 2nd, 2010, 03:11 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
========== Driver Services (SafeList) ==========

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsde fs\20091217.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\2009 1231.041\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\2009 1231.041\NAVENG.SYS (Symantec Corporation)
DRV - (HssDrv) -- C:\WINDOWS\System32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (tap0901) -- C:\WINDOWS\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (usbser) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (COH_Mon) -- C:\WINDOWS\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (RimUsb) -- C:\WINDOWS\System32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (tapvpn) -- C:\WINDOWS\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (SRTSPL) -- C:\WINDOWS\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (yukonwlh) -- C:\WINDOWS\System32\drivers\yk60x86.sys (Marvell)
DRV - (btwavdt) -- C:\WINDOWS\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\WINDOWS\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\WINDOWS\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ApfiltrService) -- C:\WINDOWS\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E100B) Intel(R) -- C:\WINDOWS\System32\drivers\e100b325.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (secdrv) -- C:\WINDOWS\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys (Conexant)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.rediff.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-22 18:05:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksyn c@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-24 17:25:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@dig italpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-12-28 17:37:25 | 00,000,000 | ---D | M]
Reply With Quote
  #10  
Old January 2nd, 2010, 03:13 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\RAVI GUPTA\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\RAVI GUPTA\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WBEMSoftware] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NofolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
Reply With Quote
  #11  
Old January 2nd, 2010, 03:13 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-19 01:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-01-02 17:49:35 | 00,000,000 | ---D | C] -- C:\_OTL
[2010-01-02 15:38:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe
[2009-12-31 17:34:28 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Local\Bump Technologies, Inc
[2009-12-31 16:29:52 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Bump Technologies, Inc
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\tr
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\sv
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ru
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\no
[2009-12-28 17:37:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\da
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ko
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\ja
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\it
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\fr
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\es
[2009-12-28 17:37:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\de
[2009-12-28 17:37:24 | 00,000,000 | ---D | C] -- C:\Windows\DPDrv
[2009-12-28 17:31:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009-12-19 15:36:25 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\Documents\Downloads
[2009-12-17 23:19:10 | 00,000,000 | ---D | C] -- C:\Users\RAVI GUPTA\AppData\Roaming\Mozilla
[2009-12-16 05:56:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009-12-09 20:31:10 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009-12-09 20:31:07 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009-12-09 16:13:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2009-12-09 15:27:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009-12-09 15:27:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009-12-09 15:27:21 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009-12-09 15:27:20 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009-12-09 15:27:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009-12-09 15:27:20 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009-12-09 15:27:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009-12-09 15:27:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009-12-09 15:27:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009-12-09 15:27:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009-12-09 15:27:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009-12-09 15:27:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009-12-09 15:27:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009-12-09 15:27:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009-12-09 14:43:20 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll

========== Files - Modified Within 30 Days ==========

[2010-01-02 18:04:27 | 03,932,160 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT
[2010-01-02 18:00:52 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-01-02 18:00:51 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-01-02 18:00:51 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-01-02 17:56:50 | 00,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010-01-02 17:54:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-01-02 17:54:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-01-02 17:54:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-01-02 17:54:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-01-02 17:52:29 | 00,004,466 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-01-02 17:52:22 | 00,065,536 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-01-02 17:52:21 | 00,524,288 | -HS- | M] () -- C:\Users\RAVI GUPTA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010-01-02 17:18:00 | 00,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000UA.job
[2010-01-01 18:18:00 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3764582418-2839393323-3836082501-1000Core.job
[2010-01-01 16:58:00 | 00,014,028 | ---- | M] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent
[2010-01-01 15:10:04 | 02,131,617 | -H-- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\IconCache.db
[2009-12-31 11:23:12 | 00,129,536 | ---- | M] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-28 21:21:11 | 00,000,504 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Run Full System Scan - RAVI GUPTA.job
[2009-12-25 21:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\RAVI GUPTA\Desktop\OTL.exe
[2009-12-19 15:34:56 | 00,002,067 | ---- | M] () -- C:\Users\RAVI GUPTA\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010-01-01 16:58:00 | 00,014,028 | ---- | C] () -- C:\Users\RAVI GUPTA\Documents\Irenka and Andel Hot Teens [DesiBBrG.com].wmv.torrent
[2009-12-19 15:34:56 | 00,002,067 | ---- | C] () -- C:\Users\RAVI GUPTA\Desktop\Google Chrome.lnk
[2009-08-15 16:18:07 | 00,742,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-08-15 16:18:07 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-08-15 15:48:38 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\wklnhst.dat
[2009-07-22 18:37:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-06-05 18:35:09 | 00,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2009-05-22 17:29:39 | 00,608,940 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Roaming\UserTile.png
[2009-02-08 12:58:19 | 00,005,864 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\d3d9caps.dat
[2009-01-08 20:48:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-12-28 23:52:12 | 00,129,536 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\QSwitch.txt
[2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\DSwitch.txt
[2008-12-28 18:41:04 | 00,000,000 | ---- | C] () -- C:\Users\RAVI GUPTA\AppData\Local\AtStart.txt
[2008-05-20 09:14:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008-05-20 09:14:54 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008-05-20 09:14:54 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008-05-20 09:14:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007-09-05 23:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006-11-02 16:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001-11-15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0507A16B
< End of report >
Reply With Quote
  #12  
Old January 2nd, 2010, 03:16 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hi,


Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Reply With Quote
  #13  
Old January 2nd, 2010, 03:34 PM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
Malwarebytes' Anti-Malware 1.43
Database version: 3477
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

02-01-2010 18:29:55
mbam-log-2010-01-02 (18-29-55).txt

Scan type: Quick Scan
Objects scanned: 96848
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #14  
Old January 2nd, 2010, 03:44 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Ok, post back with the ESET log when you are ready and tell me how your system is running.
Reply With Quote
  #15  
Old January 3rd, 2010, 01:11 AM
-=BULLETPROOF=-'s Avatar
-=BULLETPROOF=- -=BULLETPROOF=- is offline
Member
 
Join Date: Jan 2010
Posts: 36
hi TOM, thanks a lot for all ur help... it was really a appreciable job done by u.. in a very quick and decent manner... thanks once again...
well the est log is attached below after scanning.... and one more thing, since yesterday night i am not facing that problem, ie, c.exe dilouge is not coming on screen, i believe that it has been resolved... anyway the log is below;;--


C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Cracks.rar multiple threats deleted - quarantined
C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Keygens.rar multiple threats deleted - quarantined
C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Patches.rar probably a variant of Win32/Agent trojan deleted - quarantined
C:\Users\RAVI GUPTA\Documents\RAVI GUPTA\Serials.rar probably a variant of Win32/Agent trojan deleted - quarantined
C:\_OTL\MovedFiles\01022010_174935\C_Users\RAVI GUPTA\AppData\Local\Temp\c.exe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01022010_174935\C_WINDOWS\msa.e xe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01022010_174935\C_WINDOWS\Syste m32\sshnas.dll Win32/TrojanDownloader.FakeAlert.ARF trojan cleaned by deleting - quarantined
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
monka56 - moved by schrauber monka56 Malware Removal 49 March 6th, 2010 04:08 PM
psf: my computer is doing a very similar thing - moved by schrauber psf Malware Removal 1 January 19th, 2010 11:30 PM
Vrodrigu13 C.exe - moved by schrauber Vrodrigu13 Malware Removal 32 January 11th, 2010 07:17 PM
punkydiamond - moved by schrauber punkydiamond Malware Removal 1 January 8th, 2010 06:43 PM
janardhanan.j C.exe - moved by schrauber janardhanan.j Malware Removal 6 January 5th, 2010 10:02 PM


All times are GMT +1. The time now is 12:14 AM.