Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Abhay Goel on March 04, 2011, 01:52:31 AM
-
I have also run MBR check and the report is as follows:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 112):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7B07000 \WINDOWS\system32\KDCOM.DLL
0xF7A17000 \WINDOWS\system32\BOOTVID.dll
0xF74D8000 ACPI.sys
0xF7B09000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74C7000 pci.sys
0xF7607000 isapnp.sys
0xF7BCF000 pciide.sys
0xF7887000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7617000 MountMgr.sys
0xF74A8000 ftdisk.sys
0xF7B0B000 dmload.sys
0xF7482000 dmio.sys
0xF788F000 PartMgr.sys
0xF7627000 VolSnap.sys
0xF746A000 atapi.sys
0xF7637000 disk.sys
0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF744A000 fltmgr.sys
0xF7438000 sr.sys
0xF7421000 KSecDD.sys
0xF740E000 WudfPf.sys
0xF7381000 Ntfs.sys
0xF7354000 NDIS.sys
0xF733A000 Mup.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF790F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6E86000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7917000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6E5E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7ACB000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6E4A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF791F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7927000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7807000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7817000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6E27000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7827000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AD3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E10000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7837000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7847000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF792F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6DFF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7857000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7937000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF793F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6DCF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7867000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B29000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6D71000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7877000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7677000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B2B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B2F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CE7000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B31000 \SystemRoot\System32\Drivers\Beep.SYS
0xF795F000 \SystemRoot\System32\drivers\vga.sys
0xF5FA0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7B33000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7967000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF796F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AA3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5F45000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5EEC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5EC4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7697000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5E9E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5E7C000 \SystemRoot\System32\drivers\afd.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7977000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5E51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5DE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5DBB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF798F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B3D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7737000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF5DA3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B53000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6D20000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79A7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CD8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF574E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF7AAF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF54C9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B11000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF5241000 \SystemRoot\system32\DRIVERS\srv.sys
0xF4DF0000 \SystemRoot\System32\Drivers\HTTP.sys
0xF4A3F000 \SystemRoot\system32\DRIVERS\ewusbdev.sys
0xF7947000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF4A25000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF7997000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF4DD0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xF4A01000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF439C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF4378000 \SystemRoot\system32\drivers\portcls.sys
0xF47C1000 \SystemRoot\system32\drivers\drmk.sys
0xF4C50000 \SystemRoot\system32\drivers\sysaudio.sys
0xF4315000 \SystemRoot\system32\drivers\wdmaud.sys
0xF42EA000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 38):
0 System Idle Process
4 System
400 C:\WINDOWS\system32\smss.exe
456 csrss.exe
480 C:\WINDOWS\system32\winlogon.exe
524 C:\WINDOWS\system32\services.exe
536 C:\WINDOWS\system32\lsass.exe
724 C:\WINDOWS\system32\svchost.exe
792 svchost.exe
832 C:\WINDOWS\system32\svchost.exe
872 C:\WINDOWS\system32\svchost.exe
928 svchost.exe
956 svchost.exe
1112 C:\WINDOWS\system32\spoolsv.exe
1160 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1208 svchost.exe
1420 C:\WINDOWS\explorer.exe
1440 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1544 C:\Program Files\Java\jre6\bin\jqs.exe
1672 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
168 C:\Program Files\Common Files\Java\Java Update\jusched.exe
172 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
180 C:\Program Files\Google\Google Talk\googletalk.exe
224 C:\Program Files\Messenger\msmsgs.exe
232 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
248 C:\WINDOWS\system32\ctfmon.exe
268 C:\Program Files\CraveWorldClock14\CWClock.exe
436 C:\Program Files\CraveWorldClock14\CWClock.exe
1076 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
2160 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
2188 alg.exe
2464 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
2532 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
3104 C:\Tata Photon+\Tata Photon+.exe
2000 C:\WINDOWS\RTHDCPL.EXE
1496 C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
2948 C:\Program Files\Mozilla Firefox\firefox.exe
2656 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`52c65e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001f`bcabf600 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200AAJS-60M0A0, Rev: 02.03E02
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A
Done!
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Dear Dave,
Thanks for you reply.
Don't mind I have already scanned with both of antivirus/malware but subject virus is still there in system which makes shortcuts when I insert pen drive in the system.
Recently I have been told to download and scan with http://free.antivirus.com/hijackthis/ (Trend Micro)
and I have log report which i am pasting it here.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:32:09 PM, on 3/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ProxyPD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/4.0/sidesearch.html?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/4.0/sidesearch.html?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://au.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.apac.etn.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = connect.eaton.com;rs.eportal.eaton.com;*tnv.com;*lmtas.com;htgapp*.dana.com;htgweb.v
pn.dana.com;*.homeheartbeat.com;portal.pw.utc.com;business.isabel.be;*.
corp.moeller.net;intranet.moeller.net;mis.moeller.
net;wtt.moeller.net;was.moeller.net;ctx.moeller.net;yambs.moeller.net;crm.moeller.cz;vip.moeller.net;
tintranet.moeller.net;statistik.moeller.net;www.moeller.net;legolas.
moeller*cz.com;127*;255.*;192.168.*;198.151.
185.90;192.251.51.118;192.149.86.0;198.147.174*;207.24.213*;206.18.202.35;209.195.
147.53;209.195.147.57;209.195.147.60;162.74.90.10;162.74.22.196;162.74.80.200;193.228.200*;192.127.
220.100;192.127.44.75;ecm.aero.bombardier.net;ecs.aero.
bombardier.net;ecs2.aero.bombardier.net;ecs6.
aero.bombardier.net;*.mau.dana.com;*.vpn.dana.com;*.wdl.dana.com;nacitrix.dana.com;*etn.
com;151.110.*;148.179.*;166.99.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;
172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,c:\program files\microsoft\watermark.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ProxyPD] %SystemRoot%\system32\ProxyPD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pareto_Update] C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
O4 - HKUS\S-1-5-21-602162358-1275210071-682003330-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-602162358-1275210071-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-602162358-1275210071-682003330-1004\..\Run: [Pareto_Update] C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [ETNPPD] Eaton Proxy Management Tools
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.gmail.com
O15 - Trusted Zone: http://www.rediffmail.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://easohsavos05.napa.ad.etn.com:4343/officescan//console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://easohsavos05.napa.ad.etn.com:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://easohsavos02.napa.ad.etn.com:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://easohsavos05.napa.ad.etn.com:4343/officescan//console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = napa.ad.etn.com
O17 - HKLM\Software\..\Telephony: DomainName = napa.ad.etn.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E65BFAB3-FB23-4F9A-A08B-0CB9050B6CEC}: NameServer = 172.31.50.10,151.110.50.27
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = napa.ad.etn.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
--
End of file - 8179 bytes
Still appreciate if you could suggest something on this.
Thanks!!
-
I can't help you if you don't follow my instructions and run the scans I want you to run. Also. DO NOT RUN any other tools unless I request it.
-
Dear Mr. Dave,
I have following your instructions. I have completed following steps.
1. downloaed Superantispyware and malware bytes and saved on my Desktop.
Before rurring superantivirus I checked following and left other options unchecked.
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Then rebooted system in safe mode and run superantivirus. 16 threats found. Restarted system
then run malwarebytes and 2 infected file found and restarted system to delete trojan agent.
But I believe virus is still there in system.
NOW MY QUESTION IS WITHOUT RESTARTING WILL I NEED TO RUN DNS FILE?
VIRUS NAME FOUND ON SYSTEM:
TROJAN.AGENT
HIJACK.USERINIT
Please suggest what is to be done now?
Thanks
-
NOW MY QUESTION IS WITHOUT RESTARTING WILL I NEED TO RUN DNS FILE?
No. Don't run anything unless I ask you to. I still need to see the DDS logs
-
I am pasting here all reports.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/17/2011 at 02:41 PM
Application Version : 4.49.1000
Core Rules Database Version : 6614
Trace Rules Database Version: 4423
Scan type : Complete Scan
Total Scan Time : 02:17:26
Memory items scanned : 215
Memory threats detected : 0
Registry items scanned : 6463
Registry threats detected : 0
File items scanned : 60232
File threats detected : 16
Trojan.Agent/Gen-FakeAlert
C:\PROGRAM FILES\ADOBE\READER 9.0\READER\ACRORD32INFOMGR.EXE
C:\PROGRAM FILES\ADOBE\READER 9.0\READER\ACRORD32MGR.EXE
C:\PROGRAM FILES\ADOBE\READER 9.0\READER\LOGTRANSPORT2MGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLOREMGR.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVACPLMGR.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVAMGR.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVAWMGR.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JQSMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\EXCELMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\WINWORDMGR.EXE
D:\BACKUP 02.04.08\OFCSCAN\ADMIN\IMGSETUPMGR.EXE
D:\BACKUP 02.04.08\OFCSCAN\ADMIN\SETUPUSRMGR.EXE
D:\BACKUP 02.04.08\OFCSCAN\AUTOPCCPMGR.EXE
D:\BACKUP 02.04.08\OFCSCAN\OFCUPDMGR.EXE
Trojan.Agent/Gen-Ramnit
C:\PROGRAM FILES\ADOBE\READER 9.0\READER\CCME_BASE.DLL
Trojan.Agent/Gen-AppX
C:\PROGRAM FILES\NETTERM\NETFTPD.EXE
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
3/17/2011 3:07:21 PM
mbam-log-2011-03-17 (15-07-21).txt
Scan type: Quick scan
Objects scanned: 158477
Time elapsed: 7 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,c:\program files\microsoft\watermark.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\microsoft\watermark.exe (Trojan.Agent) -> Delete on reboot.
-
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by C9986880 at 13:47:12.80 on Fri 03/18/2011
Internet Explorer: 6.0.2900.5512
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyServer = proxy.apac.etn.com:8080
uInternet Settings,ProxyOverride = connect.eaton.com;rs.eportal.eaton.com;*tnv.com;*lmtas.com;htgapp*.dana.com;htgweb.vpn.dana.com;*.
homeheartbeat.com;portal.pw.utc.com;business.isabel.be;*.
corp.moeller.net;intranet.moeller.net;mis.moeller.net;wtt.moeller.net;was.moeller.net;ctx.moeller.net;yambs.moeller.net;crm.moeller.cz;
vip.moeller.net;tintranet.moeller.net;
statistik.moeller.net;www.moeller.
net;legolas.moeller*cz.com;127*;255.*;192.168.*;198.151.185.90;192.251.51.118;192.149.86.0;198.147.174*;207.24.213*;206.18.202.
35;209.195.147.53;209.195.147.57;209.195.147.60;162.74.90.10;1
62.74.22.196;162.74.80.200;193.228.200*;192.127.220.100;192.127.44.75;ecm.aero.bombardier.net;ecs.aero.bombardier.net;ecs2.aero.
bombardier.net;ecs6.aero.bombardier.net;*.mau.dana.com;*.vpn.dana.
com;*.wdl.dana.com;nacitrix.dana.com;*etn.com;151.110.*;148.179.*;166.99.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;1
72.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;
172.30.*;172.31.*;10.*;<local>
mWinlogon: Userinit=userinit.exe,,c:\program files\microsoft\watermark.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ProxyPD] %SystemRoot%\system32\ProxyPD.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://easohsavos05.napa.ad.etn.com:4343/officescan//console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://easohsavos05.napa.ad.etn.com:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://easohsavos05.napa.ad.etn.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://easohsavos02.napa.ad.etn.com:4343/officescan/console/html/root/AtxEnc.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://easohsavos05.napa.ad.etn.com:4343/officescan//console/html/ClientInstall/RemoveCtrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E65BFAB3-FB23-4F9A-A08B-0CB9050B6CEC} = 172.31.50.10,151.110.50.27
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-18 08:13:48 388096 ----a-r- c:\docume~1\c9986880\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-18 08:13:47 -------- d-----w- c:\program files\Trend Micro
2011-03-18 03:55:43 232813 ----a-w- c:\program files\internet explorer\iexploremgr.exe
2011-03-17 03:42:26 -------- d-----w- c:\docume~1\c9986880\applic~1\Malwarebytes
2011-03-16 11:36:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 11:36:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-16 11:36:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 08:23:48 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-03-10 12:14:00 -------- d-----w- c:\program files\Free Window Registry Repair
2011-03-08 11:46:32 -------- d-----w- c:\docume~1\c9986880\applic~1\GlarySoft
2011-03-08 10:08:44 -------- d-----w- c:\program files\Glary Utilities
2011-03-04 05:50:11 -------- d-----w- c:\program files\CCleaner
2011-02-22 07:32:50 -------- d-----w- c:\windows\system32\Adobe
2011-02-21 11:17:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-16 09:32:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30:29 369664 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:47:52.75 ===============
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2
ATI Display Driver
Broadcom Gigabit Integrated Controller
CCleaner
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
DJ_AIO_03_F2200_Software
Free Window Registry Repair
Glary Utilities 2.32.0.1126
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
hppFonts
hppscan3390
hppScanTo
Hydraulic Training Simulations
IE5 Registration
Interactive Hydraulics Designer
Java Auto Updater
Java(TM) 6 Update 23
LaserAIO
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
QFolder
QuickTime
Scan
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Volo View Express
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows XP Service Pack 3
.
==== End Of File ===========================
-
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Free Window Registry Repair
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
**************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy and pate the contents of these files, one at a time, into your next reply.
Note: You may need two or more posts to fit them all in.
******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
OTL logfile created on: 3/21/2011 11:37:09 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 19.29 Gb Free Space | 65.86% Space Free | Partition Type: NTFS
Drive D: | 45.20 Gb Total Space | 32.21 Gb Free Space | 71.24% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.66 Gb Free Space | 98.24% Space Free | Partition Type: FAT32
Computer Name: PUNINW-DELHI | User Name: vikers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ProxyPD.exe (Eaton Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
========== Modules (SafeList) ==========
MOD - F:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Tally License Server) Tally License Server (NT) -- File not found
SRV - (Net Driver HPZ12) -- File not found
SRV - (hpqcxs08) -- File not found
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.in/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.apac.etn.com:8080
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ProxyPD] C:\WINDOWS\system32\ProxyPD.exe (Eaton Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: etn.com ([easohsavos05.napa.ad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmail.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rediffmail.com ([www] http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://easohsavos05.napa.ad.etn.com:4343/officescan//console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://easohsavos05.napa.ad.etn.com:4343/officescan/console/html/ClientInstall/setupini.cab (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://easohsavos05.napa.ad.etn.com:4343/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://easohsavos02.napa.ad.etn.com:4343/officescan/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://easohsavos05.napa.ad.etn.com:4343/officescan//console/html/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = napa.ad.etn.com
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe ()
O24 - Desktop WallPaper: C:\WINDOWS\Greenstone.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Greenstone.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/21 11:37:20 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d916bc69-0145-11dd-a9b8-faaa4a14e3b6}\Shell\AutoRun\command - "" = F:\p3r1ud.exe
O33 - MountPoints2\{d916bc69-0145-11dd-a9b8-faaa4a14e3b6}\Shell\explore\Command - "" = F:\p3r1ud.exe
O33 - MountPoints2\{d916bc69-0145-11dd-a9b8-faaa4a14e3b6}\Shell\open\Command - "" = F:\p3r1ud.exe
O33 - MountPoints2\{d916bc6a-0145-11dd-a9b8-faaa4a14e3b6}\Shell\AutoRun\command - "" = G:\p3r1ud.exe
O33 - MountPoints2\{d916bc6a-0145-11dd-a9b8-faaa4a14e3b6}\Shell\explore\Command - "" = G:\p3r1ud.exe
O33 - MountPoints2\{d916bc6a-0145-11dd-a9b8-faaa4a14e3b6}\Shell\open\Command - "" = G:\p3r1ud.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/17 12:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/16 17:06:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/16 17:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/16 17:06:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/16 17:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/11 13:56:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/03/11 13:52:38 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/03/11 13:52:38 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/03/11 13:47:46 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/03/11 13:39:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/03/11 13:28:00 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/03/10 17:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vikers\Start Menu\Programs\Free Window Registry Repair
[2011/03/10 17:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/03/09 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/08 15:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vikers\Application Data\GlarySoft
[2011/03/08 15:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2011/03/08 15:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/03/04 13:25:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vikers\Recent
[2011/03/04 13:16:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/04 11:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/22 13:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/02/22 12:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vikers\Application Data\GetRightToGo
[2011/02/22 12:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vikers\My Documents\Downloads
[2011/02/21 16:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vikers\Application Data\Malwarebytes
[2011/02/21 16:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[51 C:\Documents and Settings\vikers\My Documents\*.tmp files -> C:\Documents and Settings\vikers\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/21 11:40:57 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2011/03/21 11:34:50 | 000,028,529 | ---- | M] () -- C:\WINDOWS\netterm.ini
[2011/03/21 09:40:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 09:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/16 10:10:26 | 000,000,208 | ---- | M] () -- C:\WINDOWS\POD.INI
[2011/03/14 13:18:51 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011/03/14 13:13:21 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/14 13:03:06 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 13:04:29 | 000,000,256 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/03/08 15:38:50 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/02/23 14:03:16 | 000,016,846 | ---- | M] () -- C:\WINDOWS\Ofcscan.ini
[51 C:\Documents and Settings\vikers\My Documents\*.tmp files -> C:\Documents and Settings\vikers\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/14 12:34:04 | 000,028,529 | ---- | C] () -- C:\WINDOWS\netterm.ini
[2011/03/11 14:13:47 | 000,001,809 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/03/08 15:38:50 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/02/23 14:03:16 | 000,016,846 | ---- | C] () -- C:\WINDOWS\Ofcscan.ini
[2011/01/28 19:34:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2009/05/14 10:35:23 | 000,000,208 | ---- | C] () -- C:\WINDOWS\POD.INI
[2009/03/27 17:31:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2009/03/27 17:31:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/27 17:31:26 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
[2009/03/27 17:31:06 | 000,013,451 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
[2009/03/27 17:31:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2009/03/27 17:26:31 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/27 17:22:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/27 17:03:05 | 000,007,753 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2009/02/27 10:44:55 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/02/27 10:44:55 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/02/27 10:44:14 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/02/27 10:44:13 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/02/27 10:44:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/02/27 10:33:08 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/25 16:21:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DeskTopBird_K.ini
[2009/02/24 14:21:12 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2009/01/22 12:35:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2009/01/22 12:26:12 | 000,000,372 | ---- | C] () -- C:\WINDOWS\EMICLOCK.INI
[2008/11/21 16:26:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/05 12:54:32 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/11/05 12:54:32 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/10/17 10:17:49 | 000,000,131 | ---- | C] () -- C:\WINDOWS\ra.ini
[2008/09/24 14:43:44 | 000,009,391 | ---- | C] () -- C:\WINDOWS\cfgspyrt.ini
[2008/09/24 14:43:42 | 000,010,348 | ---- | C] () -- C:\WINDOWS\cfgrt.ini
[2008/09/24 14:17:38 | 000,010,254 | ---- | C] () -- C:\WINDOWS\cfgrt_ex.ini
[2008/06/21 18:52:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/15 14:52:35 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2008/04/15 14:02:55 | 000,019,051 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008/04/08 20:52:27 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\vikers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 10:30:33 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\vikers\Local Settings\Application Data\fusioncache.dat
[2008/04/03 17:04:42 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/03 17:02:45 | 000,322,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/03 13:37:12 | 000,000,344 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/04/03 13:37:01 | 000,001,568 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/04/03 12:11:51 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/03 12:01:46 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/03 11:45:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/03 11:40:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/02 11:28:09 | 000,093,878 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/06 05:34:24 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2007/07/06 05:34:22 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DAT
[2005/03/22 07:18:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 07:18:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 17:30:00 | 000,445,258 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 17:30:00 | 000,076,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 17:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 17:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/03/05 11:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/21 17:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/03/15 17:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/15 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/05/21 14:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/15 17:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/23 17:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/21 14:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\DriverCure
[2011/02/22 12:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\GetRightToGo
[2011/03/08 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\GlarySoft
[2008/11/21 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\Leadertech
[2010/03/18 13:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\Nokia
[2010/04/26 13:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\PC Suite
[2010/07/26 16:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\Rediff.com
[2009/02/23 18:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\Teleca
[2010/04/16 14:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vikers\Application Data\Uniblue
[2010/05/21 14:01:55 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/03/08 15:38:50 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
-
OTL Extras logfile created on: 3/21/2011 11:37:09 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 19.29 Gb Free Space | 65.86% Space Free | Partition Type: NTFS
Drive D: | 45.20 Gb Total Space | 32.21 Gb Free Space | 71.24% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.66 Gb Free Space | 98.24% Space Free | Partition Type: FAT32
Computer Name: PUNINW-DELHI | User Name: vikers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"63022:TCP" = 63022:TCP:*:Enabled:Trend Micro OfficeScan Listener
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Documents and Settings\vikers\Desktop\ChromeSetup.exe" = C:\Documents and Settings\vikers\Desktop\ChromeSetup.exe:*:Enabled:ChromeSetup
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"E:\setup\hppapd.exe" = E:\setup\hppapd.exe:*:Enabled:hppapd.exe
"E:\setup\HPPNICIFS01.EXE" = E:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe
"E:\setup\HPNTWKEXE.EXE" = E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D7B5C64-1CAD-4FBD-988A-D6767CFECE8D}" = hppScanTo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}" = IE5 Registration
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5E31EEE-CD8A-4E01-87F1-119C4A3201FD}" = hppscan3390
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Free Window Registry Repair" = Free Window Registry Repair
"Glary Utilities_is1" = Glary Utilities 2.32.0.1126
"Hydraulic Training Simulations" = Hydraulic Training Simulations
"Interactive Hydraulics Designer" = Interactive Hydraulics Designer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"QuickTime" = QuickTime
"Volo View Express" = Volo View Express
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/18/2008 1:04:28 AM | Computer Name = PUNINW-DELHI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2180, fault address 0x00098e09.
Error - 9/18/2008 1:04:39 AM | Computer Name = PUNINW-DELHI | Source = Application Error | ID = 1001
Description = Fault bucket 130592454.
Error - 9/19/2008 12:38:49 AM | Computer Name = PUNINW-DELHI | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 9/19/2008 2:36:10 AM | Computer Name = PUNINW-DELHI | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8169.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/19/2008 2:53:00 AM | Computer Name = PUNINW-DELHI | Source = Application Hang | ID = 1002
Description = Hanging application conf.exe, version 5.1.2600.2180, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/19/2008 2:53:03 AM | Computer Name = PUNINW-DELHI | Source = Application Hang | ID = 1002
Description = Hanging application conf.exe, version 5.1.2600.2180, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/22/2008 12:33:12 AM | Computer Name = PUNINW-DELHI | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 9/22/2008 8:20:07 AM | Computer Name = PUNINW-DELHI | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 9/22/2008 11:45:04 PM | Computer Name = PUNINW-DELHI | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 9/22/2008 11:46:05 PM | Computer Name = PUNINW-DELHI | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
-
Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
-
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: etn.com ([easohsavos05.napa.ad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmail.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rediffmail.com ([www] http in Trusted sites)
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
-
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\etn.com\easohsavos05.napa.ad\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gmail.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rediffmail.com\www\ deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: C9986880
->Temp folder emptied: 2073359 bytes
->Temporary Internet Files folder emptied: 2683793 bytes
->Java cache emptied: 3524 bytes
->Flash cache emptied: 734 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: E5250045
->Temp folder emptied: 2992672 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 12713141 bytes
->Flash cache emptied: 2415 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: vikers
->Temp folder emptied: 971644 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 12861056 bytes
->Flash cache emptied: 1528823 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1347 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3398 bytes
Total Files Cleaned = 36.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03222011_093815
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
ok
-
You're supposed to post the log so I can analyze it.
-
Dear Sir,
I have installed ComboFix and scanned my computer. It has completed stage 50 and then deleted files desktop.ini, watermark.exe and many other files names of which I could not remember.
After that system restarted and msg appeared on screen ComboFix log running and do not run any programe until it has finished.
Immediately after that msg came "Access is denied".
I had no other option to close the window.
My system is on LAN connection and may be my IT deptt. has not gave me permission to run all programme.
Kindly suggest what needs to be done now.
Regards,
Abhay
-
Is this a business computer?
-
This is my company's property and I am using the same system in my office.
-
I'm sorry. You really should go to your IT dept for help. They may have installed a lot of restrictions that will prevent me from running scans.
-
ok..
And Thanks for your time.
Could you please tell me how to remove combofix completely from my system. I am unable to uninstall it, neither it can be deleted.
-
You can try this:
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.